Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Diagnostic Malware / Slow Laptop

Started by dtekka , Nov 22 2011 03:50 AM

  • Please log in to reply

#1
dtekka
Posted 22 November 2011 - 03:50 AM

dtekka

    Member

  • Member
  • PipPipPip
  • 174 posts
A friend gave me their laptop and said they had a bad hard drive. I started it to find windows diagnostic. I knew that this was a virus so I went on google and followed a step by step from bleepingcomputer. I got rid of the virus, but the computer actually seems to have a bad hard drive. I am using it currently, and it boots up fine. The things I notice that are wrong with it are, one it runs fairly slow, two the hard drive makes the normal crunching noise but then I hear a rythmic short crunch, spin, crunch. It does this for about 30 seconds and everything responds very slow. What I'm wondering is, is there any lingering malware/viruses that are causing this? I posted a otl log below. I've already backed up everything on the hard drive, but I'd still like to get rid of the rest of the malware/viruses if there are any. I know I wasn't supposed to do anyhting before I posted this, but I did run malware bytes per the instructions on bleepingcomputer.


OTL logfile created on: 11/22/2011 3:25:04 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 51.00% Memory free
5.70 Gb Paging File | 4.26 Gb Available in Paging File | 74.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.06 Gb Total Space | 63.04 Gb Free Space | 45.33% Space Free | Partition Type: NTFS
Drive D: | 9.99 Gb Total Space | 1.73 Gb Free Space | 17.34% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/22 03:23:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 00:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/14 00:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/12/13 20:48:46 | 000,028,766 | ---- | M] (MyFunCards) -- C:\Program Files\MyFunCardsbarIE\bar\1.bin\c8barsvc.exe
PRC - [2010/12/13 20:48:46 | 000,020,480 | ---- | M] (MyFunCards) -- C:\Program Files\MyFunCardsbarIE\bar\1.bin\c8brmon.exe
PRC - [2010/01/26 18:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/06/30 19:45:56 | 000,423,016 | ---- | M] (Altnet Inc.) -- C:\Program Files\Altnet Music Plugin\AMPMDM.exe
PRC - [2009/01/16 06:32:14 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/10 02:27:18 | 000,033,280 | ---- | M] (ATT) -- C:\Program Files\AT&T\Communication Manager\ATTCM.exe
PRC - [2008/05/23 21:01:54 | 000,106,496 | ---- | M] (PCTEL) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
PRC - [2008/05/23 21:00:48 | 000,118,784 | ---- | M] (PCTEL) -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
PRC - [2008/04/16 12:55:02 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe
PRC - [2008/04/16 12:52:28 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/03/26 16:26:56 | 000,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/02/11 23:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe
PRC - [2008/01/20 20:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/18 01:48:03 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/11/18 01:47:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/11/18 01:33:56 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/11/18 01:33:26 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/11/18 01:33:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/11/18 01:31:32 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/11/18 01:31:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/06/20 03:47:10 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3009.39983__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/06/20 03:47:10 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3009.39941__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/06/20 03:47:10 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3009.39997__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/06/20 03:47:10 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3009.40172__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/06/20 03:47:10 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3009.40135__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/06/20 03:47:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3009.39975__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/06/20 03:47:10 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/06/20 03:47:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3009.39962__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/06/20 03:47:09 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3009.40202__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/06/20 03:46:39 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3009.40143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/06/20 03:46:39 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3009.40208__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/06/20 03:46:39 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3009.40149__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/06/20 03:46:39 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3009.39955__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/06/20 03:46:39 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3009.40142__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/06/20 03:46:38 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3009.40201__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008/06/20 03:46:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3009.40200__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008/06/20 03:46:37 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/06/20 03:46:37 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3009.40010__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/06/20 03:46:37 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3009.40089__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/06/20 03:46:37 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3009.39963__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/06/20 03:46:37 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3009.40163__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/06/20 03:46:37 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3009.40129__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008/06/20 03:46:37 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3009.40017__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008/06/20 03:46:37 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3009.40004__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/06/20 03:46:37 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3009.40116__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/06/20 03:46:37 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/06/20 03:46:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/06/20 03:46:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3009.40016__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/06/20 03:46:37 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3009.40115__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/06/20 03:46:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3009.40128__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/06/20 03:46:36 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3009.40095__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/06/20 03:46:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3009.40101__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/06/20 03:46:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/06/20 03:46:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/06/20 03:46:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/06/20 03:46:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/06/20 03:46:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/06/20 03:46:36 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/06/20 03:46:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/06/20 03:46:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/06/20 03:46:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/06/20 03:46:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/06/20 03:46:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/06/20 03:46:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/06/20 03:46:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/06/20 03:46:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/06/20 03:46:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/06/20 03:46:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/06/20 03:46:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/06/20 03:46:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/06/20 03:46:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/06/20 03:46:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/06/20 03:46:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/06/20 03:46:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/06/20 03:46:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/06/20 03:46:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/06/20 03:46:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/06/20 03:46:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/06/20 03:46:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/06/20 03:46:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/06/20 03:46:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/06/20 03:46:24 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3009.40194__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/06/20 03:46:24 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3009.40193__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/06/20 03:46:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/06/20 03:46:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3009.40217__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/06/20 03:46:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/06/20 03:46:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/06/20 03:46:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/06/20 03:46:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/06/20 03:46:24 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3009.40228__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008/06/20 03:46:24 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/06/20 03:46:23 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3009.39949__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/06/20 03:46:23 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3009.39969__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/06/20 03:46:23 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3009.40186__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/06/20 03:46:23 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/06/20 03:46:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/06/20 03:46:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/06/20 03:46:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/06/20 03:46:22 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3009.39934__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/06/20 03:46:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3009.40194__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/06/20 03:46:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/06/20 03:46:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/06/20 03:46:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3009.39931__90ba9c70f846762e\APM.Server.dll
MOD - [2008/06/20 03:46:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3009.39932__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/05/23 20:59:12 | 000,708,608 | ---- | M] () -- C:\Program Files\AT&T\Communication Manager\OutlookViewer.dll
MOD - [2008/05/23 20:58:38 | 000,102,400 | ---- | M] () -- C:\Program Files\AT&T\Communication Manager\Pac.dll
MOD - [2008/05/23 20:56:54 | 000,061,440 | ---- | M] () -- C:\Program Files\AT&T\Communication Manager\Eap.dll
MOD - [2008/05/23 20:52:54 | 000,041,472 | ---- | M] () -- C:\Program Files\AT&T\Communication Manager\zlib.dll
MOD - [2008/05/14 23:56:52 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008/05/14 23:56:46 | 000,120,216 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008/05/14 23:56:46 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2008/05/14 23:56:42 | 000,259,480 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008/05/14 23:56:42 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2008/03/28 03:19:10 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/02/27 15:48:46 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 00:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/13 20:48:46 | 000,028,766 | ---- | M] (MyFunCards) [Auto | Running] -- C:\Program Files\MyFunCardsbarIE\bar\1.bin\c8barsvc.exe -- (MyFunCardsbarIEService)
SRV - [2010/06/22 01:10:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/23 21:01:54 | 000,106,496 | ---- | M] (PCTEL) [On_Demand | Running] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2008/05/23 21:00:48 | 000,118,784 | ---- | M] (PCTEL) [On_Demand | Running] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
SRV - [2008/04/16 12:55:02 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe -- (STacSV)
SRV - [2008/03/26 16:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/11 23:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 15:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/08 13:03:28 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/05/23 20:52:54 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2008/05/23 20:52:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/05/14 23:56:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2008/04/27 12:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/16 12:58:24 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/04/14 16:56:18 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008/04/14 13:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/28 05:24:16 | 003,544,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/02/29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/23 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/10 20:59:44 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV - [2008/01/10 20:58:48 | 000,165,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV - [2008/01/07 14:42:04 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Amddfltr.sys -- (Amddfltr)
DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 01:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/10/29 14:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {55b8f6ed-2800-4f27-974a-80ef13a91083} - C:\Program Files\MyFunCardsbarIE\bar\1.bin\c8SrcAs.dll (MyFunCards)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/05/22 20:49:09 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/11/17 15:37:40 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Toolbar BHO) - {664a876f-a887-4016-abb7-423f1129d6ca} - C:\Program Files\MyFunCardsbarIE\bar\1.bin\c8bar.dll (MyFunCards)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Search Assistant BHO) - {a53d3e99-2d75-4752-a2b4-b2c727d7df8c} - C:\Program Files\MyFunCardsbarIE\bar\1.bin\c8SrcAs.dll (MyFunCards)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (MyFunCards) - {4b3b7746-935c-48e9-95cd-a855419cdef0} - C:\Program Files\MyFunCardsbarIE\bar\1.bin\c8bar.dll (MyFunCards)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MyFunCards) - {4B3B7746-935C-48E9-95CD-A855419CDEF0} - C:\Program Files\MyFunCardsbarIE\bar\1.bin\c8bar.dll (MyFunCards)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MyFunCardsbarIE Browser Plugin Loader] C:\Program Files\MyFunCardsbarIE\bar\1.bin\c8brmon.exe (MyFunCards)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ampmdm] C:\Program Files\Altnet Music Plugin\AMPMDM.exe (Altnet Inc.)
O4 - HKCU..\Run: [Search Protection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" File not found
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BE51EC3-E901-4588-93BE-EA1EE3115A46}: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9736F295-7F90-47A2-9E25-B43826764F99}: DhcpNameServer = 209.183.33.23 209.183.35.23
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/22 20:20:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{78311f39-59a6-11df-83c6-001e6881a8a7}\Shell - "" = AutoRun
O33 - MountPoints2\{78311f39-59a6-11df-83c6-001e6881a8a7}\Shell\AutoRun\command - "" = F:\WIN\setup.exe
O33 - MountPoints2\{97b899fc-93f1-11de-a2d6-001e6881a8a7}\Shell - "" = AutoRun
O33 - MountPoints2\{97b899fc-93f1-11de-a2d6-001e6881a8a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e427e621-5f8a-11dd-a422-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e427e621-5f8a-11dd-a422-806e6f6e6963}\Shell\AutoRun\command - "" = E:\mri.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/22 03:23:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/11/18 08:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/11/18 08:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/18 01:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/17 16:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/17 16:19:19 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/17 16:19:18 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/17 16:19:16 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/17 16:19:15 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/17 16:19:14 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/17 16:19:13 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/17 16:17:52 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/17 16:17:50 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/17 16:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/17 16:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/17 15:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/11/17 15:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/17 15:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/11/17 15:09:51 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Secunia PSI
[2011/11/17 15:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/11/17 13:30:56 | 001,754,456 | ---- | C] (Secunia) -- C:\Users\owner\Desktop\PSISetup.exe
[2011/11/17 01:00:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2011/11/17 01:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/16 23:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/16 23:57:03 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/16 23:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Users\owner\Documents\*.tmp files -> C:\Users\owner\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/22 03:23:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2011/11/22 03:19:22 | 000,000,267 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/11/22 03:19:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/22 03:18:40 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 03:18:40 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 03:18:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/22 03:18:28 | 2950,520,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/20 20:13:49 | 006,734,866 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/20 20:13:49 | 002,296,650 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/20 20:12:57 | 000,087,552 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/20 18:02:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/20 17:29:40 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/11/18 01:27:47 | 000,312,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/17 16:19:20 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/17 16:19:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/17 13:31:00 | 001,754,456 | ---- | M] (Secunia) -- C:\Users\owner\Desktop\PSISetup.exe
[2011/11/17 01:00:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 00:08:40 | 001,008,092 | ---- | M] () -- C:\Users\owner\Documents\iExplore.exe
[1 C:\Users\owner\Documents\*.tmp files -> C:\Users\owner\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 17:29:40 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/11/20 17:29:40 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/11/17 16:19:20 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/17 15:22:36 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/11/17 01:00:02 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/17 00:08:31 | 001,008,092 | ---- | C] () -- C:\Users\owner\Documents\iExplore.exe
[2011/03/20 19:08:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~42393352r
[2011/03/20 19:08:19 | 000,000,104 | ---- | C] () -- C:\ProgramData\~42393352
[2011/03/20 19:08:12 | 000,000,392 | ---- | C] () -- C:\ProgramData\42393352
[2010/05/08 13:16:43 | 000,026,504 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/11/12 13:16:37 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/10/29 19:30:30 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2008/10/26 20:01:33 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2008/09/14 22:27:07 | 000,087,552 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/14 07:10:52 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/14 07:10:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/20 04:18:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/05/22 20:36:31 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/03/28 03:19:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/03/28 02:51:08 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/05 13:40:54 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/03 22:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,312,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 006,734,866 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 002,296,650 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/08 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2011/11/18 08:28:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\BitTorrent
[2010/05/07 01:08:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Sierra Wireless
[2008/10/26 20:01:34 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template
[2011/11/18 08:28:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\uTorrent
[2009/04/18 00:21:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WildTangent
[2011/11/20 20:19:32 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 22 November 2011 - 11:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
[2011/03/20 19:08:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~42393352r
[2011/03/20 19:08:19 | 000,000,104 | ---- | C] () -- C:\ProgramData\~42393352
[2011/03/20 19:08:12 | 000,000,392 | ---- | C] () -- C:\ProgramData\42393352

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[RESETHOSTS]
[EMPTYJAVA]
[EMPTYFLASH]
[purity]
[Reboot]

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
dtekka
Posted 23 November 2011 - 04:19 AM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Here is the Combofix log

ComboFix 11-11-22.03 - owner 11/23/2011 3:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2813.1752 [GMT -6:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\MYFUNC~2\bar\1.bin\c8BAr.dll
c:\program files\MyFunCardsbarIE\bar\1.bin\c8BAr.dll
c:\program files\MyFunCardsbarIE\bar\1.bin\c8SRcas.dll
c:\programdata\ntuser.dat
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic\Uninstall Windows Diagnostic.lnk
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic\Windows Diagnostic.lnk
c:\users\owner\Documents\~WRL0210.tmp
c:\users\owner\Documents\iexplore.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 09:50 . 2011-11-23 09:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-23 09:25 . 2011-11-23 09:25 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F7E42F-F0C7-4366-9239-D727208734B5}\offreg.dll
2011-11-23 09:23 . 2011-11-23 09:23 -------- d-----w- C:\_OTL
2011-11-22 09:26 . 2011-10-18 07:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F7E42F-F0C7-4366-9239-D727208734B5}\mpengine.dll
2011-11-18 14:27 . 2011-11-18 14:27 -------- d-----w- c:\program files\CCleaner
2011-11-18 07:41 . 2011-11-18 07:41 -------- d-----w- c:\program files\ESET
2011-11-17 22:19 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-17 22:19 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-17 22:19 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-17 22:19 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-17 22:19 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-17 22:19 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-17 22:17 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-17 22:17 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-17 22:17 . 2011-11-17 22:17 -------- d-----w- c:\programdata\AVAST Software
2011-11-17 22:17 . 2011-11-17 22:17 -------- d-----w- c:\program files\AVAST Software
2011-11-17 21:28 . 2011-11-17 21:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-17 21:21 . 2011-11-17 21:22 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-17 21:09 . 2011-11-17 21:09 -------- d-----w- c:\users\owner\AppData\Local\Secunia PSI
2011-11-17 21:09 . 2011-11-17 21:09 -------- d-----w- c:\program files\Secunia
2011-11-17 11:43 . 2011-04-14 14:24 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-11-17 11:43 . 2011-02-16 15:29 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-11-17 11:43 . 2011-02-16 13:24 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-11-17 11:41 . 2011-05-02 16:00 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-11-17 11:41 . 2011-02-16 15:35 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-11-17 11:41 . 2010-12-20 15:39 563200 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-17 11:41 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-11-17 11:41 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-11-17 11:41 . 2011-05-02 15:58 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-17 11:41 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-11-17 11:41 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-11-17 11:07 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 07:00 . 2011-11-17 07:00 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2011-11-17 05:57 . 2011-11-17 05:57 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 05:57 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-17 05:56 . 2011-11-17 07:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ampmdm"="c:\program files\Altnet Music Plugin\AMPMDM.exe" [2009-07-01 423016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-16 442433]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-06-10 33280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"MyFunCardsbarIE Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\c8brmon.exe" [2010-12-14 20480]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-4-13 333088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-05-24 106496]
R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [2008-05-24 118784]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [2008-01-11 165248]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [2008-01-11 142976]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-01-07 15416]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2008-05-15 61424]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-02-12 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 MyFunCardsbarIEService;MyFunCards Service;c:\progra~1\MYFUNC~2\bar\1.bin\c8barsvc.exe [2010-12-14 28766]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:03]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:03]
.
2011-03-05 c:\windows\Tasks\HPCeeScheduleForowner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-23 03:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{55b8f6ed-2800-4f27-974a-80ef13a91083} - c:\program files\MyFunCardsbarIE\bar\1.bin\c8SrcAs.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-hpqSRMon - (no file)
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 03:51
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-23 04:06:09
ComboFix-quarantined-files.txt 2011-11-23 10:05
.
Pre-Run: 66,528,096,256 bytes free
Post-Run: 66,453,307,392 bytes free
.
- - End Of File - - 17D9791B4A173E54CD249BBE83C4E1CF







Here is the TDSSKiller log

04:10:42.0847 5320 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
04:10:43.0122 5320 ============================================================
04:10:43.0122 5320 Current date / time: 2011/11/23 04:10:43.0122
04:10:43.0122 5320 SystemInfo:
04:10:43.0122 5320
04:10:43.0122 5320 OS Version: 6.0.6001 ServicePack: 1.0
04:10:43.0122 5320 Product type: Workstation
04:10:43.0122 5320 ComputerName: OWNER-PC
04:10:43.0123 5320 UserName: owner
04:10:43.0123 5320 Windows directory: C:\Windows
04:10:43.0123 5320 System windows directory: C:\Windows
04:10:43.0123 5320 Processor architecture: Intel x86
04:10:43.0123 5320 Number of processors: 2
04:10:43.0123 5320 Page size: 0x1000
04:10:43.0123 5320 Boot type: Normal boot
04:10:43.0123 5320 ============================================================
04:10:44.0473 5320 Initialize success
04:10:52.0983 4732 ============================================================
04:10:52.0983 4732 Scan started
04:10:52.0983 4732 Mode: Manual;
04:10:52.0984 4732 ============================================================
04:10:54.0345 4732 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
04:10:54.0347 4732 Accelerometer - ok
04:10:54.0392 4732 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
04:10:54.0397 4732 ACPI - ok
04:10:54.0462 4732 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
04:10:54.0466 4732 adp94xx - ok
04:10:54.0543 4732 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
04:10:54.0823 4732 adpahci - ok
04:10:54.0895 4732 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
04:10:55.0188 4732 adpu160m - ok
04:10:55.0203 4732 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
04:10:55.0205 4732 adpu320 - ok
04:10:55.0388 4732 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
04:10:55.0391 4732 AFD - ok
04:10:55.0483 4732 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
04:10:55.0492 4732 AgereSoftModem - ok
04:10:55.0730 4732 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
04:10:55.0732 4732 agp440 - ok
04:10:55.0807 4732 ahcix86s (e331924fdf522cd7cea1b647503784e8) C:\Windows\system32\DRIVERS\ahcix86s.sys
04:10:55.0809 4732 ahcix86s - ok
04:10:55.0829 4732 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:10:55.0831 4732 aic78xx - ok
04:10:55.0859 4732 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
04:10:55.0860 4732 aliide - ok
04:10:55.0958 4732 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
04:10:55.0959 4732 amdagp - ok
04:10:56.0026 4732 Amddfltr (bafec23fc76ab781dfe9169f9b8dbebb) C:\Windows\system32\DRIVERS\Amddfltr.sys
04:10:56.0027 4732 Amddfltr - ok
04:10:56.0061 4732 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
04:10:56.0061 4732 amdide - ok
04:10:56.0154 4732 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
04:10:56.0155 4732 AmdK7 - ok
04:10:56.0176 4732 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
04:10:56.0177 4732 AmdK8 - ok
04:10:56.0321 4732 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
04:10:56.0323 4732 arc - ok
04:10:56.0357 4732 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
04:10:56.0361 4732 arcsas - ok
04:10:56.0410 4732 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
04:10:56.0412 4732 aswFsBlk - ok
04:10:56.0518 4732 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
04:10:56.0519 4732 aswMonFlt - ok
04:10:56.0560 4732 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
04:10:56.0561 4732 aswRdr - ok
04:10:56.0637 4732 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
04:10:57.0232 4732 aswSnx - ok
04:10:57.0365 4732 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
04:10:57.0704 4732 aswSP - ok
04:10:57.0814 4732 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
04:10:57.0817 4732 aswTdi - ok
04:10:57.0879 4732 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
04:10:57.0881 4732 AsyncMac - ok
04:10:57.0962 4732 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
04:10:58.0266 4732 atapi - ok
04:10:58.0356 4732 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
04:10:58.0369 4732 athr - ok
04:10:58.0593 4732 atikmdag (5000e60040e45b3e72791b19e1ced1e9) C:\Windows\system32\DRIVERS\atikmdag.sys
04:10:58.0639 4732 atikmdag - ok
04:10:58.0732 4732 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
04:10:58.0734 4732 AtiPcie - ok
04:10:58.0844 4732 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
04:10:58.0860 4732 BCM43XV - ok
04:10:58.0952 4732 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
04:10:58.0953 4732 Beep - ok
04:10:59.0012 4732 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
04:10:59.0013 4732 blbdrive - ok
04:10:59.0084 4732 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
04:10:59.0085 4732 bowser - ok
04:10:59.0171 4732 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:10:59.0172 4732 BrFiltLo - ok
04:10:59.0208 4732 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:10:59.0209 4732 BrFiltUp - ok
04:10:59.0261 4732 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:10:59.0263 4732 Brserid - ok
04:10:59.0288 4732 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:10:59.0289 4732 BrSerWdm - ok
04:10:59.0410 4732 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:10:59.0411 4732 BrUsbMdm - ok
04:10:59.0455 4732 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:10:59.0456 4732 BrUsbSer - ok
04:10:59.0541 4732 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:10:59.0543 4732 BTHMODEM - ok
04:10:59.0640 4732 catchme - ok
04:10:59.0720 4732 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
04:10:59.0722 4732 cdfs - ok
04:10:59.0766 4732 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
04:10:59.0770 4732 cdrom - ok
04:10:59.0806 4732 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
04:10:59.0810 4732 circlass - ok
04:10:59.0848 4732 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
04:10:59.0853 4732 CLFS - ok
04:10:59.0947 4732 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
04:10:59.0949 4732 CmBatt - ok
04:10:59.0988 4732 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
04:10:59.0989 4732 cmdide - ok
04:11:00.0014 4732 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
04:11:00.0016 4732 Compbatt - ok
04:11:00.0032 4732 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
04:11:00.0034 4732 crcdisk - ok
04:11:00.0060 4732 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
04:11:00.0062 4732 Crusoe - ok
04:11:00.0180 4732 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
04:11:00.0181 4732 DfsC - ok
04:11:00.0261 4732 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
04:11:00.0262 4732 disk - ok
04:11:00.0383 4732 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
04:11:00.0384 4732 drmkaud - ok
04:11:00.0448 4732 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
04:11:00.0457 4732 DXGKrnl - ok
04:11:00.0536 4732 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:11:00.0539 4732 E1G60 - ok
04:11:00.0645 4732 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
04:11:00.0648 4732 Ecache - ok
04:11:00.0774 4732 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
04:11:00.0780 4732 elxstor - ok
04:11:00.0847 4732 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
04:11:00.0849 4732 enecir - ok
04:11:00.0934 4732 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
04:11:00.0936 4732 ErrDev - ok
04:11:01.0017 4732 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
04:11:01.0024 4732 exfat - ok
04:11:01.0059 4732 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
04:11:01.0062 4732 fastfat - ok
04:11:01.0091 4732 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
04:11:01.0093 4732 fdc - ok
04:11:01.0190 4732 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
04:11:01.0194 4732 FileInfo - ok
04:11:01.0245 4732 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
04:11:01.0247 4732 Filetrace - ok
04:11:01.0298 4732 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
04:11:01.0299 4732 flpydisk - ok
04:11:01.0333 4732 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
04:11:01.0337 4732 FltMgr - ok
04:11:01.0398 4732 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
04:11:01.0399 4732 Fs_Rec - ok
04:11:01.0457 4732 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
04:11:01.0458 4732 gagp30kx - ok
04:11:01.0511 4732 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:11:01.0512 4732 GEARAspiWDM - ok
04:11:01.0624 4732 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
04:11:01.0626 4732 HdAudAddService - ok
04:11:01.0670 4732 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:11:01.0673 4732 HDAudBus - ok
04:11:01.0697 4732 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:11:01.0698 4732 HidBth - ok
04:11:01.0739 4732 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
04:11:01.0741 4732 HidIr - ok
04:11:01.0827 4732 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
04:11:01.0829 4732 HidUsb - ok
04:11:01.0880 4732 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
04:11:01.0883 4732 HpCISSs - ok
04:11:01.0921 4732 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
04:11:01.0923 4732 hpdskflt - ok
04:11:02.0004 4732 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
04:11:02.0007 4732 HpqKbFiltr - ok
04:11:02.0062 4732 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
04:11:02.0063 4732 HpqRemHid - ok
04:11:02.0133 4732 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
04:11:02.0142 4732 HSFHWAZL - ok
04:11:02.0196 4732 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
04:11:02.0222 4732 HSF_DPV - ok
04:11:02.0417 4732 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
04:11:02.0426 4732 HTTP - ok
04:11:02.0519 4732 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
04:11:02.0521 4732 i2omp - ok
04:11:02.0565 4732 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
04:11:02.0570 4732 i8042prt - ok
04:11:02.0617 4732 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
04:11:02.0626 4732 iaStorV - ok
04:11:02.0738 4732 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:11:02.0743 4732 iirsp - ok
04:11:02.0790 4732 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
04:11:02.0792 4732 intelide - ok
04:11:02.0840 4732 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
04:11:02.0842 4732 intelppm - ok
04:11:02.0903 4732 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:11:02.0907 4732 IpFilterDriver - ok
04:11:02.0979 4732 IpInIp - ok
04:11:03.0022 4732 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
04:11:03.0027 4732 IPMIDRV - ok
04:11:03.0096 4732 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
04:11:03.0101 4732 IPNAT - ok
04:11:03.0234 4732 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
04:11:03.0237 4732 IRENUM - ok
04:11:03.0295 4732 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
04:11:03.0299 4732 isapnp - ok
04:11:03.0330 4732 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
04:11:03.0338 4732 iScsiPrt - ok
04:11:03.0364 4732 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:11:03.0367 4732 iteatapi - ok
04:11:03.0394 4732 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:11:03.0398 4732 iteraid - ok
04:11:03.0450 4732 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:11:03.0453 4732 kbdclass - ok
04:11:03.0485 4732 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
04:11:03.0487 4732 kbdhid - ok
04:11:03.0594 4732 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
04:11:03.0609 4732 KSecDD - ok
04:11:03.0725 4732 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
04:11:03.0727 4732 lltdio - ok
04:11:03.0765 4732 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
04:11:03.0768 4732 LSI_FC - ok
04:11:03.0795 4732 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
04:11:03.0798 4732 LSI_SAS - ok
04:11:03.0813 4732 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
04:11:03.0816 4732 LSI_SCSI - ok
04:11:03.0837 4732 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
04:11:03.0840 4732 luafv - ok
04:11:03.0854 4732 MBAMSwissArmy - ok
04:11:03.0966 4732 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
04:11:03.0970 4732 megasas - ok
04:11:04.0024 4732 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
04:11:04.0036 4732 MegaSR - ok
04:11:04.0126 4732 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
04:11:04.0130 4732 Modem - ok
04:11:04.0169 4732 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
04:11:04.0173 4732 monitor - ok
04:11:04.0197 4732 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
04:11:04.0200 4732 mouclass - ok
04:11:04.0236 4732 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
04:11:04.0239 4732 mouhid - ok
04:11:04.0279 4732 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
04:11:04.0284 4732 MountMgr - ok
04:11:04.0337 4732 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
04:11:04.0342 4732 mpio - ok
04:11:04.0430 4732 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
04:11:04.0435 4732 mpsdrv - ok
04:11:04.0524 4732 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:11:04.0528 4732 Mraid35x - ok
04:11:04.0561 4732 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
04:11:04.0567 4732 MRxDAV - ok
04:11:04.0617 4732 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:11:04.0623 4732 mrxsmb - ok
04:11:04.0727 4732 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:11:04.0736 4732 mrxsmb10 - ok
04:11:04.0780 4732 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:11:04.0783 4732 mrxsmb20 - ok
04:11:04.0836 4732 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
04:11:04.0838 4732 msahci - ok
04:11:04.0925 4732 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
04:11:04.0928 4732 msdsm - ok
04:11:04.0989 4732 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
04:11:04.0991 4732 Msfs - ok
04:11:05.0030 4732 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
04:11:05.0032 4732 msisadrv - ok
04:11:05.0101 4732 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
04:11:05.0103 4732 MSKSSRV - ok
04:11:05.0201 4732 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
04:11:05.0203 4732 MSPCLOCK - ok
04:11:05.0235 4732 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
04:11:05.0237 4732 MSPQM - ok
04:11:05.0271 4732 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
04:11:05.0275 4732 MsRPC - ok
04:11:05.0305 4732 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
04:11:05.0308 4732 mssmbios - ok
04:11:05.0336 4732 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
04:11:05.0338 4732 MSTEE - ok
04:11:05.0393 4732 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
04:11:05.0396 4732 Mup - ok
04:11:05.0506 4732 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
04:11:05.0510 4732 NativeWifiP - ok
04:11:05.0586 4732 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
04:11:05.0603 4732 NDIS - ok
04:11:05.0683 4732 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
04:11:05.0687 4732 NdisTapi - ok
04:11:05.0721 4732 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
04:11:05.0724 4732 Ndisuio - ok
04:11:05.0776 4732 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
04:11:05.0783 4732 NdisWan - ok
04:11:05.0811 4732 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
04:11:05.0820 4732 NDProxy - ok
04:11:05.0854 4732 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
04:11:05.0859 4732 NetBIOS - ok
04:11:05.0947 4732 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
04:11:05.0952 4732 netbt - ok
04:11:06.0012 4732 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:11:06.0017 4732 nfrd960 - ok
04:11:06.0068 4732 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
04:11:06.0071 4732 Npfs - ok
04:11:06.0090 4732 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
04:11:06.0092 4732 nsiproxy - ok
04:11:06.0146 4732 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
04:11:06.0155 4732 Ntfs - ok
04:11:06.0235 4732 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:11:06.0237 4732 ntrigdigi - ok
04:11:06.0263 4732 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
04:11:06.0264 4732 Null - ok
04:11:06.0323 4732 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
04:11:06.0331 4732 NVENETFD - ok
04:11:06.0427 4732 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
04:11:06.0430 4732 nvraid - ok
04:11:06.0468 4732 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
04:11:06.0470 4732 nvstor - ok
04:11:06.0496 4732 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
04:11:06.0503 4732 nv_agp - ok
04:11:06.0515 4732 NwlnkFlt - ok
04:11:06.0533 4732 NwlnkFwd - ok
04:11:06.0586 4732 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
04:11:06.0588 4732 ohci1394 - ok
04:11:06.0635 4732 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
04:11:06.0636 4732 Parport - ok
04:11:06.0719 4732 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
04:11:06.0721 4732 partmgr - ok
04:11:06.0748 4732 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
04:11:06.0750 4732 Parvdm - ok
04:11:06.0784 4732 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
04:11:06.0785 4732 PCASp50 - ok
04:11:06.0813 4732 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
04:11:06.0815 4732 pci - ok
04:11:06.0837 4732 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
04:11:06.0838 4732 pciide - ok
04:11:06.0928 4732 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
04:11:06.0930 4732 pcmcia - ok
04:11:06.0973 4732 PCTINDIS5 (351bd8c80b2c411ea5a122fcfed4d7c8) C:\Windows\system32\PCTINDIS5.SYS
04:11:06.0990 4732 PCTINDIS5 - ok
04:11:07.0061 4732 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:11:07.0076 4732 PEAUTH - ok
04:11:07.0248 4732 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
04:11:07.0250 4732 PptpMiniport - ok
04:11:07.0295 4732 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
04:11:07.0297 4732 Processor - ok
04:11:07.0360 4732 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
04:11:07.0364 4732 PSched - ok
04:11:07.0556 4732 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
04:11:07.0560 4732 PSI - ok
04:11:07.0688 4732 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
04:11:07.0691 4732 PxHelp20 - ok
04:11:07.0781 4732 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
04:11:07.0813 4732 ql2300 - ok
04:11:07.0902 4732 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:11:07.0909 4732 ql40xx - ok
04:11:08.0034 4732 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
04:11:08.0039 4732 QWAVEdrv - ok
04:11:08.0090 4732 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
04:11:08.0094 4732 RasAcd - ok
04:11:08.0131 4732 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:11:08.0138 4732 Rasl2tp - ok
04:11:08.0178 4732 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
04:11:08.0180 4732 RasPppoe - ok
04:11:08.0267 4732 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
04:11:08.0269 4732 RasSstp - ok
04:11:08.0297 4732 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
04:11:08.0302 4732 rdbss - ok
04:11:08.0319 4732 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:11:08.0325 4732 RDPCDD - ok
04:11:08.0365 4732 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
04:11:08.0371 4732 rdpdr - ok
04:11:08.0385 4732 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
04:11:08.0387 4732 RDPENCDD - ok
04:11:08.0442 4732 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
04:11:08.0447 4732 RDPWD - ok
04:11:08.0558 4732 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
04:11:08.0560 4732 RimVSerPort - ok
04:11:08.0596 4732 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
04:11:08.0597 4732 ROOTMODEM - ok
04:11:08.0645 4732 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
04:11:08.0647 4732 rspndr - ok
04:11:08.0713 4732 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
04:11:08.0719 4732 RTL8169 - ok
04:11:08.0805 4732 RTSTOR (e64fe039c7b35ccdc0fff05db544ee58) C:\Windows\system32\drivers\RTSTOR.SYS
04:11:08.0807 4732 RTSTOR - ok
04:11:08.0870 4732 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:11:08.0876 4732 sbp2port - ok
04:11:08.0935 4732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:11:08.0940 4732 secdrv - ok
04:11:09.0002 4732 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
04:11:09.0005 4732 Serenum - ok
04:11:09.0041 4732 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
04:11:09.0044 4732 Serial - ok
04:11:09.0138 4732 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
04:11:09.0140 4732 sermouse - ok
04:11:09.0195 4732 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
04:11:09.0197 4732 sffdisk - ok
04:11:09.0228 4732 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
04:11:09.0230 4732 sffp_mmc - ok
04:11:09.0256 4732 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
04:11:09.0261 4732 sffp_sd - ok
04:11:09.0288 4732 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:11:09.0291 4732 sfloppy - ok
04:11:09.0355 4732 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
04:11:09.0359 4732 sisagp - ok
04:11:09.0430 4732 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
04:11:09.0432 4732 SiSRaid2 - ok
04:11:09.0484 4732 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
04:11:09.0485 4732 SiSRaid4 - ok
04:11:09.0516 4732 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
04:11:09.0518 4732 Smb - ok
04:11:09.0551 4732 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
04:11:09.0553 4732 spldr - ok
04:11:09.0597 4732 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
04:11:09.0600 4732 srv - ok
04:11:09.0672 4732 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
04:11:09.0674 4732 srv2 - ok
04:11:09.0711 4732 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
04:11:09.0713 4732 srvnet - ok
04:11:09.0792 4732 STHDA (2449940565c8590961b4b1e9402ea43e) C:\Windows\system32\DRIVERS\stwrt.sys
04:11:09.0799 4732 STHDA - ok
04:11:09.0898 4732 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
04:11:09.0900 4732 swenum - ok
04:11:09.0951 4732 swmsflt (851681f7d3200e2a646c5ee4d4e9883d) C:\Windows\System32\drivers\swmsflt.sys
04:11:09.0954 4732 swmsflt - ok
04:11:09.0994 4732 SWNC8U80 (ca27e8ce559a9c0acc4f9ea468acf414) C:\Windows\system32\DRIVERS\swnc8u80.sys
04:11:09.0999 4732 SWNC8U80 - ok
04:11:10.0112 4732 SWUMX80 (e0042a561eeed484b5c831c2a50b7e8b) C:\Windows\system32\DRIVERS\swumx80.sys
04:11:10.0114 4732 SWUMX80 - ok
04:11:10.0192 4732 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:11:10.0193 4732 Symc8xx - ok
04:11:10.0210 4732 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:11:10.0212 4732 Sym_hi - ok
04:11:10.0224 4732 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:11:10.0225 4732 Sym_u3 - ok
04:11:10.0261 4732 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
04:11:10.0264 4732 SynTP - ok
04:11:10.0338 4732 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
04:11:10.0347 4732 Tcpip - ok
04:11:10.0460 4732 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
04:11:10.0468 4732 Tcpip6 - ok
04:11:10.0530 4732 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
04:11:10.0532 4732 tcpipreg - ok
04:11:10.0578 4732 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
04:11:10.0580 4732 TDPIPE - ok
04:11:10.0601 4732 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
04:11:10.0603 4732 TDTCP - ok
04:11:10.0625 4732 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
04:11:10.0627 4732 tdx - ok
04:11:10.0649 4732 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
04:11:10.0650 4732 TermDD - ok
04:11:10.0699 4732 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:11:10.0700 4732 tssecsrv - ok
04:11:10.0777 4732 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
04:11:10.0779 4732 tunmp - ok
04:11:10.0812 4732 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
04:11:10.0815 4732 tunnel - ok
04:11:10.0844 4732 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
04:11:10.0845 4732 uagp35 - ok
04:11:10.0881 4732 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
04:11:10.0886 4732 udfs - ok
04:11:10.0977 4732 UIUSys - ok
04:11:11.0020 4732 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
04:11:11.0023 4732 uliagpkx - ok
04:11:11.0057 4732 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
04:11:11.0062 4732 uliahci - ok
04:11:11.0079 4732 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:11:11.0085 4732 UlSata - ok
04:11:11.0108 4732 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:11:11.0111 4732 ulsata2 - ok
04:11:11.0144 4732 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
04:11:11.0147 4732 umbus - ok
04:11:11.0261 4732 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
04:11:11.0266 4732 USBAAPL - ok
04:11:11.0308 4732 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
04:11:11.0311 4732 usbccgp - ok
04:11:11.0353 4732 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:11:11.0357 4732 usbcir - ok
04:11:11.0402 4732 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
04:11:11.0405 4732 usbehci - ok
04:11:11.0486 4732 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
04:11:11.0491 4732 usbhub - ok
04:11:11.0529 4732 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
04:11:11.0532 4732 usbohci - ok
04:11:11.0571 4732 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
04:11:11.0574 4732 usbprint - ok
04:11:11.0617 4732 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
04:11:11.0619 4732 usbscan - ok
04:11:11.0665 4732 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:11:11.0668 4732 USBSTOR - ok
04:11:11.0753 4732 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
04:11:11.0758 4732 usbuhci - ok
04:11:11.0805 4732 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
04:11:11.0812 4732 usbvideo - ok
04:11:11.0863 4732 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
04:11:11.0866 4732 vga - ok
04:11:11.0895 4732 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
04:11:11.0898 4732 VgaSave - ok
04:11:11.0985 4732 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
04:11:11.0988 4732 viaagp - ok
04:11:12.0014 4732 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
04:11:12.0017 4732 ViaC7 - ok
04:11:12.0042 4732 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
04:11:12.0046 4732 viaide - ok
04:11:12.0102 4732 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
04:11:12.0105 4732 volmgr - ok
04:11:12.0138 4732 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
04:11:12.0144 4732 volmgrx - ok
04:11:12.0208 4732 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
04:11:12.0211 4732 volsnap - ok
04:11:12.0266 4732 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
04:11:12.0270 4732 vsmraid - ok
04:11:12.0304 4732 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:11:12.0305 4732 WacomPen - ok
04:11:12.0330 4732 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:11:12.0334 4732 Wanarp - ok
04:11:12.0355 4732 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:11:12.0357 4732 Wanarpv6 - ok
04:11:12.0463 4732 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
04:11:12.0465 4732 Wd - ok
04:11:12.0509 4732 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
04:11:12.0515 4732 Wdf01000 - ok
04:11:12.0615 4732 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
04:11:12.0620 4732 winachsf - ok
04:11:12.0786 4732 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
04:11:12.0789 4732 WmiAcpi - ok
04:11:12.0873 4732 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
04:11:12.0876 4732 WpdUsb - ok
04:11:12.0906 4732 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
04:11:12.0909 4732 ws2ifsl - ok
04:11:13.0016 4732 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:11:13.0019 4732 WUDFRd - ok
04:11:13.0153 4732 {22D78859-9CE9-4B77-BF18-AC83E81A9263} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\HP\QuickPlay\000.fcl
04:11:13.0154 4732 {22D78859-9CE9-4B77-BF18-AC83E81A9263} - ok
04:11:13.0220 4732 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
04:11:13.0255 4732 \Device\Harddisk0\DR0 - ok
04:11:13.0262 4732 Boot (0x1200) (b12a08efed9ffa113cdd851c7999bd1f) \Device\Harddisk0\DR0\Partition0
04:11:13.0263 4732 \Device\Harddisk0\DR0\Partition0 - ok
04:11:13.0275 4732 Boot (0x1200) (6a65d8e8bcd577ece0e9db0c9220c4f5) \Device\Harddisk0\DR0\Partition1
04:11:13.0276 4732 \Device\Harddisk0\DR0\Partition1 - ok
04:11:13.0280 4732 ============================================================
04:11:13.0280 4732 Scan finished
04:11:13.0280 4732 ============================================================
04:11:13.0306 1860 Detected object count: 0
04:11:13.0306 1860 Actual detected object count: 0
04:11:37.0105 2544 Deinitialize success


The AswMBR did not have the fix enabled after the scan completed.

Here is the log.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-23 04:12:31
-----------------------------
04:12:31.678 OS Version: Windows 6.0.6001 Service Pack 1
04:12:31.679 Number of processors: 2 586 0x301
04:12:31.681 ComputerName: OWNER-PC UserName: owner
04:12:33.321 Initialize success
04:12:33.500 AVAST engine defs: 11112201
04:12:55.315 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000009a
04:12:55.326 Disk 0 Vendor: Hitachi_ 1.BB Size: 152627MB BusType: 8
04:12:57.355 Disk 0 MBR read successfully
04:12:57.366 Disk 0 MBR scan
04:12:57.379 Disk 0 unknown MBR code
04:12:57.397 Disk 0 scanning sectors +312573952
04:12:57.477 Disk 0 scanning C:\Windows\system32\drivers
04:13:07.420 Service scanning
04:13:09.131 Modules scanning
04:13:25.561 Scan finished successfully
04:15:25.044 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
04:15:25.045 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
  • 0

#4
dtekka
Posted 23 November 2011 - 04:25 AM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I am letting the disk check run right now, I just wanted to give you the results of my other scans. Thanks for your help so far. I really appreciate it.
  • 0

#5
dtekka
Posted 23 November 2011 - 12:19 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
********************************

Microsoft Signature Verification

Log file generated on 11/23/2011 at 12:17 PM
OS Platform: Windows (x86), Version: 6.0, Build: 6001, CSDVersion: Service Pack 1
Scan Results: Total Files: 216, Signed: 213, Unsigned: 0, Not Scanned: 3

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\program files\hp\quickplay]
000.fcl 5/14/2008 None Signed N/A
[c:\program files\synaptics\syntp]
instnt.exe 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syncntxt.rtf 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synisdll.dll 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synmood.exe 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpcom.dll 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpcpl.dll 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpenh.exe 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntphelper.exe 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpres.dll 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synunst.ini 1/27/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synzmetr.exe 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tutorial.exe 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows]
agrsmdel.exe 2/29/2008 2:5.00 Signed agrmdv32.cat Microsoft Windows Hardware Compatibility Publisher
atiogl.xml 1/20/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system]
driveicon.dll 4/2/2008 2:6.0 Signed rtcrdriver.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32]
agrscoin.dll 12/11/2007 2:5.00 Signed agrmdv32.cat Microsoft Windows Hardware Compatibility Publisher
agrsmsvc.exe 12/11/2007 2:5.00 Signed agrmdv32.cat Microsoft Windows Hardware Compatibility Publisher
amdpcom32.dll 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
ati2edxx.dll 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
ati2evxx.dll 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
ati2evxx.exe 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
atibrtmon.exe 3/3/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
atidemgx.dll 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
atidxx32.dll 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
atiicdxx.dat 3/5/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
atioglxx.dll 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
atipdlxx.dll 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
atitmmxx.dll 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
atiumdag.dll 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
atiumdva.dat 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
atiumdva.dll 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
batt.dll 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
circoinst.dll 11/2/2006 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
clfs.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
hal.dll 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
halacpi.dll 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
halmacpi.dll 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hccoin.dll 11/2/2006 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hcrstco.dll 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hpservice.exe 3/18/2008 2:6.0 Signed hpqaccx86.cat Microsoft Windows Hardware Compatibility Publisher
iscsilog.dll 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
kbd106.dll 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
mmcico.dll 11/2/2006 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
oemdspif.dll 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
pctindis5.sys 5/23/2008 2:5.00,2:5.1,2:6.0 Signed pctindis_5780.cat Microsoft Windows Hardware Compatibility Publisher
staco.dll 4/16/2008 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher
stapi32.dll 4/16/2008 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher
stapo.dll 4/16/2008 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher
stcplx.dll 4/16/2008 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher
storprop.dll 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
streamci.dll 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
syncom.dll 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synctrl.dll 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpapi.dll 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpco4.dll 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
sysfxui.dll 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
wdfcoinstaller01000. 3/8/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
wmalfxgfxdsp.dll 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
[c:\windows\system32\drivers]
accelerometer.sys 3/27/2008 2:6.0 Signed hpqaccx86.cat Microsoft Windows Hardware Compatibility Publisher
acpi.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
adp94xx.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
adpahci.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
adpu160m.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
adpu320.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
afd.sys 4/21/2011 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB2503Microsoft Windows
agrsm.sys 2/29/2008 2:5.00 Signed agrmdv32.cat Microsoft Windows Hardware Compatibility Publisher
ahcix86s.sys 4/14/2008 2:6.0 Signed ahcix86s.cat Microsoft Windows Hardware Compatibility Publisher
aliide.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
amdide.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
arc.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
arcsas.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
asyncmac.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
atapi.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
ataport.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
athr.sys 4/27/2008 2:5.00 Signed athrext.cat Microsoft Windows Hardware Compatibility Publisher
ati2erec.dll 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
atikmdag.sys 3/28/2008 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
atipcie.sys 10/29/2006 2:5.00 Signed atipcie.cat Microsoft Windows Hardware Compatibility Publisher
ativcaxx.cpa 8/22/2006 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
ativcaxx.vp 8/22/2006 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
ativdkxx.vp 4/17/2007 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
ativokxx.vp 5/29/2007 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
ativpkxx.vp 5/29/2007 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
ativvpxx.vp 9/8/2007 2:6.0 Signed cl_63289.cat Microsoft Windows Hardware Compatibility Publisher
battc.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
cdrom.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
circlass.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
cmbatt.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
cmdide.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
compbatt.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
crcdisk.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
disk.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
djsvs.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
drmk.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
drmkaud.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
dxgkrnl.sys 8/1/2008 2:5.1,2:5.2,2:6.0 Signed Package_4_for_KB9553Microsoft Windows
elxstor.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
enecir.sys 1/23/2008 2:6.0 Signed enecir.cat Microsoft Windows Hardware Compatibility Publisher
hdaudbus.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hdaudio.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
hidclass.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hidir.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hidparse.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hpcisss.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
hpdskflt.sys 3/27/2008 2:6.0 Signed hpqaccx86.cat Microsoft Windows Hardware Compatibility Publisher
hpqkbfiltr.sys 6/18/2007 2:5.1 Signed hpqkbfiltr.cat Microsoft Windows Hardware Compatibility Publisher
hpqremhid.sys 7/11/2007 2:6.0 Signed hpqremhid.cat Microsoft Windows Hardware Compatibility Publisher
http.sys 2/20/2010 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB9739Microsoft Windows
i2omp.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
i8042prt.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
iastorv.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
iirsp.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
intelide.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
isapnp.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
iteatapi.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
iteraid.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
kbdclass.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
kbdhid.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
ksecdd.sys 6/15/2009 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB9754Microsoft Windows
lltdio.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
lsi_fc.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
lsi_sas.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
lsi_scsi.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
megasas.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
megasr.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
modem.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
monitor.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mouclass.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mouhid.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mountmgr.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mpsdrv.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mraid35x.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
msahci.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
msdsm.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
msisadrv.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
msiscsi.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mskssrv.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mspclock.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mspqm.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mssmbios.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
mstee.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndis.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndistapi.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndisuio.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndiswan.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
netbt.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
nfrd960.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
nsiproxy.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
nvraid.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
nvstor.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
nwifi.sys 5/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_3_for_KB9553Microsoft Windows
pacer.sys 4/4/2008 2:5.1,2:5.2,2:6.0 Signed Package_3_for_KB9527Microsoft Windows
pcasp50.sys 5/23/2008 None Signed N/A
pci.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
pciide.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
pciidex.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
peauth.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
portcls.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
processr.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
ql2300.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ql40xx.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
rasacd.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rasl2tp.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
raspppoe.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
raspptp.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rassstp.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rdpcdd.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rdpencdd.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rimserial.sys 1/18/2007 2:5.00 Signed rimserial.cat Microsoft Windows Hardware Compatibility Publisher
rootmdm.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rspndr.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rtlh86.sys 4/14/2008 2:6.0 Signed netrtx32.cat Microsoft Windows Hardware Compatibility Publisher
rtstor.sys 4/21/2008 2:6.0 Signed rtcrdriver.cat Microsoft Windows Hardware Compatibility Publisher
sbp2port.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
sermouse.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
sisraid2.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
sisraid4.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
smb.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
stwrt.sys 4/16/2008 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher
swenum.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
sym_hi.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
sym_u3.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
symc8xx.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
syntp.sys 1/17/2008 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tcpip.sys 6/16/2010 2:5.1,2:5.2,2:6.0 Signed Package_3_for_KB9788Microsoft Windows
tcpipreg.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
tdx.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
termdd.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
tunmp.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
tunnel.sys 2/18/2010 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB9783Microsoft Windows
uliahci.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ulsata.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
ulsata2.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
umbus.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbccgp.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbd.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbehci.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbhub.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbohci.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbport.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbvideo.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
vga.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
viaide.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
volmgr.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
volmgrx.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
volsnap.sys 1/20/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
vsmraid.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
wanarp.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
wd.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
wdf01000.sys 1/20/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
wdfcoinstaller01005. 11/2/2006 2:5.1 Signed hpqkbfiltr.cat Microsoft Windows Hardware Compatibility Publisher
wmiacpi.sys 1/20/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows

Unscanned Files:
------------------
[c:\windows\c:\users\owner\appdata\local\temp]
catchme.sys The directory name is invalid.
[c:\windows\c:\windows\system32\drivers]
mbamswissarmy.sys The directory name is invalid.
[c:\windows\system32]
wdfcoinstaller01005.The file is not installed.
  • 0

#6
dtekka
Posted 23 November 2011 - 12:26 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 23/11/2011 12:21:25 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/11/2011 12:29:16 PM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

Log: 'System' Date/Time: 23/11/2011 12:30:01 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 23/11/2011 1:50:30 PM
Type: Error Category: 0
Event: 10 Source: VDS Dynamic Provider
The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Log: 'System' Date/Time: 23/11/2011 3:36:18 PM
Type: Error Category: 0
Event: 10 Source: VDS Dynamic Provider
The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Log: 'System' Date/Time: 23/11/2011 3:42:37 PM
Type: Error Category: 0
Event: 10 Source: VDS Dynamic Provider
The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Log: 'System' Date/Time: 23/11/2011 6:17:04 PM
Type: Error Category: 0
Event: 10 Source: VDS Dynamic Provider
The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/11/2011 10:23:58 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 23/11/2011 10:23:58 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.




Here is the application log

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 23/11/2011 12:26:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/11/2011 12:30:01 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#7
RKinner
Posted 23 November 2011 - 12:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Looks pretty good so far. The Virtual Disk error is known to Microsoft:

http://support.microsoft.com/kb/948275

Appears it is a Service Pack 1 error and that if you update to SP2 it should go away.

I think you are OK now malware wise. We can run a couple of more checks to see if we can find out more about the system:

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

#8
dtekka
Posted 23 November 2011 - 07:32 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
the speccy program keeps crashing when I try to launch it. I can see it pop up on the screen for a brief moment then it crashes. I tried restarting and still the same issue. It just says "speccy has stopped working" A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available. I also tried running the program as an administrator and it still crashed at the same point.
  • 0

#9
RKinner
Posted 23 November 2011 - 07:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Speccy would have to be run as admin on Vista. First time it hasn't worked for me. See if you can get SIW to work.

http://download.cnet...4-10326678.html

(You want the Download Now button on the left.)

It will also need to be run as admin. (My Avast anti-virus wants to run in in Sandbox but it has to be run normally to work) Make sure you tell it you DO NOT WANT the driver scanner install.

This one won't let you make a text file so you will have to look yourself. There should be a section under Hardware called Sensors, click on it and look in the right pane and you should see some temperatures. What is the highest value that you see in degree C?

Also under Hardware should be Storage Devices. Find your hard drive (Probably Disk 0) and click on the + in front of SMART Support then scroll so that the whole SMART section is visible. Take a screen shot and attach it to your next post. http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#10
dtekka
Posted 23 November 2011 - 11:15 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Both cores are running at 71 degrees Celcius. Those are the highest values on that read-out. As soon as I clicked on the storage devices icon, the program crashed with windows displaying "Microsoft services has stopped working" not quite sure why that happened, as I ran the program in admin mode. :(
  • 0

#11
RKinner
Posted 24 November 2011 - 12:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
71 is too hot. Get speedfan
http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.

Who makes your hard drive? (If you don't know boot into the BIOS Setup. It should tell you the part number of the drive and you can google the number and find out who makes it.) Go to the drive maker's website and see if they have a drive test you can download and run.
  • 0

#12
dtekka
Posted 25 November 2011 - 02:27 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I went into bios and there was a primary hard disk self check diagnostic tool built into bios. I ran that and it told me to replace the hard disk. I guess it is going bad after all.
  • 0

#13
RKinner
Posted 25 November 2011 - 03:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I sort of expected that the drive was bad. Sorry that that's the case. You might be able to clone the drive to a new drive. They aren't too expensive if it is a SATA drive and you can usually add a couple of hundred Gigs while you are at it. You just need a USB to SATA adapter. They are about $10 on Amazon. http://www.amazon.co...22254770&sr=1-3

Don't get a Western Digital drive. Their cloning program won't boot from a CD. Stick with Seagate. I've used theirs many times.
  • 0

#14
dtekka
Posted 25 November 2011 - 06:06 PM

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I have that adapter fortunately. All of the information is already backed up, so I shouldn't have any problems transferring the info to the new drive. Thanks for all of your help.
  • 0

#15
RKinner
Posted 25 November 2011 - 07:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK.

I'll give you the cleanup routine anyway. Some of it may be useful on the new drive.


We need to cleanup System Restore:

Copy the following:


:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP