Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dos:Alureon.E

Started by elguapo79 , Nov 29 2011 03:43 PM

  • Please log in to reply

#1
elguapo79
Posted 29 November 2011 - 03:43 PM

elguapo79

    Member

  • Member
  • PipPip
  • 16 posts
I am having a problem with a virus being found on my computer called Dos:Alureon.E (according to Windows Security Essentials).


The infection started (we think) with a visit to an untrustworthy website. Actually, my wife clicked a link in an email that was "from" her recently deceased mother.

After that, I had to uninstall something called Privacy.exe which looked like an anti-virus program. Even after that I was having issues with google re-directs.

Ultimately I decided to reinstall Windows7. Since then, I don't notice any symptoms.

However, Windows Security Essentials keeps finding the Dos:Alureon.E virus. It cannot fix/delete/remove the problem. I tried Kapersky's TDSS remove kit, and it found nothing. Malwarebytes did not find anything either. MSE continues to find the virus, though.

Note: I did keep some of my files from the Windows.old folder (mp3s, pictures, word files, etc.).

That's where I stand now. My OTL is below. Please let me know if there is any other information that I can but did not include, and thank you for any help!



OTL logfile created on: 11/29/2011 4:11:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeremy\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 65.57% Memory free
6.50 Gb Paging File | 5.05 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.30 Gb Total Space | 110.50 Gb Free Space | 49.71% Space Free | Partition Type: NTFS
Drive D: | 10.58 Gb Total Space | 1.25 Gb Free Space | 11.77% Space Free | Partition Type: NTFS

Computer Name: HPDESKTOPJDP | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/29 16:10:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
PRC - [2011/11/20 20:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/27 20:14:44 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/20 20:04:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 07:16:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/29 08:05:10 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F8E00FB-B109-48B6-8557-159D1B05E303}\MpKsl72912849.sys -- (MpKsl72912849)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/07/13 14:54:14 | 001,394,688 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/07/13 14:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF CA 05 09 D7 AC CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://espn.go.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/26 23:40:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/27 00:24:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/11/26 23:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
[2011/11/27 13:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0h6vjgzo.default\extensions
[2011/11/27 13:39:15 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0h6vjgzo.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2011/11/26 23:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0H6VJGZO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0H6VJGZO.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0H6VJGZO.DEFAULT\EXTENSIONS\[email protected]
[2011/11/20 20:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 17:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 17:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bf912a1c-1935-11e1-a534-001bfc7e92b3}\Shell - "" = AutoRun
O33 - MountPoints2\{bf912a1c-1935-11e1-a534-001bfc7e92b3}\Shell\AutoRun\command - "" = J:\StartClickFreeBackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/29 16:10:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/11/29 16:10:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/11/29 16:10:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/11/29 08:07:29 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{DEA203FE-9254-4B0D-A4E6-321F8A870063}
[2011/11/29 08:06:53 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{802F77F9-9324-4EBA-8613-F41116540C76}
[2011/11/28 17:06:28 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Malwarebytes
[2011/11/28 17:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/28 17:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/28 17:06:13 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/28 17:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/28 16:59:08 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup.exe
[2011/11/28 16:50:07 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jeremy\Desktop\poo.com.exe
[2011/11/28 16:31:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/11/27 20:31:23 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\GlobalSCAPE
[2011/11/27 20:27:40 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/11/27 20:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\OfficeGuardian
[2011/11/27 20:14:54 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Macromedia
[2011/11/27 20:14:54 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Adobe
[2011/11/27 20:13:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/11/27 19:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
[2011/11/27 19:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\HH2003
[2011/11/27 19:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HHEditor 2003
[2011/11/27 19:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\HH2K3Edit
[2011/11/27 19:40:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\Database
[2011/11/27 19:33:34 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\GlobalSCAPE
[2011/11/27 19:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlobalSCAPE
[2011/11/27 19:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\GlobalSCAPE
[2011/11/27 19:33:05 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/11/27 19:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/11/27 12:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/27 11:32:18 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{85854D35-4DC4-4AC2-9FA8-91FAF5AC41EC}
[2011/11/27 11:32:06 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{2099A755-5CEF-4BC6-B4D2-1B0B5E8878A2}
[2011/11/27 10:39:21 | 000,000,000 | --SD | C] -- C:\Users\Jeremy\Documents\My Web Sites
[2011/11/27 10:24:05 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{A881411D-E011-4264-B8E0-BF40D5D5963D}
[2011/11/27 10:23:49 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Windows Live Writer
[2011/11/27 10:23:49 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Windows Live Writer
[2011/11/27 10:23:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{F32BB68E-D7B5-4315-8508-904BA406026D}
[2011/11/27 10:23:04 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Thunderbird
[2011/11/27 06:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/11/27 06:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/11/27 06:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/11/27 06:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/11/27 06:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/11/27 06:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/11/27 06:27:05 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Microsoft Help
[2011/11/27 06:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/11/27 06:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/11/27 00:31:24 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/11/27 00:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/11/27 00:27:05 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Windows Live
[2011/11/27 00:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/11/27 00:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2011/11/27 00:08:39 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Apple Computer
[2011/11/27 00:08:38 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Apple Computer
[2011/11/27 00:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/27 00:08:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/11/27 00:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/27 00:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/27 00:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/11/27 00:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/27 00:07:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Apple
[2011/11/27 00:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/27 00:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/27 00:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/11/27 00:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/11/27 00:06:51 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/11/27 00:02:01 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\ElevatedDiagnostics
[2011/11/26 23:41:04 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Mozilla
[2011/11/26 23:41:04 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Mozilla
[2011/11/26 23:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/11/26 23:27:09 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/26 23:27:09 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Searches
[2011/11/26 23:27:09 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/26 23:27:09 | 000,000,000 | -H-D | C] -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/11/26 23:26:55 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Identities
[2011/11/26 23:26:53 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Contacts
[2011/11/26 23:26:45 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\VirtualStore
[2011/11/26 23:26:43 | 000,000,000 | --SD | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Videos
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Saved Games
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Pictures
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Music
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Links
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Favorites
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Downloads
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Documents
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Desktop
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\AppData\Local\Temporary Internet Files
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Templates
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Start Menu
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\SendTo
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Recent
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\PrintHood
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\NetHood
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Documents\My Videos
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Documents\My Pictures
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Documents\My Music
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\My Documents
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Local Settings
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\AppData\Local\History
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Cookies
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Application Data
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\AppData\Local\Application Data
[2011/11/26 23:26:43 | 000,000,000 | -H-D | C] -- C:\Users\Jeremy\AppData
[2011/11/26 23:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Temp
[2011/11/26 23:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Microsoft
[2011/11/26 23:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Media Center Programs
[2011/11/26 23:03:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/11/26 23:01:44 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/11/26 22:59:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/11/25 13:50:22 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Will and Liz wedding

========== Files - Modified Within 30 Days ==========

[2011/11/29 16:10:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/11/29 16:09:07 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/11/29 16:07:22 | 000,012,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/29 16:07:22 | 000,012,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/29 14:52:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/29 08:10:01 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/29 08:10:01 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/29 08:05:18 | 000,299,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/29 08:04:33 | 2616,684,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/28 20:42:48 | 000,000,075 | ---- | M] () -- C:\Windows\HHManager.INI
[2011/11/28 17:06:18 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/28 17:00:33 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup.exe
[2011/11/28 16:50:27 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jeremy\Desktop\poo.com.exe
[2011/11/27 19:52:50 | 000,001,867 | ---- | M] () -- C:\Users\Jeremy\Desktop\HH2K3Edit.lnk
[2011/11/27 19:47:44 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\HH 2003.lnk
[2011/11/27 19:35:24 | 001,052,672 | ---- | M] () -- C:\Users\Jeremy\Desktop\HHManager.exe
[2011/11/27 12:22:08 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/26 23:34:41 | 000,001,409 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/26 23:32:58 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/11/26 23:05:48 | 000,041,962 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/11/26 23:03:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/11/26 22:59:07 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

========== Files Created - No Company Name ==========

[2011/11/29 16:09:07 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/11/28 20:42:48 | 000,000,075 | ---- | C] () -- C:\Windows\HHManager.INI
[2011/11/28 17:06:18 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/27 19:52:50 | 000,001,867 | ---- | C] () -- C:\Users\Jeremy\Desktop\HH2K3Edit.lnk
[2011/11/27 19:47:44 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\HH 2003.lnk
[2011/11/27 12:22:08 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/27 12:21:15 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/27 00:33:10 | 000,001,406 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/11/27 00:24:33 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/11/27 00:07:42 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/26 23:40:34 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/26 23:34:41 | 000,001,409 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/26 23:32:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/26 23:28:02 | 000,001,415 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/11/26 23:26:43 | 000,000,290 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/11/26 23:26:43 | 000,000,272 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/11/26 23:05:29 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/26 23:05:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/26 23:03:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,299,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1999/05/21 21:10:00 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll

========== LOP Check ==========

[2011/11/27 19:33:34 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\GlobalSCAPE
[2011/11/10 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Thunderbird
[2011/11/27 11:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Windows Live Writer
[2009/07/13 20:53:46 | 000,003,900 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 01 December 2011 - 12:11 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
elguapo79
Posted 01 December 2011 - 06:32 PM

elguapo79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello Ron. Thanks very much for your help. Please let me know what else I can do.

-Jeremy






COMBO FIX

ComboFix 11-12-01.03 - Jeremy 12/01/2011 16:24:52.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2399 [GMT -8:00]
Running from: c:\users\Jeremy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 00:30 . 2011-12-02 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-02 00:18 . 2011-12-02 00:18 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A172C610-3CE7-4DEC-BFED-36C919FE6572}\MpKslbbe3c489.sys
2011-12-02 00:18 . 2011-12-02 00:18 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A172C610-3CE7-4DEC-BFED-36C919FE6572}\offreg.dll
2011-12-01 05:03 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A172C610-3CE7-4DEC-BFED-36C919FE6572}\mpengine.dll
2011-12-01 01:51 . 2002-10-04 23:04 921600 ----a-w- c:\windows\system32\vorbisenc.dll
2011-12-01 01:51 . 2002-10-06 18:42 237568 ----a-w- c:\windows\system32\OggDS.dll
2011-12-01 01:51 . 2002-10-04 23:04 188416 ----a-w- c:\windows\system32\vorbis.dll
2011-12-01 01:51 . 2002-10-04 23:04 45056 ----a-w- c:\windows\system32\ogg.dll
2011-12-01 01:51 . 2011-12-01 02:18 -------- d-----w- c:\program files\Tennis Elbow 2011
2011-11-30 00:10 . 2011-11-30 00:10 -------- d-----w- c:\windows\system32\SPReview
2011-11-30 00:10 . 2011-11-30 00:10 -------- d-----w- c:\windows\system32\EventProviders
2011-11-29 02:28 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-11-29 02:28 . 2010-11-20 12:21 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-11-29 02:28 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-11-29 02:28 . 2010-11-20 10:24 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-11-29 02:28 . 2010-11-20 12:19 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-11-29 02:28 . 2010-11-20 12:19 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-11-29 02:28 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\system32\d3d10warp.dll
2011-11-29 02:28 . 2010-11-20 12:21 1159168 ----a-w- c:\windows\system32\sysmain.dll
2011-11-29 02:28 . 2010-11-20 12:18 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-11-29 02:28 . 2010-11-20 12:21 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2011-11-29 02:28 . 2010-11-20 12:20 428032 ----a-w- c:\windows\system32\secproc.dll
2011-11-29 02:28 . 2010-11-20 12:17 327168 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-11-29 02:26 . 2010-11-20 12:21 560128 ----a-w- c:\windows\system32\wuapi.dll
2011-11-29 02:25 . 2010-11-20 12:20 236544 ----a-w- c:\windows\system32\pdh.dll
2011-11-29 02:24 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2011-11-29 01:06 . 2011-11-29 01:06 -------- d-----w- c:\programdata\Malwarebytes
2011-11-29 00:46 . 2011-11-29 00:46 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F6D1E91-0143-40AC-91AC-A4CD4AA3B7D0}\gapaengine.dll
2011-11-29 00:46 . 2011-10-18 09:28 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-29 00:31 . 2011-11-29 00:31 -------- d-----w- c:\windows\system32\Wat
2011-11-28 05:08 . 2011-11-28 05:08 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-28 04:23 . 2011-11-28 04:26 -------- d-----w- c:\programdata\OfficeGuardian
2011-11-28 04:14 . 2011-11-28 04:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 04:13 . 2011-11-28 04:13 -------- d-----w- c:\windows\system32\Macromed
2011-11-28 03:44 . 2011-11-28 04:28 -------- d-----w- c:\program files\HH2003
2011-11-28 03:44 . 1998-10-30 00:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-11-28 03:40 . 2011-11-28 03:41 -------- d-----w- c:\program files\HH2K3Edit
2011-11-28 03:40 . 2011-11-28 03:40 -------- d-----w- c:\windows\system32\Database
2011-11-28 03:33 . 2011-11-28 03:33 -------- d-----w- c:\program files\GlobalSCAPE
2011-11-28 03:33 . 2011-11-28 03:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-11-28 03:32 . 2011-11-28 03:32 -------- d-----w- c:\program files\Common Files\InstallShield
2011-11-27 20:21 . 2011-11-27 20:22 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-27 18:09 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-11-27 18:09 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-11-27 18:09 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-11-27 18:09 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-27 18:09 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-27 18:09 . 2010-11-20 12:29 187776 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-11-27 18:09 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-11-27 18:09 . 2011-02-18 05:43 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-11-27 18:08 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-27 18:08 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-27 18:08 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-11-27 18:08 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-11-27 18:08 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-11-27 18:08 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-11-27 18:08 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-11-27 18:08 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-27 18:07 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-27 18:07 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-27 18:07 . 2010-11-20 12:16 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-11-27 18:07 . 2010-11-20 12:16 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-11-27 18:07 . 2010-11-20 12:16 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-11-27 18:07 . 2011-08-13 04:18 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-11-27 18:06 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-11-27 18:06 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-11-27 18:06 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-11-27 18:05 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-11-27 18:05 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-11-27 18:05 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-27 18:05 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-27 18:05 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-11-27 18:05 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-27 18:05 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-27 18:04 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-11-27 18:04 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-11-27 18:04 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-11-27 18:04 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-11-27 18:04 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-11-27 18:04 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-11-27 18:04 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-11-27 18:04 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-11-27 18:04 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-11-27 18:04 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-11-27 18:04 . 2010-11-20 12:17 802304 ----a-w- c:\windows\system32\WFS.exe
2011-11-27 18:02 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-11-27 18:02 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-11-27 18:02 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-11-27 18:02 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-11-27 18:02 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-11-27 18:02 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-11-27 18:01 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-11-27 18:01 . 2010-11-20 12:18 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-11-27 18:00 . 2011-04-29 04:57 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-11-27 18:00 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-11-27 18:00 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-11-27 17:59 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-11-27 17:58 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-11-27 17:58 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-11-27 17:51 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-11-27 17:51 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-11-27 17:51 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
2011-11-27 14:28 . 2011-11-29 04:52 -------- d-----w- c:\program files\Microsoft Works
2011-11-27 14:28 . 2011-11-27 14:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-11-27 14:28 . 2011-11-28 14:54 -------- d-----w- c:\program files\Microsoft.NET
2011-11-27 14:27 . 2011-11-30 00:17 -------- d-----w- c:\programdata\Microsoft Help
2011-11-27 08:31 . 2011-11-27 08:31 -------- d-----w- c:\windows\PCHEALTH
2011-11-27 08:30 . 2011-11-27 08:35 -------- d-----w- c:\program files\Windows Live
2011-11-27 08:27 . 2011-11-27 08:27 -------- d-----w- c:\program files\Common Files\Windows Live
2011-11-27 08:24 . 2011-11-27 08:24 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-11-27 08:22 . 2011-11-27 08:23 -------- d-----w- c:\users\Administrator
2011-11-27 08:08 . 2011-11-27 08:08 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-27 08:08 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-27 08:08 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-11-27 08:08 . 2011-11-27 08:08 -------- d-----w- c:\program files\iPod
2011-11-27 08:08 . 2011-11-27 08:08 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-11-27 08:08 . 2011-11-27 08:08 -------- d-----w- c:\program files\iTunes
2011-11-27 08:08 . 2011-11-27 08:08 -------- d-----w- c:\programdata\Apple Computer
2011-11-27 08:07 . 2011-11-27 08:07 -------- d-----w- c:\program files\Apple Software Update
2011-11-27 08:07 . 2011-11-27 08:07 -------- d-----w- c:\program files\Bonjour
2011-11-27 08:07 . 2011-11-27 08:08 -------- d-----w- c:\program files\Common Files\Apple
2011-11-27 08:07 . 2011-11-27 08:07 -------- d-----w- c:\programdata\Apple
2011-11-27 08:06 . 2011-11-30 11:03 -------- d-sh--w- c:\windows\Installer
2011-11-27 07:51 . 2011-10-18 09:28 6668624 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA3EBB98-2FC6-4EFF-9878-F10CEC8068F3}\mpengine.dll
2011-11-27 07:51 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 01:02 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-27 08:30 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-21 04:04 . 2011-11-27 07:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-28 1343400]
S1 MpKslbbe3c489;MpKslbbe3c489;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A172C610-3CE7-4DEC-BFED-36C919FE6572}\MpKslbbe3c489.sys [2011-12-02 29904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-13 1394688]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLBBE3C489
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0h6vjgzo.default\
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4161522495-445291333-3517567993-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-4161522495-445291333-3517567993-1001)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-4161522495-445291333-3517567993-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-01 16:32:58
ComboFix-quarantined-files.txt 2011-12-02 00:32
.
Pre-Run: 115,000,963,072 bytes free
Post-Run: 115,212,210,176 bytes free
.
- - End Of File - - 2C9C315CCC09BCCF23574593A7CBD2D5






TDSKILLER

19:02:27.0580 3208 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
19:02:28.0095 3208 ============================================================
19:02:28.0095 3208 Current date / time: 2011/12/01 19:02:28.0095
19:02:28.0095 3208 SystemInfo:
19:02:28.0095 3208
19:02:28.0095 3208 OS Version: 6.1.7601 ServicePack: 1.0
19:02:28.0095 3208 Product type: Workstation
19:02:28.0095 3208 ComputerName: HPDESKTOPJDP
19:02:28.0095 3208 UserName: Jeremy
19:02:28.0095 3208 Windows directory: C:\Windows
19:02:28.0095 3208 System windows directory: C:\Windows
19:02:28.0095 3208 Processor architecture: Intel x86
19:02:28.0095 3208 Number of processors: 2
19:02:28.0095 3208 Page size: 0x1000
19:02:28.0095 3208 Boot type: Normal boot
19:02:28.0095 3208 ============================================================
19:02:29.0125 3208 Initialize success
19:02:31.0480 2204 ============================================================
19:02:31.0480 2204 Scan started
19:02:31.0480 2204 Mode: Manual;
19:02:31.0480 2204 ============================================================
19:02:32.0323 2204 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:02:32.0323 2204 1394ohci - ok
19:02:32.0354 2204 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:02:32.0354 2204 ACPI - ok
19:02:32.0385 2204 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:02:32.0385 2204 AcpiPmi - ok
19:02:32.0510 2204 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:02:32.0510 2204 adp94xx - ok
19:02:32.0510 2204 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:02:32.0525 2204 adpahci - ok
19:02:32.0525 2204 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:02:32.0525 2204 adpu320 - ok
19:02:32.0588 2204 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:02:32.0603 2204 AFD - ok
19:02:32.0666 2204 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:02:32.0666 2204 agp440 - ok
19:02:32.0744 2204 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:02:32.0744 2204 aic78xx - ok
19:02:32.0822 2204 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:02:32.0822 2204 aliide - ok
19:02:32.0853 2204 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:02:32.0853 2204 amdagp - ok
19:02:32.0884 2204 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:02:32.0884 2204 amdide - ok
19:02:32.0978 2204 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:02:32.0978 2204 AmdK8 - ok
19:02:33.0196 2204 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
19:02:33.0243 2204 amdkmdag - ok
19:02:33.0352 2204 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
19:02:33.0352 2204 amdkmdap - ok
19:02:33.0415 2204 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:02:33.0415 2204 AmdPPM - ok
19:02:33.0446 2204 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:02:33.0446 2204 amdsata - ok
19:02:33.0461 2204 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:02:33.0461 2204 amdsbs - ok
19:02:33.0477 2204 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:02:33.0477 2204 amdxata - ok
19:02:33.0571 2204 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:02:33.0571 2204 AppID - ok
19:02:33.0711 2204 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:02:33.0711 2204 arc - ok
19:02:33.0727 2204 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:02:33.0727 2204 arcsas - ok
19:02:33.0742 2204 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:02:33.0742 2204 AsyncMac - ok
19:02:33.0805 2204 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:02:33.0805 2204 atapi - ok
19:02:33.0929 2204 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:02:33.0929 2204 b06bdrv - ok
19:02:33.0976 2204 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:02:33.0976 2204 b57nd60x - ok
19:02:33.0992 2204 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:02:33.0992 2204 Beep - ok
19:02:34.0070 2204 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:02:34.0070 2204 blbdrive - ok
19:02:34.0163 2204 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:02:34.0179 2204 bowser - ok
19:02:34.0195 2204 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:02:34.0195 2204 BrFiltLo - ok
19:02:34.0210 2204 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:02:34.0210 2204 BrFiltUp - ok
19:02:34.0288 2204 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:02:34.0288 2204 Brserid - ok
19:02:34.0319 2204 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:02:34.0319 2204 BrSerWdm - ok
19:02:34.0335 2204 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:02:34.0335 2204 BrUsbMdm - ok
19:02:34.0366 2204 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:02:34.0366 2204 BrUsbSer - ok
19:02:34.0382 2204 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:02:34.0382 2204 BTHMODEM - ok
19:02:34.0491 2204 catchme - ok
19:02:34.0616 2204 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:02:34.0616 2204 cdfs - ok
19:02:34.0663 2204 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:02:34.0663 2204 cdrom - ok
19:02:34.0772 2204 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:02:34.0772 2204 circlass - ok
19:02:34.0834 2204 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:02:34.0834 2204 CLFS - ok
19:02:34.0975 2204 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:02:34.0975 2204 CmBatt - ok
19:02:35.0006 2204 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:02:35.0006 2204 cmdide - ok
19:02:35.0021 2204 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
19:02:35.0021 2204 CNG - ok
19:02:35.0021 2204 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:02:35.0021 2204 Compbatt - ok
19:02:35.0068 2204 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:02:35.0068 2204 CompositeBus - ok
19:02:35.0177 2204 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:02:35.0177 2204 crcdisk - ok
19:02:35.0224 2204 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:02:35.0224 2204 DfsC - ok
19:02:35.0240 2204 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:02:35.0240 2204 discache - ok
19:02:35.0365 2204 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:02:35.0365 2204 Disk - ok
19:02:35.0443 2204 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:02:35.0443 2204 drmkaud - ok
19:02:35.0583 2204 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:02:35.0583 2204 DXGKrnl - ok
19:02:35.0786 2204 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
19:02:35.0786 2204 e1express - ok
19:02:35.0911 2204 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:02:35.0926 2204 ebdrv - ok
19:02:36.0035 2204 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:02:36.0035 2204 elxstor - ok
19:02:36.0067 2204 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:02:36.0067 2204 ErrDev - ok
19:02:36.0113 2204 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:02:36.0113 2204 exfat - ok
19:02:36.0223 2204 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:02:36.0223 2204 fastfat - ok
19:02:36.0269 2204 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:02:36.0269 2204 fdc - ok
19:02:36.0285 2204 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:02:36.0285 2204 FileInfo - ok
19:02:36.0285 2204 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:02:36.0285 2204 Filetrace - ok
19:02:36.0301 2204 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:02:36.0301 2204 flpydisk - ok
19:02:36.0316 2204 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:02:36.0316 2204 FltMgr - ok
19:02:36.0332 2204 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:02:36.0332 2204 FsDepends - ok
19:02:36.0332 2204 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:02:36.0332 2204 Fs_Rec - ok
19:02:36.0363 2204 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:02:36.0363 2204 fvevol - ok
19:02:36.0457 2204 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:02:36.0457 2204 gagp30kx - ok
19:02:36.0488 2204 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:02:36.0488 2204 GEARAspiWDM - ok
19:02:36.0581 2204 HCW85BDA (89364cc2a694364f4aa148b7cb802d57) C:\Windows\system32\drivers\HCW85BDA.sys
19:02:36.0597 2204 HCW85BDA - ok
19:02:36.0691 2204 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:02:36.0691 2204 hcw85cir - ok
19:02:36.0737 2204 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:02:36.0737 2204 HdAudAddService - ok
19:02:36.0769 2204 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:02:36.0769 2204 HDAudBus - ok
19:02:36.0878 2204 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:02:36.0878 2204 HidBatt - ok
19:02:36.0893 2204 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:02:36.0893 2204 HidBth - ok
19:02:36.0909 2204 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:02:36.0909 2204 HidIr - ok
19:02:36.0925 2204 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:02:36.0925 2204 HidUsb - ok
19:02:36.0956 2204 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:02:36.0956 2204 HpSAMD - ok
19:02:37.0049 2204 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:02:37.0049 2204 HTTP - ok
19:02:37.0081 2204 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:02:37.0081 2204 hwpolicy - ok
19:02:37.0174 2204 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:02:37.0174 2204 i8042prt - ok
19:02:37.0205 2204 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:02:37.0205 2204 iaStorV - ok
19:02:37.0268 2204 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:02:37.0268 2204 iirsp - ok
19:02:37.0283 2204 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:02:37.0283 2204 intelide - ok
19:02:37.0346 2204 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:02:37.0346 2204 intelppm - ok
19:02:37.0361 2204 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:02:37.0361 2204 IpFilterDriver - ok
19:02:37.0408 2204 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:02:37.0408 2204 IPMIDRV - ok
19:02:37.0455 2204 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:02:37.0455 2204 IPNAT - ok
19:02:37.0533 2204 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:02:37.0533 2204 IRENUM - ok
19:02:37.0564 2204 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:02:37.0564 2204 isapnp - ok
19:02:37.0580 2204 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:02:37.0595 2204 iScsiPrt - ok
19:02:37.0611 2204 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:02:37.0611 2204 kbdclass - ok
19:02:37.0689 2204 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:02:37.0689 2204 kbdhid - ok
19:02:37.0720 2204 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
19:02:37.0720 2204 KSecDD - ok
19:02:37.0783 2204 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
19:02:37.0783 2204 KSecPkg - ok
19:02:37.0861 2204 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:02:37.0861 2204 lltdio - ok
19:02:37.0876 2204 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:02:37.0876 2204 LSI_FC - ok
19:02:37.0892 2204 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:02:37.0892 2204 LSI_SAS - ok
19:02:37.0907 2204 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:02:37.0907 2204 LSI_SAS2 - ok
19:02:37.0923 2204 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:02:37.0923 2204 LSI_SCSI - ok
19:02:37.0954 2204 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:02:37.0954 2204 luafv - ok
19:02:38.0048 2204 MBAMSwissArmy - ok
19:02:38.0063 2204 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:02:38.0063 2204 megasas - ok
19:02:38.0079 2204 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:02:38.0079 2204 MegaSR - ok
19:02:38.0095 2204 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:02:38.0095 2204 Modem - ok
19:02:38.0126 2204 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:02:38.0126 2204 monitor - ok
19:02:38.0173 2204 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:02:38.0173 2204 mouclass - ok
19:02:38.0251 2204 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:02:38.0251 2204 mouhid - ok
19:02:38.0282 2204 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:02:38.0282 2204 mountmgr - ok
19:02:38.0313 2204 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
19:02:38.0313 2204 MpFilter - ok
19:02:38.0391 2204 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:02:38.0391 2204 mpio - ok
19:02:38.0453 2204 MpKslbbe3c489 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A172C610-3CE7-4DEC-BFED-36C919FE6572}\MpKslbbe3c489.sys
19:02:38.0453 2204 MpKslbbe3c489 - ok
19:02:38.0485 2204 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:02:38.0485 2204 MpNWMon - ok
19:02:38.0578 2204 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:02:38.0578 2204 mpsdrv - ok
19:02:38.0609 2204 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:02:38.0609 2204 MRxDAV - ok
19:02:38.0672 2204 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:02:38.0672 2204 mrxsmb - ok
19:02:38.0687 2204 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:02:38.0687 2204 mrxsmb10 - ok
19:02:38.0719 2204 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:02:38.0719 2204 mrxsmb20 - ok
19:02:38.0781 2204 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:02:38.0781 2204 msahci - ok
19:02:38.0812 2204 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:02:38.0812 2204 msdsm - ok
19:02:38.0859 2204 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:02:38.0859 2204 Msfs - ok
19:02:38.0875 2204 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:02:38.0875 2204 mshidkmdf - ok
19:02:38.0890 2204 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:02:38.0890 2204 msisadrv - ok
19:02:38.0968 2204 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:02:38.0968 2204 MSKSSRV - ok
19:02:39.0031 2204 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:02:39.0031 2204 MSPCLOCK - ok
19:02:39.0046 2204 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:02:39.0046 2204 MSPQM - ok
19:02:39.0062 2204 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:02:39.0062 2204 MsRPC - ok
19:02:39.0093 2204 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:02:39.0093 2204 mssmbios - ok
19:02:39.0155 2204 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:02:39.0155 2204 MSTEE - ok
19:02:39.0218 2204 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:02:39.0218 2204 MTConfig - ok
19:02:39.0218 2204 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:02:39.0233 2204 Mup - ok
19:02:39.0265 2204 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:02:39.0265 2204 NativeWifiP - ok
19:02:39.0296 2204 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:02:39.0311 2204 NDIS - ok
19:02:39.0405 2204 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:02:39.0405 2204 NdisCap - ok
19:02:39.0421 2204 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:02:39.0421 2204 NdisTapi - ok
19:02:39.0467 2204 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:02:39.0483 2204 Ndisuio - ok
19:02:39.0499 2204 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:02:39.0499 2204 NdisWan - ok
19:02:39.0592 2204 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:02:39.0592 2204 NDProxy - ok
19:02:39.0655 2204 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:02:39.0655 2204 NetBIOS - ok
19:02:39.0686 2204 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:02:39.0686 2204 NetBT - ok
19:02:39.0764 2204 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:02:39.0764 2204 nfrd960 - ok
19:02:39.0795 2204 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:02:39.0795 2204 NisDrv - ok
19:02:39.0842 2204 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:02:39.0842 2204 Npfs - ok
19:02:39.0857 2204 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:02:39.0857 2204 nsiproxy - ok
19:02:39.0920 2204 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:02:39.0920 2204 Ntfs - ok
19:02:40.0013 2204 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:02:40.0013 2204 Null - ok
19:02:40.0060 2204 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:02:40.0060 2204 nvraid - ok
19:02:40.0076 2204 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:02:40.0076 2204 nvstor - ok
19:02:40.0091 2204 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:02:40.0091 2204 nv_agp - ok
19:02:40.0169 2204 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:02:40.0185 2204 ohci1394 - ok
19:02:40.0232 2204 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:02:40.0232 2204 Parport - ok
19:02:40.0263 2204 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:02:40.0263 2204 partmgr - ok
19:02:40.0279 2204 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:02:40.0279 2204 Parvdm - ok
19:02:40.0357 2204 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:02:40.0357 2204 pci - ok
19:02:40.0388 2204 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:02:40.0388 2204 pciide - ok
19:02:40.0435 2204 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:02:40.0435 2204 pcmcia - ok
19:02:40.0450 2204 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:02:40.0450 2204 pcw - ok
19:02:40.0466 2204 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:02:40.0466 2204 PEAUTH - ok
19:02:40.0575 2204 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:02:40.0575 2204 PptpMiniport - ok
19:02:40.0575 2204 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:02:40.0575 2204 Processor - ok
19:02:40.0637 2204 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:02:40.0637 2204 Psched - ok
19:02:40.0700 2204 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:02:40.0715 2204 ql2300 - ok
19:02:40.0793 2204 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:02:40.0793 2204 ql40xx - ok
19:02:40.0918 2204 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:02:40.0918 2204 QWAVEdrv - ok
19:02:40.0934 2204 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:02:40.0934 2204 RasAcd - ok
19:02:40.0996 2204 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:02:40.0996 2204 RasAgileVpn - ok
19:02:41.0012 2204 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:02:41.0012 2204 Rasl2tp - ok
19:02:41.0027 2204 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:02:41.0027 2204 RasPppoe - ok
19:02:41.0090 2204 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:02:41.0090 2204 RasSstp - ok
19:02:41.0137 2204 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:02:41.0137 2204 rdbss - ok
19:02:41.0168 2204 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:02:41.0168 2204 rdpbus - ok
19:02:41.0215 2204 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:02:41.0215 2204 RDPCDD - ok
19:02:41.0277 2204 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:02:41.0277 2204 RDPENCDD - ok
19:02:41.0308 2204 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:02:41.0308 2204 RDPREFMP - ok
19:02:41.0339 2204 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
19:02:41.0339 2204 RDPWD - ok
19:02:41.0417 2204 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:02:41.0417 2204 rdyboost - ok
19:02:41.0511 2204 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:02:41.0511 2204 rspndr - ok
19:02:41.0589 2204 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:02:41.0589 2204 sbp2port - ok
19:02:41.0636 2204 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:02:41.0636 2204 scfilter - ok
19:02:41.0714 2204 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:02:41.0714 2204 secdrv - ok
19:02:41.0776 2204 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:02:41.0776 2204 Serenum - ok
19:02:41.0776 2204 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:02:41.0792 2204 Serial - ok
19:02:41.0807 2204 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:02:41.0807 2204 sermouse - ok
19:02:41.0839 2204 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:02:41.0839 2204 sffdisk - ok
19:02:41.0854 2204 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:02:41.0854 2204 sffp_mmc - ok
19:02:41.0870 2204 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:02:41.0870 2204 sffp_sd - ok
19:02:41.0963 2204 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:02:41.0963 2204 sfloppy - ok
19:02:41.0995 2204 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:02:42.0010 2204 sisagp - ok
19:02:42.0026 2204 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:02:42.0026 2204 SiSRaid2 - ok
19:02:42.0041 2204 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:02:42.0041 2204 SiSRaid4 - ok
19:02:42.0151 2204 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:02:42.0151 2204 Smb - ok
19:02:42.0166 2204 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:02:42.0166 2204 spldr - ok
19:02:42.0229 2204 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:02:42.0229 2204 srv - ok
19:02:42.0260 2204 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:02:42.0260 2204 srv2 - ok
19:02:42.0353 2204 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:02:42.0353 2204 srvnet - ok
19:02:42.0431 2204 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:02:42.0431 2204 stexstor - ok
19:02:42.0478 2204 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:02:42.0478 2204 swenum - ok
19:02:42.0603 2204 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:02:42.0619 2204 Tcpip - ok
19:02:42.0650 2204 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:02:42.0650 2204 TCPIP6 - ok
19:02:42.0681 2204 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:02:42.0681 2204 tcpipreg - ok
19:02:42.0743 2204 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:02:42.0743 2204 TDPIPE - ok
19:02:42.0759 2204 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
19:02:42.0759 2204 TDTCP - ok
19:02:42.0790 2204 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:02:42.0790 2204 tdx - ok
19:02:42.0837 2204 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:02:42.0837 2204 TermDD - ok
19:02:42.0931 2204 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:02:42.0931 2204 tssecsrv - ok
19:02:42.0977 2204 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:02:42.0977 2204 TsUsbFlt - ok
19:02:43.0055 2204 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:02:43.0055 2204 tunnel - ok
19:02:43.0118 2204 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:02:43.0118 2204 uagp35 - ok
19:02:43.0149 2204 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:02:43.0149 2204 udfs - ok
19:02:43.0227 2204 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:02:43.0227 2204 uliagpkx - ok
19:02:43.0289 2204 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:02:43.0289 2204 umbus - ok
19:02:43.0336 2204 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:02:43.0336 2204 UmPass - ok
19:02:43.0399 2204 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
19:02:43.0399 2204 usbccgp - ok
19:02:43.0445 2204 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:02:43.0445 2204 usbcir - ok
19:02:43.0477 2204 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:02:43.0477 2204 usbehci - ok
19:02:43.0555 2204 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:02:43.0555 2204 usbhub - ok
19:02:43.0570 2204 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
19:02:43.0570 2204 usbohci - ok
19:02:43.0633 2204 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:02:43.0633 2204 usbprint - ok
19:02:43.0648 2204 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
19:02:43.0648 2204 USBSTOR - ok
19:02:43.0711 2204 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:02:43.0711 2204 usbuhci - ok
19:02:43.0742 2204 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:02:43.0742 2204 vdrvroot - ok
19:02:43.0804 2204 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:02:43.0804 2204 vga - ok
19:02:43.0851 2204 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:02:43.0851 2204 VgaSave - ok
19:02:43.0882 2204 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:02:43.0882 2204 vhdmp - ok
19:02:43.0913 2204 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:02:43.0913 2204 viaagp - ok
19:02:43.0976 2204 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:02:43.0976 2204 ViaC7 - ok
19:02:44.0038 2204 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:02:44.0038 2204 viaide - ok
19:02:44.0054 2204 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:02:44.0054 2204 volmgr - ok
19:02:44.0085 2204 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:02:44.0085 2204 volmgrx - ok
19:02:44.0116 2204 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:02:44.0116 2204 volsnap - ok
19:02:44.0194 2204 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:02:44.0194 2204 vsmraid - ok
19:02:44.0210 2204 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:02:44.0210 2204 vwifibus - ok
19:02:44.0225 2204 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:02:44.0225 2204 WacomPen - ok
19:02:44.0272 2204 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:02:44.0272 2204 WANARP - ok
19:02:44.0288 2204 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:02:44.0288 2204 Wanarpv6 - ok
19:02:44.0319 2204 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:02:44.0319 2204 Wd - ok
19:02:44.0428 2204 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:02:44.0428 2204 Wdf01000 - ok
19:02:44.0475 2204 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:02:44.0475 2204 WfpLwf - ok
19:02:44.0491 2204 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:02:44.0491 2204 WIMMount - ok
19:02:44.0600 2204 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:02:44.0600 2204 WmiAcpi - ok
19:02:44.0678 2204 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:02:44.0678 2204 ws2ifsl - ok
19:02:44.0693 2204 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:02:44.0709 2204 WudfPf - ok
19:02:44.0771 2204 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:02:44.0771 2204 WUDFRd - ok
19:02:44.0803 2204 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:02:44.0803 2204 \Device\Harddisk0\DR0 - ok
19:02:44.0803 2204 Boot (0x1200) (280f406c68afbce5502ce3229a2e7e47) \Device\Harddisk0\DR0\Partition0
19:02:44.0803 2204 \Device\Harddisk0\DR0\Partition0 - ok
19:02:44.0834 2204 Boot (0x1200) (52537955046b2a54fb37977d3099b40e) \Device\Harddisk0\DR0\Partition1
19:02:44.0834 2204 \Device\Harddisk0\DR0\Partition1 - ok
19:02:44.0834 2204 ============================================================
19:02:44.0834 2204 Scan finished
19:02:44.0834 2204 ============================================================
19:02:44.0849 3464 Detected object count: 0
19:02:44.0849 3464 Actual detected object count: 0
19:02:59.0560 3480 Deinitialize success










aswMBR (Fix was NOT enabled)

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-01 19:08:07
-----------------------------
19:08:07.292 OS Version: Windows 6.1.7601 Service Pack 1
19:08:07.292 Number of processors: 2 586 0xF0B
19:08:07.292 ComputerName: HPDESKTOPJDP UserName: Jeremy
19:08:08.602 Initialize success
19:11:15.835 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:11:15.835 Disk 0 Vendor: Hitachi_ V5DO Size: 238475MB BusType: 8
19:11:15.851 Disk 0 MBR read successfully
19:11:15.851 Disk 0 MBR scan
19:11:15.851 Disk 0 Windows 7 default MBR code
19:11:15.867 Disk 0 scanning sectors +488397152
19:11:15.945 Disk 0 scanning C:\Windows\system32\drivers
19:11:21.061 Service scanning
19:11:21.607 Service MpKslbbe3c489 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A172C610-3CE7-4DEC-BFED-36C919FE6572}\MpKslbbe3c489.sys **LOCKED** 32
19:11:21.623 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:11:22.216 Modules scanning
19:11:32.262 Scan finished successfully
19:11:47.503 Disk 0 MBR has been saved successfully to "C:\Users\Jeremy\Desktop\MBR.dat"
19:11:47.503 The log file has been saved successfully to "C:\Users\Jeremy\Desktop\aswMBR.txt"










Malware Bytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8288

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/1/2011 7:18:52 PM
mbam-log-2011-12-01 (19-18-52).txt

Scan type: Quick scan
Objects scanned: 171857
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)












OTL

OTL logfile created on: 12/1/2011 7:24:38 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeremy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 79.41% Memory free
6.50 Gb Paging File | 5.62 Gb Available in Paging File | 86.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.30 Gb Total Space | 107.30 Gb Free Space | 48.27% Space Free | Partition Type: NTFS
Drive D: | 10.58 Gb Total Space | 1.25 Gb Free Space | 11.77% Space Free | Partition Type: NTFS

Computer Name: HPDESKTOPJDP | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/29 16:10:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 07:16:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/01 16:18:46 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A172C610-3CE7-4DEC-BFED-36C919FE6572}\MpKslbbe3c489.sys -- (MpKslbbe3c489)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/07/13 15:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 14:54:14 | 001,394,688 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/07/13 14:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF CA 05 09 D7 AC CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://espn.go.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/26 23:40:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/27 00:24:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/11/26 23:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
[2011/11/27 13:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0h6vjgzo.default\extensions
[2011/11/27 13:39:15 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0h6vjgzo.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2011/11/26 23:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0H6VJGZO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0H6VJGZO.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0H6VJGZO.DEFAULT\EXTENSIONS\[email protected]
[2011/11/20 20:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 17:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 17:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E59BAEF-8F98-4249-A52B-C178C3FB010B}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 19:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/01 19:15:11 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/01 19:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/01 19:13:38 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/01 19:05:33 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Jeremy\Desktop\aswMBR.exe
[2011/12/01 19:01:50 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jeremy\Desktop\tdsskiller.exe
[2011/12/01 16:33:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/01 16:23:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/01 16:23:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/01 16:23:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/01 16:22:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/01 16:20:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/01 16:16:16 | 004,324,789 | R--- | C] (Swearware) -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2011/12/01 07:18:29 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{DF0C5742-792A-4981-ADD6-A1EC6D840A59}
[2011/12/01 07:18:15 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{21FA6486-5181-4F21-9AE5-399D27B8C4E2}
[2011/11/30 20:55:11 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\New folder
[2011/11/30 17:51:23 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tennis Elbow 2011
[2011/11/30 17:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tennis Elbow 2011
[2011/11/30 17:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Tennis Elbow 2011
[2011/11/30 14:39:32 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{F2A1E75D-7421-4876-BD7D-F53E33E19234}
[2011/11/30 14:39:20 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{6FE1DA0E-2279-467B-BAF2-91D4A6D20BF7}
[2011/11/29 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{1D6BC83E-B3DA-4211-ACCE-19F068754EB7}
[2011/11/29 21:20:32 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{F55CC802-5AB5-49CE-9FEE-A7C5BA702C50}
[2011/11/29 21:20:32 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{11D9E2F7-3645-4421-A1D4-94E610830B1A}
[2011/11/29 16:10:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/11/29 16:10:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/11/29 16:10:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/11/29 08:50:45 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/11/29 08:50:45 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/11/29 08:50:41 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/11/29 08:50:41 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/11/29 08:07:29 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{DEA203FE-9254-4B0D-A4E6-321F8A870063}
[2011/11/29 08:06:53 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{802F77F9-9324-4EBA-8613-F41116540C76}
[2011/11/28 18:28:11 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2011/11/28 18:28:11 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011/11/28 18:28:07 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/11/28 18:28:07 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/11/28 18:28:07 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/11/28 18:28:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/11/28 18:28:03 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/11/28 18:28:01 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/11/28 18:28:01 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/28 18:27:59 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/28 18:27:58 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011/11/28 18:27:56 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/11/28 18:27:55 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/11/28 18:27:55 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/11/28 18:27:52 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/11/28 18:27:52 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/11/28 18:27:49 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011/11/28 18:27:48 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2011/11/28 18:27:45 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/11/28 18:27:43 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011/11/28 18:27:43 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/11/28 18:27:42 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/11/28 18:27:40 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011/11/28 18:27:40 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011/11/28 18:27:39 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011/11/28 18:27:37 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2011/11/28 18:27:37 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011/11/28 18:27:36 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/11/28 18:27:36 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/11/28 18:27:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2011/11/28 18:27:35 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/11/28 18:27:35 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2011/11/28 18:27:34 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/11/28 18:27:34 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2011/11/28 18:27:32 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011/11/28 18:27:32 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/11/28 18:27:30 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/11/28 18:27:30 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/11/28 18:27:28 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011/11/28 18:27:28 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2011/11/28 18:27:28 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/11/28 18:27:27 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011/11/28 18:27:26 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011/11/28 18:27:26 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2011/11/28 18:27:26 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/11/28 18:27:25 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/11/28 18:27:24 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011/11/28 18:27:24 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/11/28 18:27:23 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/11/28 18:27:23 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/11/28 18:27:23 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011/11/28 18:27:22 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2011/11/28 18:27:21 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/11/28 18:27:20 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2011/11/28 18:27:20 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2011/11/28 18:27:19 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/11/28 18:27:18 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/11/28 18:27:18 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2011/11/28 18:27:18 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011/11/28 18:27:18 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/11/28 18:27:18 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/11/28 18:27:18 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2011/11/28 18:27:15 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/11/28 18:27:15 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/11/28 18:27:15 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011/11/28 18:27:14 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/11/28 18:27:14 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011/11/28 18:27:14 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/11/28 18:27:13 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/11/28 18:27:13 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2011/11/28 18:27:12 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011/11/28 18:27:12 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2011/11/28 18:27:11 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/11/28 18:27:11 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/11/28 18:27:10 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2011/11/28 18:27:10 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/11/28 18:27:09 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2011/11/28 18:27:08 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2011/11/28 18:27:06 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/11/28 18:27:06 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/11/28 18:27:06 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/11/28 18:27:06 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2011/11/28 18:27:06 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/11/28 18:27:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011/11/28 18:27:06 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2011/11/28 18:27:04 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/11/28 18:27:04 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011/11/28 18:27:04 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011/11/28 18:27:03 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011/11/28 18:27:03 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2011/11/28 18:27:03 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011/11/28 18:27:02 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011/11/28 18:27:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/11/28 18:27:02 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/11/28 18:27:01 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011/11/28 18:27:01 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2011/11/28 18:27:00 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011/11/28 18:27:00 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2011/11/28 18:27:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2011/11/28 18:26:59 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2011/11/28 18:26:59 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011/11/28 18:26:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/11/28 18:26:57 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011/11/28 18:26:56 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2011/11/28 18:26:56 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2011/11/28 18:26:56 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011/11/28 18:26:56 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/11/28 18:26:56 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2011/11/28 18:26:55 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2011/11/28 18:26:55 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2011/11/28 18:26:54 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/11/28 18:26:54 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2011/11/28 18:26:53 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2011/11/28 18:26:52 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2011/11/28 18:26:52 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2011/11/28 18:26:52 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011/11/28 18:26:52 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2011/11/28 18:26:52 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011/11/28 18:26:51 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2011/11/28 18:26:51 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2011/11/28 18:26:51 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/11/28 18:26:51 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/11/28 18:26:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/11/28 18:26:50 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011/11/28 18:26:50 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011/11/28 18:26:50 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/11/28 18:26:50 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011/11/28 18:26:50 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011/11/28 18:26:49 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011/11/28 18:26:49 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/11/28 18:26:49 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011/11/28 18:26:49 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011/11/28 18:26:49 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2011/11/28 18:26:49 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/11/28 18:26:49 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/11/28 18:26:48 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/11/28 18:26:48 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011/11/28 18:26:48 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/11/28 18:26:47 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/11/28 18:26:47 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2011/11/28 18:26:47 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2011/11/28 18:26:46 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011/11/28 18:26:46 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2011/11/28 18:26:45 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011/11/28 18:26:44 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/11/28 18:26:44 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2011/11/28 18:26:44 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011/11/28 18:26:44 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2011/11/28 18:26:43 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011/11/28 18:26:43 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/11/28 18:26:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/11/28 18:26:42 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2011/11/28 18:26:42 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/11/28 18:26:41 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2011/11/28 18:26:41 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/11/28 18:26:40 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2011/11/28 18:26:40 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2011/11/28 18:26:40 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2011/11/28 18:26:40 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2011/11/28 18:26:40 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/11/28 18:26:40 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2011/11/28 18:26:39 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/11/28 18:26:39 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2011/11/28 18:26:38 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011/11/28 18:26:38 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2011/11/28 18:26:38 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2011/11/28 18:26:38 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011/11/28 18:26:37 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2011/11/28 18:26:37 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/11/28 18:26:37 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2011/11/28 18:26:36 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2011/11/28 18:26:36 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011/11/28 18:26:36 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2011/11/28 18:26:35 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011/11/28 18:26:35 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/11/28 18:26:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2011/11/28 18:26:34 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011/11/28 18:26:34 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2011/11/28 18:26:32 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011/11/28 18:26:32 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2011/11/28 18:26:32 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2011/11/28 18:26:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2011/11/28 18:26:32 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/11/28 18:26:32 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011/11/28 18:26:31 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011/11/28 18:26:31 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011/11/28 18:26:31 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011/11/28 18:26:31 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011/11/28 18:26:31 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/11/28 18:26:31 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2011/11/28 18:26:30 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011/11/28 18:26:30 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/11/28 18:26:30 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2011/11/28 18:26:30 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/11/28 18:26:30 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/11/28 18:26:30 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2011/11/28 18:26:30 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/11/28 18:26:29 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011/11/28 18:26:29 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2011/11/28 18:26:29 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2011/11/28 18:26:29 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2011/11/28 18:26:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2011/11/28 18:26:28 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/11/28 18:26:28 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011/11/28 18:26:27 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2011/11/28 18:26:27 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2011/11/28 18:26:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2011/11/28 18:26:26 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011/11/28 18:26:26 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2011/11/28 18:26:26 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/11/28 18:26:26 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/11/28 18:26:26 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2011/11/28 18:26:25 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011/11/28 18:26:25 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2011/11/28 18:26:25 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2011/11/28 18:26:25 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2011/11/28 18:26:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011/11/28 18:26:24 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2011/11/28 18:26:24 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011/11/28 18:26:24 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2011/11/28 18:26:24 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011/11/28 18:26:24 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2011/11/28 18:26:23 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2011/11/28 18:26:23 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2011/11/28 18:26:23 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2011/11/28 18:26:23 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2011/11/28 18:26:23 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011/11/28 18:26:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011/11/28 18:26:22 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011/11/28 18:26:22 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2011/11/28 18:26:22 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/11/28 18:26:22 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/11/28 18:26:21 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/11/28 18:26:21 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011/11/28 18:26:21 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2011/11/28 18:26:21 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2011/11/28 18:26:20 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2011/11/28 18:26:20 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2011/11/28 18:26:20 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2011/11/28 18:26:20 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2011/11/28 18:26:20 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011/11/28 18:26:20 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2011/11/28 18:26:20 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/11/28 18:26:19 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/11/28 18:26:19 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2011/11/28 18:26:19 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/11/28 18:26:19 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2011/11/28 18:26:19 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011/11/28 18:26:18 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2011/11/28 18:26:18 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/11/28 18:26:18 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/11/28 18:26:18 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011/11/28 18:26:18 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2011/11/28 18:26:17 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2011/11/28 18:26:17 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011/11/28 18:26:17 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/11/28 18:26:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011/11/28 18:26:17 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2011/11/28 18:26:16 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011/11/28 18:26:16 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/11/28 18:26:16 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2011/11/28 18:26:16 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2011/11/28 18:26:15 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2011/11/28 18:26:15 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2011/11/28 18:26:15 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011/11/28 18:26:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2011/11/28 18:26:15 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/11/28 18:26:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2011/11/28 18:26:14 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2011/11/28 18:26:14 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/11/28 18:26:14 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2011/11/28 18:26:14 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/11/28 18:26:13 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011/11/28 18:26:13 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/11/28 18:26:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2011/11/28 18:26:13 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2011/11/28 18:26:13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/11/28 18:26:12 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/11/28 18:26:12 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2011/11/28 18:26:12 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011/11/28 18:26:12 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2011/11/28 18:26:11 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2011/11/28 18:26:11 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2011/11/28 18:26:11 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/11/28 18:26:10 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/11/28 18:26:10 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2011/11/28 18:26:09 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011/11/28 18:26:09 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2011/11/28 18:26:09 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/11/28 18:26:09 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2011/11/28 18:26:09 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2011/11/28 18:26:09 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/11/28 18:26:09 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/11/28 18:26:08 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2011/11/28 18:26:08 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2011/11/28 18:26:08 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2011/11/28 18:26:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/11/28 18:26:07 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011/11/28 18:26:07 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2011/11/28 18:26:07 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/11/28 18:26:07 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/11/28 18:26:07 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/11/28 18:26:06 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011/11/28 18:26:06 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2011/11/28 18:26:06 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/11/28 18:26:06 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011/11/28 18:26:06 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2011/11/28 18:26:05 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011/11/28 18:26:05 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011/11/28 18:26:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/11/28 18:26:05 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2011/11/28 18:26:04 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2011/11/28 18:26:04 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2011/11/28 18:26:04 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2011/11/28 18:26:04 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2011/11/28 18:26:04 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2011/11/28 18:26:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2011/11/28 18:26:03 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2011/11/28 18:26:03 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/11/28 18:26:03 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2011/11/28 18:26:03 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2011/11/28 18:26:03 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/11/28 18:26:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/11/28 18:26:03 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/11/28 18:26:02 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011/11/28 18:26:02 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2011/11/28 18:26:02 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/11/28 18:26:02 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/11/28 18:26:02 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2011/11/28 18:26:01 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2011/11/28 18:26:01 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/11/28 18:26:01 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/11/28 18:26:01 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2011/11/28 18:26:01 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/11/28 18:26:00 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2011/11/28 18:26:00 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2011/11/28 18:26:00 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/11/28 18:26:00 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011/11/28 18:26:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2011/11/28 18:26:00 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2011/11/28 18:26:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2011/11/28 18:26:00 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2011/11/28 18:25:59 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/11/28 18:25:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/11/28 18:25:58 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2011/11/28 18:25:58 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/11/28 18:25:58 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2011/11/28 18:25:58 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2011/11/28 18:25:58 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2011/11/28 18:25:58 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/11/28 18:25:58 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2011/11/28 18:25:58 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2011/11/28 18:25:58 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/11/28 18:25:58 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2011/11/28 18:25:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/11/28 18:25:58 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011/11/28 18:25:58 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2011/11/28 18:25:58 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2011/11/28 18:25:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011/11/28 18:25:57 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/11/28 18:25:57 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2011/11/28 18:25:57 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2011/11/28 18:25:57 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2011/11/28 18:25:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2011/11/28 18:25:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2011/11/28 18:25:57 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2011/11/28 18:25:56 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2011/11/28 18:25:56 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011/11/28 18:25:56 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2011/11/28 18:25:56 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011/11/28 18:25:56 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2011/11/28 18:25:56 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011/11/28 18:25:56 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2011/11/28 18:25:56 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011/11/28 18:25:56 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2011/11/28 18:25:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/11/28 18:25:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2011/11/28 18:25:55 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2011/11/28 18:25:55 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011/11/28 18:25:55 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011/11/28 18:25:54 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2011/11/28 18:25:54 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2011/11/28 18:25:54 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/11/28 18:25:54 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2011/11/28 18:25:54 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/11/28 18:25:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2011/11/28 18:25:54 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2011/11/28 18:25:53 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/11/28 18:25:53 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2011/11/28 18:25:53 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/11/28 18:25:53 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2011/11/28 18:25:53 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011/11/28 18:25:53 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2011/11/28 18:25:53 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2011/11/28 18:25:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2011/11/28 18:25:52 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2011/11/28 18:25:52 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2011/11/28 18:25:52 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/11/28 18:25:52 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/11/28 18:25:52 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2011/11/28 18:25:52 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2011/11/28 18:25:51 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/11/28 18:25:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/11/28 18:25:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2011/11/28 18:25:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2011/11/28 18:25:51 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2011/11/28 18:25:51 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2011/11/28 18:25:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/11/28 18:25:50 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011/11/28 18:25:50 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2011/11/28 18:25:50 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/11/28 18:25:50 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/11/28 18:25:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2011/11/28 18:25:50 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2011/11/28 18:25:50 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011/11/28 18:25:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2011/11/28 18:25:50 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/11/28 18:25:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2011/11/28 18:25:50 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2011/11/28 18:25:49 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2011/11/28 18:25:49 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2011/11/28 18:25:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/11/28 18:25:48 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/28 18:25:48 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/28 18:25:48 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011/11/28 18:25:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2011/11/28 18:25:48 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/11/28 18:25:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/11/28 18:25:48 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2011/11/28 18:25:47 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/11/28 18:25:47 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2011/11/28 18:25:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2011/11/28 18:25:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2011/11/28 18:25:46 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2011/11/28 18:25:46 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2011/11/28 18:25:46 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2011/11/28 18:25:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2011/11/28 18:25:46 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/11/28 18:25:46 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2011/11/28 18:25:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2011/11/28 18:25:46 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2011/11/28 18:25:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2011/11/28 18:25:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2011/11/28 18:25:45 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2011/11/28 18:25:45 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2011/11/28 18:25:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2011/11/28 18:25:45 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2011/11/28 18:25:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/11/28 18:25:45 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2011/11/28 18:25:44 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/11/28 18:25:44 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2011/11/28 18:25:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011/11/28 18:25:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2011/11/28 18:25:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2011/11/28 18:25:44 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011/11/28 18:25:43 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2011/11/28 18:25:43 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2011/11/28 18:25:43 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2011/11/28 18:25:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/11/28 18:25:42 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2011/11/28 18:25:42 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2011/11/28 18:25:42 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2011/11/28 18:25:42 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2011/11/28 18:25:42 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2011/11/28 18:25:42 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2011/11/28 18:25:40 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011/11/28 18:25:40 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/11/28 18:25:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011/11/28 18:25:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2011/11/28 18:25:40 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2011/11/28 18:25:39 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/11/28 18:25:39 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2011/11/28 18:25:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2011/11/28 18:25:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011/11/28 18:25:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011/11/28 18:25:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/11/28 18:25:36 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2011/11/28 18:25:36 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2011/11/28 18:25:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2011/11/28 18:25:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/11/28 18:25:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/11/28 18:25:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/11/28 18:25:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2011/11/28 18:25:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2011/11/28 18:25:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2011/11/28 18:25:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2011/11/28 18:25:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2011/11/28 18:25:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2011/11/28 18:25:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2011/11/28 18:25:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2011/11/28 18:25:33 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2011/11/28 18:25:33 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2011/11/28 18:25:33 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2011/11/28 18:25:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2011/11/28 18:25:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2011/11/28 18:25:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2011/11/28 18:25:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2011/11/28 18:25:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2011/11/28 18:25:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2011/11/28 18:25:33 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2011/11/28 18:25:25 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011/11/28 18:25:11 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2011/11/28 18:24:34 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2011/11/28 17:06:28 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Malwarebytes
[2011/11/28 17:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/28 16:59:08 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup.exe
[2011/11/28 16:50:07 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jeremy\Desktop\poo.com.exe
[2011/11/28 16:31:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/11/27 20:31:23 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\GlobalSCAPE
[2011/11/27 20:27:40 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/11/27 20:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\OfficeGuardian
[2011/11/27 20:14:54 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Macromedia
[2011/11/27 20:14:54 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Adobe
[2011/11/27 20:14:45 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/27 20:13:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/11/27 19:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
[2011/11/27 19:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\HH2003
[2011/11/27 19:44:12 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011/11/27 19:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HHEditor 2003
[2011/11/27 19:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\HH2K3Edit
[2011/11/27 19:40:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\Database
[2011/11/27 19:33:34 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\GlobalSCAPE
[2011/11/27 19:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlobalSCAPE
[2011/11/27 19:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\GlobalSCAPE
[2011/11/27 19:33:05 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/11/27 19:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/11/27 12:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/27 11:32:18 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{85854D35-4DC4-4AC2-9FA8-91FAF5AC41EC}
[2011/11/27 11:32:06 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{2099A755-5CEF-4BC6-B4D2-1B0B5E8878A2}
[2011/11/27 10:39:21 | 000,000,000 | --SD | C] -- C:\Users\Jeremy\Documents\My Web Sites
[2011/11/27 10:24:05 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{A881411D-E011-4264-B8E0-BF40D5D5963D}
[2011/11/27 10:23:49 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Windows Live Writer
[2011/11/27 10:23:49 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Windows Live Writer
[2011/11/27 10:23:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\{F32BB68E-D7B5-4315-8508-904BA406026D}
[2011/11/27 10:23:04 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Thunderbird
[2011/11/27 10:09:21 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/11/27 10:09:12 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/11/27 10:08:41 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/11/27 10:08:40 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/11/27 10:08:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/11/27 10:08:12 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/11/27 10:08:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/11/27 10:08:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/11/27 10:07:10 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/11/27 10:07:10 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/11/27 10:07:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/11/27 10:07:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/11/27 10:07:09 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/11/27 10:05:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/11/27 10:04:12 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/11/27 10:04:11 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/11/27 10:04:11 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/11/27 10:04:11 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/11/27 10:04:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/11/27 10:04:11 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/11/27 10:04:02 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2011/11/27 10:04:02 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/11/27 10:03:54 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/11/27 10:03:44 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/11/27 10:03:39 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/11/27 10:03:39 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/11/27 10:03:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/11/27 10:03:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/11/27 10:03:33 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/11/27 10:03:28 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/27 10:03:23 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/11/27 10:03:23 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/11/27 10:03:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/11/27 10:03:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/11/27 10:03:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/11/27 10:03:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/11/27 10:03:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/11/27 10:03:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/11/27 10:03:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/11/27 10:03:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/11/27 10:03:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/11/27 10:03:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/11/27 10:03:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/11/27 10:03:07 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/27 10:03:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/27 10:03:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/27 10:03:06 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/27 10:03:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/27 10:02:16 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/11/27 10:02:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/11/27 10:02:16 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/11/27 10:02:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/11/27 10:02:16 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/11/27 10:01:50 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/11/27 10:01:50 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/11/27 10:00:22 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/11/27 10:00:22 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/11/27 09:58:56 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/11/27 09:58:38 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/11/27 09:51:16 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/11/27 09:51:16 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/11/27 06:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/11/27 06:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/11/27 06:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/11/27 06:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/11/27 06:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/11/27 06:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/11/27 06:27:05 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Microsoft Help
[2011/11/27 06:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/11/27 06:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/11/27 00:31:24 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/11/27 00:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/11/27 00:27:05 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Windows Live
[2011/11/27 00:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/11/27 00:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2011/11/27 00:08:39 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Apple Computer
[2011/11/27 00:08:38 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Apple Computer
[2011/11/27 00:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/27 00:08:34 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/11/27 00:08:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/11/27 00:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/27 00:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/27 00:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/11/27 00:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/27 00:07:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Apple
[2011/11/27 00:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/27 00:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/27 00:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/11/27 00:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/11/27 00:06:51 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/11/27 00:02:01 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\ElevatedDiagnostics
[2011/11/26 23:51:01 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/11/26 23:41:04 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Mozilla
[2011/11/26 23:41:04 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Mozilla
[2011/11/26 23:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/11/26 23:27:09 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/26 23:27:09 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Searches
[2011/11/26 23:27:09 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/26 23:27:09 | 000,000,000 | -H-D | C] -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/11/26 23:26:55 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Identities
[2011/11/26 23:26:53 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Contacts
[2011/11/26 23:26:45 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\VirtualStore
[2011/11/26 23:26:43 | 000,000,000 | --SD | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Videos
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Saved Games
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Pictures
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Music
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Links
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Favorites
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Downloads
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Documents
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Desktop
[2011/11/26 23:26:43 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\AppData\Local\Temporary Internet Files
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Templates
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Start Menu
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\SendTo
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Recent
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\PrintHood
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\NetHood
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Documents\My Videos
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Documents\My Pictures
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Documents\My Music
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\My Documents
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Local Settings
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\AppData\Local\History
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Cookies
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\Application Data
[2011/11/26 23:26:43 | 000,000,000 | -HSD | C] -- C:\Users\Jeremy\AppData\Local\Application Data
[2011/11/26 23:26:43 | 000,000,000 | -H-D | C] -- C:\Users\Jeremy\AppData
[2011/11/26 23:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Temp
[2011/11/26 23:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Microsoft
[2011/11/26 23:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Media Center Programs
[2011/11/26 23:03:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/11/26 23:01:44 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/11/26 22:59:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/11/25 13:50:22 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Will and Liz wedding

========== Files - Modified Within 30 Days ==========

[2011/12/01 19:15:14 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 19:14:34 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/01 19:11:47 | 000,000,512 | ---- | M] () -- C:\Users\Jeremy\Desktop\MBR.dat
[2011/12/01 19:05:45 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Jeremy\Desktop\aswMBR.exe
[2011/12/01 19:01:50 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jeremy\Desktop\tdsskiller.exe
[2011/12/01 18:47:31 | 000,012,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 18:47:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/01 18:47:30 | 000,012,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/01 16:22:53 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/01 16:22:53 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/01 16:18:27 | 2616,684,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/01 16:16:44 | 004,324,789 | R--- | M] (Swearware) -- C:\Users\Jeremy\Desktop\ComboFix.exe
[2011/12/01 07:32:35 | 000,212,088 | ---- | M] () -- C:\Users\Jeremy\Desktop\lightbill.pdf
[2011/11/30 20:58:48 | 000,000,075 | ---- | M] () -- C:\Windows\HHManager.INI
[2011/11/30 17:51:23 | 000,001,045 | ---- | M] () -- C:\Users\Jeremy\Desktop\Tennis Elbow 2011.lnk
[2011/11/30 03:21:01 | 000,299,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/29 21:02:19 | 036,863,483 | ---- | M] () -- C:\Users\Jeremy\Desktop\TennisElbow2011.exe
[2011/11/29 17:02:07 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/11/29 16:45:43 | 000,001,695 | ---- | M] () -- C:\Users\Jeremy\Desktop\photo-16.png
[2011/11/29 16:10:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Desktop\OTL.exe
[2011/11/29 16:09:07 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/11/28 17:00:33 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeremy\Desktop\mbam-setup.exe
[2011/11/28 16:50:27 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jeremy\Desktop\poo.com.exe
[2011/11/27 20:14:45 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/27 19:52:50 | 000,001,867 | ---- | M] () -- C:\Users\Jeremy\Desktop\HH2K3Edit.lnk
[2011/11/27 19:47:44 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\HH 2003.lnk
[2011/11/27 19:35:24 | 001,052,672 | ---- | M] () -- C:\Users\Jeremy\Desktop\HHManager.exe
[2011/11/27 12:22:08 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/26 23:34:41 | 000,001,409 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/26 23:32:58 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/11/26 23:05:48 | 000,041,962 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/11/26 23:03:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/11/26 22:59:07 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

========== Files Created - No Company Name ==========

[2011/12/01 19:15:14 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/01 19:11:47 | 000,000,512 | ---- | C] () -- C:\Users\Jeremy\Desktop\MBR.dat
[2011/12/01 16:23:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/01 16:23:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/01 16:23:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/01 16:23:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/01 16:23:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/01 07:32:34 | 000,212,088 | ---- | C] () -- C:\Users\Jeremy\Desktop\lightbill.pdf
[2011/11/30 17:51:30 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2011/11/30 17:51:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011/11/30 17:51:29 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011/11/30 17:51:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2011/11/30 17:51:23 | 000,001,045 | ---- | C] () -- C:\Users\Jeremy\Desktop\Tennis Elbow 2011.lnk
[2011/11/29 20:57:36 | 036,863,483 | ---- | C] () -- C:\Users\Jeremy\Desktop\TennisElbow2011.exe
[2011/11/29 16:45:41 | 000,001,695 | ---- | C] () -- C:\Users\Jeremy\Desktop\photo-16.png
[2011/11/29 16:09:07 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/11/28 20:42:48 | 000,000,075 | ---- | C] () -- C:\Windows\HHManager.INI
[2011/11/28 18:27:46 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/11/28 18:25:43 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/11/28 18:25:32 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/11/27 19:52:50 | 000,001,867 | ---- | C] () -- C:\Users\Jeremy\Desktop\HH2K3Edit.lnk
[2011/11/27 19:47:44 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\HH 2003.lnk
[2011/11/27 12:22:08 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/27 12:21:15 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/27 00:33:10 | 000,001,406 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/11/27 00:24:33 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/11/27 00:07:42 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/26 23:40:34 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/26 23:34:41 | 000,001,409 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/26 23:32:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/26 23:28:02 | 000,001,415 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/11/26 23:26:43 | 000,000,290 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/11/26 23:26:43 | 000,000,272 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/11/26 23:05:29 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/26 23:05:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/26 23:03:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,299,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1999/05/21 21:10:00 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll

< End of report >














OTL Extras

OTL Extras logfile created on: 12/1/2011 7:24:38 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jeremy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 79.41% Memory free
6.50 Gb Paging File | 5.62 Gb Available in Paging File | 86.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.30 Gb Total Space | 107.30 Gb Free Space | 48.27% Space Free | Partition Type: NTFS
Drive D: | 10.58 Gb Total Space | 1.25 Gb Free Space | 11.77% Space Free | Partition Type: NTFS

Computer Name: HPDESKTOPJDP | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DangerZEditor_is1" = High Heat 2003 Editor 1.01
"High Heat Major League Baseball 2003" = High Heat Major League Baseball 2003
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Tennis Elbow 2011" = Tennis Elbow 2011 1.0c
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2011 2:13:40 PM | Computer Name = HPDesktopJDP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10015

Error - 12/1/2011 2:13:41 PM | Computer Name = HPDesktopJDP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/1/2011 2:13:41 PM | Computer Name = HPDesktopJDP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11013

Error - 12/1/2011 2:13:41 PM | Computer Name = HPDesktopJDP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11013

Error - 12/1/2011 2:13:42 PM | Computer Name = HPDesktopJDP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/1/2011 2:13:42 PM | Computer Name = HPDesktopJDP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12012

Error - 12/1/2011 2:13:42 PM | Computer Name = HPDesktopJDP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12012

Error - 12/1/2011 2:13:43 PM | Computer Name = HPDesktopJDP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/1/2011 2:13:43 PM | Computer Name = HPDesktopJDP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13010

Error - 12/1/2011 2:13:43 PM | Computer Name = HPDesktopJDP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13010

[ System Events ]
Error - 11/30/2011 7:31:11 AM | Computer Name = HPDesktopJDP | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM

Process
Name: C:\Windows\System32\svchost.exe Action: %%808 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x800704ec Error description:
This program is blocked by group policy. For more information, contact your system
administrator. Signature Version: AV: 1.115.2818.0, AS: 1.115.2818.0, NIS: 10.7.0.0

Engine
Version: AM: 1.1.7801.0, NIS: 2.0.7707.0

Error - 11/30/2011 7:51:13 AM | Computer Name = HPDesktopJDP | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.115.2818.0, AS: 1.115.2818.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7801.0,
NIS: 2.0.7707.0

Error - 12/1/2011 2:12:22 AM | Computer Name = HPDesktopJDP | Source = DCOM | ID = 10010
Description =

Error - 12/1/2011 11:27:27 AM | Computer Name = HPDesktopJDP | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM

Process
Name: C:\Windows\System32\svchost.exe Action: %%808 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x800704ec Error description:
This program is blocked by group policy. For more information, contact your system
administrator. Signature Version: AV: 1.117.36.0, AS: 1.117.36.0, NIS: 10.7.0.0

Engine
Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 12/1/2011 11:47:46 AM | Computer Name = HPDesktopJDP | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.117.36.0, AS: 1.117.36.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0,
NIS: 2.0.7707.0

Error - 12/1/2011 8:17:39 PM | Computer Name = HPDesktopJDP | Source = DCOM | ID = 10010
Description =

Error - 12/1/2011 8:24:32 PM | Computer Name = HPDesktopJDP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/1/2011 8:28:24 PM | Computer Name = HPDesktopJDP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/1/2011 8:28:58 PM | Computer Name = HPDesktopJDP | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM

Process
Name: C:\Windows\System32\svchost.exe Action: %%808 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x800704ec Error description:
This program is blocked by group policy. For more information, contact your system
administrator. Signature Version: AV: 1.117.36.0, AS: 1.117.36.0, NIS: 0.0.0.0 Engine
Version: AM: 1.1.7903.0, NIS: 0.0.0.0

Error - 12/1/2011 8:31:00 PM | Computer Name = HPDesktopJDP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
  • 0

#4
RKinner
Posted 01 December 2011 - 06:40 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Run TDSSKiller again but this time:

before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.

This mode is prone to false positives so don't change any SKIPs. Just get the log.




Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
  • 0

#5
elguapo79
Posted 01 December 2011 - 07:31 PM

elguapo79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
20:24:08.0204 3968 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
20:24:08.0532 3968 ============================================================
20:24:08.0532 3968 Current date / time: 2011/12/01 20:24:08.0532
20:24:08.0532 3968 SystemInfo:
20:24:08.0532 3968
20:24:08.0532 3968 OS Version: 6.1.7601 ServicePack: 1.0
20:24:08.0532 3968 Product type: Workstation
20:24:08.0532 3968 ComputerName: HPDESKTOPJDP
20:24:08.0532 3968 UserName: Jeremy
20:24:08.0532 3968 Windows directory: C:\Windows
20:24:08.0532 3968 System windows directory: C:\Windows
20:24:08.0532 3968 Processor architecture: Intel x86
20:24:08.0532 3968 Number of processors: 2
20:24:08.0532 3968 Page size: 0x1000
20:24:08.0532 3968 Boot type: Normal boot
20:24:08.0532 3968 ============================================================
20:24:09.0561 3968 Initialize success
20:24:16.0456 2832 ============================================================
20:24:16.0456 2832 Scan started
20:24:16.0456 2832 Mode: Manual; SigCheck; TDLFS;
20:24:16.0456 2832 ============================================================
20:24:17.0190 2832 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:24:17.0252 2832 1394ohci - ok
20:24:17.0299 2832 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:24:17.0314 2832 ACPI - ok
20:24:17.0424 2832 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:24:17.0517 2832 AcpiPmi - ok
20:24:17.0626 2832 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:24:17.0642 2832 adp94xx - ok
20:24:17.0720 2832 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:24:17.0736 2832 adpahci - ok
20:24:17.0782 2832 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:24:17.0798 2832 adpu320 - ok
20:24:17.0876 2832 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:24:17.0938 2832 AFD - ok
20:24:18.0032 2832 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:24:18.0032 2832 agp440 - ok
20:24:18.0141 2832 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:24:18.0141 2832 aic78xx - ok
20:24:18.0235 2832 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:24:18.0235 2832 aliide - ok
20:24:18.0282 2832 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:24:18.0282 2832 amdagp - ok
20:24:18.0313 2832 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:24:18.0328 2832 amdide - ok
20:24:18.0406 2832 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:24:18.0453 2832 AmdK8 - ok
20:24:18.0734 2832 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
20:24:18.0874 2832 amdkmdag - ok
20:24:18.0999 2832 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
20:24:19.0062 2832 amdkmdap - ok
20:24:19.0140 2832 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:24:19.0155 2832 AmdPPM - ok
20:24:19.0264 2832 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:24:19.0264 2832 amdsata - ok
20:24:19.0296 2832 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:24:19.0311 2832 amdsbs - ok
20:24:19.0358 2832 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:24:19.0358 2832 amdxata - ok
20:24:19.0405 2832 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:24:19.0514 2832 AppID - ok
20:24:19.0701 2832 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:24:19.0717 2832 arc - ok
20:24:19.0717 2832 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:24:19.0732 2832 arcsas - ok
20:24:19.0764 2832 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:19.0888 2832 AsyncMac - ok
20:24:20.0013 2832 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:24:20.0013 2832 atapi - ok
20:24:20.0200 2832 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:24:20.0263 2832 b06bdrv - ok
20:24:20.0325 2832 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:24:20.0356 2832 b57nd60x - ok
20:24:20.0512 2832 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:24:20.0544 2832 Beep - ok
20:24:20.0590 2832 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:24:20.0637 2832 blbdrive - ok
20:24:20.0778 2832 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:24:20.0824 2832 bowser - ok
20:24:20.0871 2832 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:24:20.0949 2832 BrFiltLo - ok
20:24:21.0043 2832 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:24:21.0105 2832 BrFiltUp - ok
20:24:21.0199 2832 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:24:21.0230 2832 Brserid - ok
20:24:21.0324 2832 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:24:21.0370 2832 BrSerWdm - ok
20:24:21.0402 2832 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:24:21.0495 2832 BrUsbMdm - ok
20:24:21.0542 2832 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:24:21.0714 2832 BrUsbSer - ok
20:24:21.0916 2832 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:24:21.0963 2832 BTHMODEM - ok
20:24:22.0104 2832 catchme - ok
20:24:22.0244 2832 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:24:22.0275 2832 cdfs - ok
20:24:22.0322 2832 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
20:24:22.0369 2832 cdrom - ok
20:24:22.0525 2832 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:24:22.0572 2832 circlass - ok
20:24:22.0650 2832 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:24:22.0650 2832 CLFS - ok
20:24:22.0821 2832 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:22.0852 2832 CmBatt - ok
20:24:22.0899 2832 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:24:22.0915 2832 cmdide - ok
20:24:22.0946 2832 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
20:24:22.0962 2832 CNG - ok
20:24:22.0977 2832 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:24:22.0977 2832 Compbatt - ok
20:24:23.0008 2832 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
20:24:23.0040 2832 CompositeBus - ok
20:24:23.0180 2832 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:24:23.0196 2832 crcdisk - ok
20:24:23.0305 2832 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:24:23.0367 2832 DfsC - ok
20:24:23.0508 2832 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:24:23.0554 2832 discache - ok
20:24:23.0586 2832 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:24:23.0601 2832 Disk - ok
20:24:23.0679 2832 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:24:23.0710 2832 drmkaud - ok
20:24:23.0851 2832 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:24:23.0866 2832 DXGKrnl - ok
20:24:23.0976 2832 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
20:24:24.0022 2832 e1express - ok
20:24:24.0210 2832 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:24:24.0272 2832 ebdrv - ok
20:24:24.0412 2832 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:24:24.0428 2832 elxstor - ok
20:24:24.0475 2832 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:24:24.0522 2832 ErrDev - ok
20:24:24.0646 2832 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:24:24.0662 2832 exfat - ok
20:24:24.0678 2832 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:24:24.0724 2832 fastfat - ok
20:24:24.0756 2832 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:24:24.0787 2832 fdc - ok
20:24:24.0896 2832 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:24:24.0896 2832 FileInfo - ok
20:24:24.0912 2832 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:24:24.0927 2832 Filetrace - ok
20:24:24.0943 2832 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:24.0974 2832 flpydisk - ok
20:24:25.0021 2832 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:24:25.0036 2832 FltMgr - ok
20:24:25.0052 2832 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:24:25.0068 2832 FsDepends - ok
20:24:25.0068 2832 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:24:25.0083 2832 Fs_Rec - ok
20:24:25.0177 2832 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:24:25.0192 2832 fvevol - ok
20:24:25.0239 2832 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:24:25.0239 2832 gagp30kx - ok
20:24:25.0286 2832 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:24:25.0286 2832 GEARAspiWDM - ok
20:24:25.0426 2832 HCW85BDA (89364cc2a694364f4aa148b7cb802d57) C:\Windows\system32\drivers\HCW85BDA.sys
20:24:25.0504 2832 HCW85BDA - ok
20:24:25.0551 2832 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:24:25.0598 2832 hcw85cir - ok
20:24:25.0707 2832 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
20:24:25.0723 2832 HdAudAddService - ok
20:24:25.0848 2832 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
20:24:25.0879 2832 HDAudBus - ok
20:24:26.0019 2832 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:24:26.0050 2832 HidBatt - ok
20:24:26.0050 2832 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:24:26.0082 2832 HidBth - ok
20:24:26.0113 2832 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:24:26.0144 2832 HidIr - ok
20:24:26.0316 2832 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
20:24:26.0347 2832 HidUsb - ok
20:24:26.0394 2832 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:24:26.0394 2832 HpSAMD - ok
20:24:26.0503 2832 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:24:26.0565 2832 HTTP - ok
20:24:26.0596 2832 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:24:26.0612 2832 hwpolicy - ok
20:24:26.0706 2832 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
20:24:26.0721 2832 i8042prt - ok
20:24:26.0752 2832 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:24:26.0768 2832 iaStorV - ok
20:24:26.0830 2832 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:24:26.0830 2832 iirsp - ok
20:24:26.0924 2832 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:24:26.0940 2832 intelide - ok
20:24:26.0955 2832 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:24:26.0971 2832 intelppm - ok
20:24:26.0986 2832 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:27.0018 2832 IpFilterDriver - ok
20:24:27.0049 2832 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:24:27.0080 2832 IPMIDRV - ok
20:24:27.0205 2832 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:24:27.0252 2832 IPNAT - ok
20:24:27.0267 2832 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:24:27.0298 2832 IRENUM - ok
20:24:27.0330 2832 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:24:27.0345 2832 isapnp - ok
20:24:27.0423 2832 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:24:27.0439 2832 iScsiPrt - ok
20:24:27.0470 2832 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
20:24:27.0486 2832 kbdclass - ok
20:24:27.0548 2832 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:24:27.0579 2832 kbdhid - ok
20:24:27.0626 2832 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
20:24:27.0642 2832 KSecDD - ok
20:24:27.0688 2832 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
20:24:27.0704 2832 KSecPkg - ok
20:24:27.0782 2832 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:24:27.0813 2832 lltdio - ok
20:24:27.0907 2832 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:24:27.0907 2832 LSI_FC - ok
20:24:27.0922 2832 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:24:27.0922 2832 LSI_SAS - ok
20:24:27.0938 2832 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:24:27.0954 2832 LSI_SAS2 - ok
20:24:27.0954 2832 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:24:27.0969 2832 LSI_SCSI - ok
20:24:28.0032 2832 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:24:28.0078 2832 luafv - ok
20:24:28.0094 2832 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:24:28.0094 2832 megasas - ok
20:24:28.0110 2832 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:24:28.0125 2832 MegaSR - ok
20:24:28.0156 2832 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:24:28.0172 2832 Modem - ok
20:24:28.0219 2832 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:24:28.0234 2832 monitor - ok
20:24:28.0344 2832 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
20:24:28.0344 2832 mouclass - ok
20:24:28.0406 2832 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:24:28.0437 2832 mouhid - ok
20:24:28.0531 2832 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:24:28.0546 2832 mountmgr - ok
20:24:28.0578 2832 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
20:24:28.0593 2832 MpFilter - ok
20:24:28.0624 2832 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:24:28.0640 2832 mpio - ok
20:24:28.0687 2832 MpKslbbe3c489 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A172C610-3CE7-4DEC-BFED-36C919FE6572}\MpKslbbe3c489.sys
20:24:28.0702 2832 MpKslbbe3c489 - ok
20:24:28.0796 2832 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:24:28.0796 2832 MpNWMon - ok
20:24:28.0858 2832 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:24:28.0890 2832 mpsdrv - ok
20:24:28.0921 2832 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:24:28.0968 2832 MRxDAV - ok
20:24:29.0092 2832 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:29.0139 2832 mrxsmb - ok
20:24:29.0186 2832 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:29.0217 2832 mrxsmb10 - ok
20:24:29.0248 2832 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:29.0264 2832 mrxsmb20 - ok
20:24:29.0358 2832 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:24:29.0358 2832 msahci - ok
20:24:29.0389 2832 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:24:29.0404 2832 msdsm - ok
20:24:29.0467 2832 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:24:29.0482 2832 Msfs - ok
20:24:29.0529 2832 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:24:29.0560 2832 mshidkmdf - ok
20:24:29.0576 2832 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:24:29.0576 2832 msisadrv - ok
20:24:29.0701 2832 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:24:29.0748 2832 MSKSSRV - ok
20:24:29.0794 2832 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:29.0826 2832 MSPCLOCK - ok
20:24:29.0872 2832 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:24:29.0919 2832 MSPQM - ok
20:24:30.0028 2832 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:24:30.0044 2832 MsRPC - ok
20:24:30.0060 2832 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
20:24:30.0075 2832 mssmbios - ok
20:24:30.0106 2832 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:24:30.0138 2832 MSTEE - ok
20:24:30.0184 2832 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:30.0216 2832 MTConfig - ok
20:24:30.0325 2832 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:24:30.0340 2832 Mup - ok
20:24:30.0372 2832 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:24:30.0387 2832 NativeWifiP - ok
20:24:30.0418 2832 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:24:30.0434 2832 NDIS - ok
20:24:30.0543 2832 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:30.0590 2832 NdisCap - ok
20:24:30.0606 2832 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:30.0637 2832 NdisTapi - ok
20:24:30.0652 2832 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:30.0699 2832 Ndisuio - ok
20:24:30.0808 2832 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:30.0824 2832 NdisWan - ok
20:24:30.0855 2832 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:24:30.0902 2832 NDProxy - ok
20:24:31.0027 2832 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:24:31.0074 2832 NetBIOS - ok
20:24:31.0120 2832 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:24:31.0167 2832 NetBT - ok
20:24:31.0292 2832 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:31.0308 2832 nfrd960 - ok
20:24:31.0339 2832 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:24:31.0354 2832 NisDrv - ok
20:24:31.0370 2832 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:24:31.0401 2832 Npfs - ok
20:24:31.0417 2832 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:24:31.0448 2832 nsiproxy - ok
20:24:31.0510 2832 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:24:31.0526 2832 Ntfs - ok
20:24:31.0635 2832 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:24:31.0666 2832 Null - ok
20:24:31.0698 2832 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:24:31.0713 2832 nvraid - ok
20:24:31.0729 2832 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:24:31.0729 2832 nvstor - ok
20:24:31.0760 2832 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:24:31.0760 2832 nv_agp - ok
20:24:31.0854 2832 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:24:31.0900 2832 ohci1394 - ok
20:24:31.0947 2832 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:24:31.0947 2832 Parport - ok
20:24:32.0025 2832 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
20:24:32.0041 2832 partmgr - ok
20:24:32.0056 2832 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:24:32.0088 2832 Parvdm - ok
20:24:32.0134 2832 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:24:32.0150 2832 pci - ok
20:24:32.0228 2832 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:24:32.0228 2832 pciide - ok
20:24:32.0290 2832 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:32.0306 2832 pcmcia - ok
20:24:32.0322 2832 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:24:32.0322 2832 pcw - ok
20:24:32.0337 2832 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:24:32.0384 2832 PEAUTH - ok
20:24:32.0478 2832 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:24:32.0524 2832 PptpMiniport - ok
20:24:32.0571 2832 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:24:32.0618 2832 Processor - ok
20:24:32.0712 2832 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:24:32.0743 2832 Psched - ok
20:24:32.0852 2832 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:24:32.0883 2832 ql2300 - ok
20:24:32.0946 2832 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:32.0946 2832 ql40xx - ok
20:24:32.0961 2832 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:24:32.0977 2832 QWAVEdrv - ok
20:24:32.0992 2832 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:24:33.0008 2832 RasAcd - ok
20:24:33.0086 2832 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:33.0117 2832 RasAgileVpn - ok
20:24:33.0180 2832 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:33.0195 2832 Rasl2tp - ok
20:24:33.0258 2832 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:33.0304 2832 RasPppoe - ok
20:24:33.0382 2832 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:24:33.0414 2832 RasSstp - ok
20:24:33.0445 2832 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:24:33.0507 2832 rdbss - ok
20:24:33.0585 2832 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:33.0632 2832 rdpbus - ok
20:24:33.0663 2832 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:33.0694 2832 RDPCDD - ok
20:24:33.0772 2832 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:24:33.0819 2832 RDPENCDD - ok
20:24:33.0897 2832 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:24:33.0928 2832 RDPREFMP - ok
20:24:33.0975 2832 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
20:24:34.0022 2832 RDPWD - ok
20:24:34.0116 2832 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:24:34.0131 2832 rdyboost - ok
20:24:34.0225 2832 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:24:34.0256 2832 rspndr - ok
20:24:34.0350 2832 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:24:34.0365 2832 sbp2port - ok
20:24:34.0381 2832 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:24:34.0428 2832 scfilter - ok
20:24:34.0506 2832 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:24:34.0521 2832 secdrv - ok
20:24:34.0599 2832 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:24:34.0599 2832 Serenum - ok
20:24:34.0630 2832 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:24:34.0646 2832 Serial - ok
20:24:34.0677 2832 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:24:34.0693 2832 sermouse - ok
20:24:34.0786 2832 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:24:34.0818 2832 sffdisk - ok
20:24:34.0833 2832 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:24:34.0849 2832 sffp_mmc - ok
20:24:34.0864 2832 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:24:34.0880 2832 sffp_sd - ok
20:24:34.0927 2832 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:34.0942 2832 sfloppy - ok
20:24:35.0036 2832 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:24:35.0052 2832 sisagp - ok
20:24:35.0098 2832 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:35.0114 2832 SiSRaid2 - ok
20:24:35.0114 2832 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:35.0130 2832 SiSRaid4 - ok
20:24:35.0208 2832 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:24:35.0223 2832 Smb - ok
20:24:35.0254 2832 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:24:35.0254 2832 spldr - ok
20:24:35.0332 2832 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:24:35.0395 2832 srv - ok
20:24:35.0488 2832 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:24:35.0488 2832 srv2 - ok
20:24:35.0504 2832 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:24:35.0520 2832 srvnet - ok
20:24:35.0582 2832 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:24:35.0598 2832 stexstor - ok
20:24:35.0691 2832 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
20:24:35.0691 2832 swenum - ok
20:24:35.0800 2832 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
20:24:35.0816 2832 Tcpip - ok
20:24:35.0972 2832 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
20:24:35.0988 2832 TCPIP6 - ok
20:24:36.0081 2832 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:24:36.0112 2832 tcpipreg - ok
20:24:36.0175 2832 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:24:36.0206 2832 TDPIPE - ok
20:24:36.0237 2832 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
20:24:36.0284 2832 TDTCP - ok
20:24:36.0378 2832 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:24:36.0440 2832 tdx - ok
20:24:36.0549 2832 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
20:24:36.0565 2832 TermDD - ok
20:24:36.0596 2832 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:36.0643 2832 tssecsrv - ok
20:24:36.0752 2832 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:24:36.0799 2832 TsUsbFlt - ok
20:24:36.0861 2832 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:24:36.0892 2832 tunnel - ok
20:24:37.0017 2832 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:24:37.0017 2832 uagp35 - ok
20:24:37.0048 2832 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:24:37.0095 2832 udfs - ok
20:24:37.0220 2832 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:24:37.0220 2832 uliagpkx - ok
20:24:37.0267 2832 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
20:24:37.0282 2832 umbus - ok
20:24:37.0423 2832 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:24:37.0438 2832 UmPass - ok
20:24:37.0485 2832 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
20:24:37.0516 2832 usbccgp - ok
20:24:37.0641 2832 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:24:37.0657 2832 usbcir - ok
20:24:37.0688 2832 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
20:24:37.0719 2832 usbehci - ok
20:24:37.0750 2832 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:24:37.0782 2832 usbhub - ok
20:24:37.0860 2832 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
20:24:37.0891 2832 usbohci - ok
20:24:37.0922 2832 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:24:37.0953 2832 usbprint - ok
20:24:38.0000 2832 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:38.0016 2832 USBSTOR - ok
20:24:38.0031 2832 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:24:38.0047 2832 usbuhci - ok
20:24:38.0125 2832 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:24:38.0140 2832 vdrvroot - ok
20:24:38.0187 2832 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:38.0234 2832 vga - ok
20:24:38.0234 2832 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:24:38.0265 2832 VgaSave - ok
20:24:38.0296 2832 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:24:38.0312 2832 vhdmp - ok
20:24:38.0406 2832 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:24:38.0421 2832 viaagp - ok
20:24:38.0468 2832 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:24:38.0499 2832 ViaC7 - ok
20:24:38.0593 2832 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:24:38.0593 2832 viaide - ok
20:24:38.0624 2832 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:24:38.0640 2832 volmgr - ok
20:24:38.0702 2832 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:24:38.0718 2832 volmgrx - ok
20:24:38.0796 2832 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:24:38.0811 2832 volsnap - ok
20:24:38.0827 2832 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:38.0827 2832 vsmraid - ok
20:24:38.0842 2832 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
20:24:38.0874 2832 vwifibus - ok
20:24:38.0920 2832 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:24:38.0952 2832 WacomPen - ok
20:24:39.0045 2832 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:39.0092 2832 WANARP - ok
20:24:39.0092 2832 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:39.0108 2832 Wanarpv6 - ok
20:24:39.0186 2832 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:24:39.0201 2832 Wd - ok
20:24:39.0279 2832 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:24:39.0295 2832 Wdf01000 - ok
20:24:39.0342 2832 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:39.0357 2832 WfpLwf - ok
20:24:39.0482 2832 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:24:39.0498 2832 WIMMount - ok
20:24:39.0591 2832 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:24:39.0622 2832 WmiAcpi - ok
20:24:39.0763 2832 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:24:39.0810 2832 ws2ifsl - ok
20:24:39.0856 2832 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:24:39.0888 2832 WudfPf - ok
20:24:39.0919 2832 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:39.0950 2832 WUDFRd - ok
20:24:39.0966 2832 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:24:40.0028 2832 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:24:40.0028 2832 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:24:40.0044 2832 Boot (0x1200) (280f406c68afbce5502ce3229a2e7e47) \Device\Harddisk0\DR0\Partition0
20:24:40.0044 2832 \Device\Harddisk0\DR0\Partition0 - ok
20:24:40.0059 2832 Boot (0x1200) (52537955046b2a54fb37977d3099b40e) \Device\Harddisk0\DR0\Partition1
20:24:40.0059 2832 \Device\Harddisk0\DR0\Partition1 - ok
20:24:40.0059 2832 ============================================================
20:24:40.0059 2832 Scan finished
20:24:40.0059 2832 ============================================================
20:24:40.0059 3272 Detected object count: 1
20:24:40.0059 3272 Actual detected object count: 1
20:25:42.0617 3272 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:25:42.0617 3272 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Posted Image
  • 0

#6
RKinner
Posted 01 December 2011 - 07:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK. Looks like TDSSKiller found it. Run it again with all options and this time change the SKIP to Delete or Quarantine. After you reboot. Run it again in the same mode and post the new log. Want to make sure it did not come back after a reboot.
  • 0

#7
elguapo79
Posted 01 December 2011 - 08:18 PM

elguapo79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I selected the delete option.

Windows Security Essentials is still finding it after a reboot.

Here's the TDSS post-reboot log:

21:04:28.0091 2396 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
21:04:28.0528 2396 ============================================================
21:04:28.0528 2396 Current date / time: 2011/12/01 21:04:28.0528
21:04:28.0528 2396 SystemInfo:
21:04:28.0528 2396
21:04:28.0528 2396 OS Version: 6.1.7601 ServicePack: 1.0
21:04:28.0528 2396 Product type: Workstation
21:04:28.0528 2396 ComputerName: HPDESKTOPJDP
21:04:28.0528 2396 UserName: Jeremy
21:04:28.0528 2396 Windows directory: C:\Windows
21:04:28.0528 2396 System windows directory: C:\Windows
21:04:28.0528 2396 Processor architecture: Intel x86
21:04:28.0528 2396 Number of processors: 2
21:04:28.0528 2396 Page size: 0x1000
21:04:28.0528 2396 Boot type: Normal boot
21:04:28.0528 2396 ============================================================
21:04:30.0852 2396 Initialize success
21:04:43.0644 2520 ============================================================
21:04:43.0644 2520 Scan started
21:04:43.0644 2520 Mode: Manual; SigCheck; TDLFS;
21:04:43.0644 2520 ============================================================
21:04:46.0281 2520 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:04:46.0468 2520 1394ohci - ok
21:04:46.0561 2520 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:04:46.0577 2520 ACPI - ok
21:04:46.0624 2520 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:04:46.0733 2520 AcpiPmi - ok
21:04:47.0061 2520 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:04:47.0107 2520 adp94xx - ok
21:04:47.0529 2520 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:04:47.0575 2520 adpahci - ok
21:04:48.0059 2520 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:04:48.0090 2520 adpu320 - ok
21:04:48.0511 2520 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:04:48.0605 2520 AFD - ok
21:04:48.0886 2520 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:04:48.0901 2520 agp440 - ok
21:04:49.0198 2520 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:04:49.0245 2520 aic78xx - ok
21:04:49.0385 2520 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:04:49.0385 2520 aliide - ok
21:04:49.0432 2520 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:04:49.0432 2520 amdagp - ok
21:04:49.0603 2520 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:04:49.0635 2520 amdide - ok
21:04:49.0806 2520 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:04:49.0884 2520 AmdK8 - ok
21:04:50.0992 2520 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
21:04:51.0304 2520 amdkmdag - ok
21:04:51.0553 2520 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
21:04:51.0600 2520 amdkmdap - ok
21:04:51.0834 2520 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:04:51.0897 2520 AmdPPM - ok
21:04:51.0943 2520 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:04:51.0943 2520 amdsata - ok
21:04:52.0224 2520 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:04:52.0255 2520 amdsbs - ok
21:04:52.0567 2520 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:04:52.0567 2520 amdxata - ok
21:04:52.0786 2520 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:04:52.0911 2520 AppID - ok
21:04:53.0113 2520 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:04:53.0145 2520 arc - ok
21:04:53.0223 2520 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:04:53.0238 2520 arcsas - ok
21:04:53.0410 2520 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:04:53.0566 2520 AsyncMac - ok
21:04:53.0847 2520 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:04:53.0878 2520 atapi - ok
21:04:54.0424 2520 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:04:54.0486 2520 b06bdrv - ok
21:04:54.0720 2520 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:04:54.0751 2520 b57nd60x - ok
21:04:55.0001 2520 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:04:55.0079 2520 Beep - ok
21:04:55.0531 2520 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:04:55.0594 2520 blbdrive - ok
21:04:55.0797 2520 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:04:55.0828 2520 bowser - ok
21:04:55.0875 2520 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:04:55.0968 2520 BrFiltLo - ok
21:04:56.0280 2520 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:04:56.0343 2520 BrFiltUp - ok
21:04:56.0608 2520 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:04:56.0670 2520 Brserid - ok
21:04:56.0998 2520 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:04:57.0045 2520 BrSerWdm - ok
21:04:57.0091 2520 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:04:57.0138 2520 BrUsbMdm - ok
21:04:57.0372 2520 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:04:57.0450 2520 BrUsbSer - ok
21:04:57.0684 2520 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:04:57.0731 2520 BTHMODEM - ok
21:04:58.0027 2520 catchme - ok
21:04:58.0215 2520 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:04:58.0261 2520 cdfs - ok
21:04:58.0433 2520 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:04:58.0495 2520 cdrom - ok
21:04:58.0698 2520 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:04:58.0761 2520 circlass - ok
21:04:59.0088 2520 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:04:59.0119 2520 CLFS - ok
21:04:59.0478 2520 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:04:59.0525 2520 CmBatt - ok
21:05:00.0009 2520 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:05:00.0040 2520 cmdide - ok
21:05:00.0508 2520 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:05:00.0586 2520 CNG - ok
21:05:00.0820 2520 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:05:00.0835 2520 Compbatt - ok
21:05:00.0882 2520 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:05:00.0960 2520 CompositeBus - ok
21:05:01.0366 2520 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:05:01.0397 2520 crcdisk - ok
21:05:01.0678 2520 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:05:01.0756 2520 DfsC - ok
21:05:02.0208 2520 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:05:02.0271 2520 discache - ok
21:05:02.0536 2520 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:05:02.0536 2520 Disk - ok
21:05:02.0926 2520 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:05:02.0973 2520 drmkaud - ok
21:05:03.0456 2520 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:05:03.0472 2520 DXGKrnl - ok
21:05:03.0846 2520 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
21:05:03.0987 2520 e1express - ok
21:05:05.0047 2520 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:05:05.0203 2520 ebdrv - ok
21:05:05.0406 2520 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:05:05.0422 2520 elxstor - ok
21:05:05.0500 2520 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:05:05.0547 2520 ErrDev - ok
21:05:05.0796 2520 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:05:05.0859 2520 exfat - ok
21:05:06.0358 2520 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:05:06.0420 2520 fastfat - ok
21:05:06.0748 2520 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:05:06.0810 2520 fdc - ok
21:05:06.0904 2520 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:05:06.0919 2520 FileInfo - ok
21:05:07.0216 2520 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:05:07.0278 2520 Filetrace - ok
21:05:07.0403 2520 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:05:07.0450 2520 flpydisk - ok
21:05:07.0543 2520 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:05:07.0575 2520 FltMgr - ok
21:05:07.0996 2520 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:05:08.0027 2520 FsDepends - ok
21:05:08.0089 2520 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:05:08.0105 2520 Fs_Rec - ok
21:05:08.0136 2520 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:05:08.0152 2520 fvevol - ok
21:05:08.0230 2520 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:05:08.0277 2520 gagp30kx - ok
21:05:08.0698 2520 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:05:08.0698 2520 GEARAspiWDM - ok
21:05:09.0509 2520 HCW85BDA (89364cc2a694364f4aa148b7cb802d57) C:\Windows\system32\drivers\HCW85BDA.sys
21:05:09.0634 2520 HCW85BDA - ok
21:05:10.0071 2520 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:05:10.0133 2520 hcw85cir - ok
21:05:10.0632 2520 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:05:10.0695 2520 HdAudAddService - ok
21:05:11.0100 2520 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:05:11.0131 2520 HDAudBus - ok
21:05:11.0397 2520 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:05:11.0412 2520 HidBatt - ok
21:05:11.0553 2520 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:05:11.0599 2520 HidBth - ok
21:05:11.0755 2520 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:05:11.0818 2520 HidIr - ok
21:05:11.0943 2520 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:05:11.0974 2520 HidUsb - ok
21:05:12.0005 2520 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:05:12.0021 2520 HpSAMD - ok
21:05:12.0395 2520 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:05:12.0473 2520 HTTP - ok
21:05:12.0847 2520 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:05:12.0863 2520 hwpolicy - ok
21:05:13.0206 2520 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:05:13.0253 2520 i8042prt - ok
21:05:13.0471 2520 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:05:13.0487 2520 iaStorV - ok
21:05:14.0033 2520 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:05:14.0064 2520 iirsp - ok
21:05:14.0298 2520 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:05:14.0329 2520 intelide - ok
21:05:14.0813 2520 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:05:14.0844 2520 intelppm - ok
21:05:15.0281 2520 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:05:15.0328 2520 IpFilterDriver - ok
21:05:15.0609 2520 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:05:15.0671 2520 IPMIDRV - ok
21:05:16.0061 2520 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:05:16.0155 2520 IPNAT - ok
21:05:16.0451 2520 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:05:16.0529 2520 IRENUM - ok
21:05:16.0872 2520 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:05:16.0888 2520 isapnp - ok
21:05:17.0075 2520 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:05:17.0091 2520 iScsiPrt - ok
21:05:17.0231 2520 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:05:17.0247 2520 kbdclass - ok
21:05:17.0371 2520 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:05:17.0418 2520 kbdhid - ok
21:05:17.0683 2520 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
21:05:17.0699 2520 KSecDD - ok
21:05:17.0839 2520 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
21:05:17.0855 2520 KSecPkg - ok
21:05:18.0058 2520 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:05:18.0105 2520 lltdio - ok
21:05:18.0183 2520 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:05:18.0183 2520 LSI_FC - ok
21:05:18.0198 2520 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:05:18.0198 2520 LSI_SAS - ok
21:05:18.0276 2520 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:05:18.0307 2520 LSI_SAS2 - ok
21:05:18.0323 2520 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:05:18.0323 2520 LSI_SCSI - ok
21:05:18.0385 2520 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:05:18.0432 2520 luafv - ok
21:05:18.0526 2520 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
21:05:18.0557 2520 MBAMProtector - ok
21:05:18.0822 2520 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:05:18.0838 2520 megasas - ok
21:05:18.0947 2520 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:05:18.0947 2520 MegaSR - ok
21:05:19.0025 2520 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:05:19.0072 2520 Modem - ok
21:05:19.0197 2520 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:05:19.0243 2520 monitor - ok
21:05:19.0306 2520 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:05:19.0306 2520 mouclass - ok
21:05:19.0446 2520 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:05:19.0509 2520 mouhid - ok
21:05:19.0634 2520 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:05:19.0634 2520 mountmgr - ok
21:05:19.0790 2520 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:05:19.0805 2520 MpFilter - ok
21:05:19.0961 2520 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:05:19.0992 2520 mpio - ok
21:05:20.0195 2520 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:05:20.0211 2520 MpNWMon - ok
21:05:20.0273 2520 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:05:20.0351 2520 mpsdrv - ok
21:05:20.0632 2520 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:05:20.0710 2520 MRxDAV - ok
21:05:21.0069 2520 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:05:21.0162 2520 mrxsmb - ok
21:05:21.0490 2520 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:05:21.0521 2520 mrxsmb10 - ok
21:05:21.0630 2520 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:05:21.0662 2520 mrxsmb20 - ok
21:05:21.0708 2520 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:05:21.0740 2520 msahci - ok
21:05:22.0083 2520 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:05:22.0098 2520 msdsm - ok
21:05:22.0473 2520 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:05:22.0504 2520 Msfs - ok
21:05:22.0878 2520 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:05:22.0910 2520 mshidkmdf - ok
21:05:23.0081 2520 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:05:23.0097 2520 msisadrv - ok
21:05:23.0315 2520 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:05:23.0378 2520 MSKSSRV - ok
21:05:23.0690 2520 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:05:23.0752 2520 MSPCLOCK - ok
21:05:23.0939 2520 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:05:24.0017 2520 MSPQM - ok
21:05:24.0376 2520 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:05:24.0392 2520 MsRPC - ok
21:05:24.0610 2520 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:05:24.0626 2520 mssmbios - ok
21:05:24.0860 2520 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:05:24.0922 2520 MSTEE - ok
21:05:25.0078 2520 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:05:25.0140 2520 MTConfig - ok
21:05:25.0374 2520 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:05:25.0390 2520 Mup - ok
21:05:25.0577 2520 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:05:25.0593 2520 NativeWifiP - ok
21:05:25.0780 2520 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:05:25.0811 2520 NDIS - ok
21:05:26.0248 2520 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:05:26.0310 2520 NdisCap - ok
21:05:26.0482 2520 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:05:26.0544 2520 NdisTapi - ok
21:05:26.0591 2520 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:05:26.0638 2520 Ndisuio - ok
21:05:26.0794 2520 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:05:26.0856 2520 NdisWan - ok
21:05:26.0888 2520 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:05:26.0919 2520 NDProxy - ok
21:05:27.0200 2520 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:05:27.0293 2520 NetBIOS - ok
21:05:27.0574 2520 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:05:27.0636 2520 NetBT - ok
21:05:27.0886 2520 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:05:27.0902 2520 nfrd960 - ok
21:05:28.0182 2520 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:05:28.0198 2520 NisDrv - ok
21:05:28.0510 2520 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:05:28.0557 2520 Npfs - ok
21:05:28.0931 2520 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:05:28.0994 2520 nsiproxy - ok
21:05:29.0368 2520 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:05:29.0399 2520 Ntfs - ok
21:05:29.0524 2520 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:05:29.0586 2520 Null - ok
21:05:29.0633 2520 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:05:29.0649 2520 nvraid - ok
21:05:29.0727 2520 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:05:29.0727 2520 nvstor - ok
21:05:29.0742 2520 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:05:29.0758 2520 nv_agp - ok
21:05:29.0836 2520 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:05:29.0883 2520 ohci1394 - ok
21:05:30.0054 2520 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:05:30.0070 2520 Parport - ok
21:05:30.0132 2520 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:05:30.0132 2520 partmgr - ok
21:05:30.0273 2520 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:05:30.0304 2520 Parvdm - ok
21:05:30.0507 2520 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:05:30.0522 2520 pci - ok
21:05:30.0756 2520 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:05:30.0772 2520 pciide - ok
21:05:30.0928 2520 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:05:30.0959 2520 pcmcia - ok
21:05:30.0990 2520 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:05:31.0006 2520 pcw - ok
21:05:31.0521 2520 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:05:31.0614 2520 PEAUTH - ok
21:05:31.0864 2520 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:05:31.0926 2520 PptpMiniport - ok
21:05:31.0958 2520 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:05:31.0989 2520 Processor - ok
21:05:32.0441 2520 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:05:32.0504 2520 Psched - ok
21:05:33.0190 2520 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:05:33.0252 2520 ql2300 - ok
21:05:33.0502 2520 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:05:33.0533 2520 ql40xx - ok
21:05:33.0939 2520 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:05:33.0970 2520 QWAVEdrv - ok
21:05:34.0360 2520 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:05:34.0407 2520 RasAcd - ok
21:05:34.0563 2520 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:05:34.0625 2520 RasAgileVpn - ok
21:05:34.0688 2520 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:05:34.0734 2520 Rasl2tp - ok
21:05:34.0953 2520 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:05:35.0062 2520 RasPppoe - ok
21:05:35.0218 2520 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:05:35.0280 2520 RasSstp - ok
21:05:35.0327 2520 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:05:35.0374 2520 rdbss - ok
21:05:35.0795 2520 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:05:35.0811 2520 rdpbus - ok
21:05:36.0279 2520 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:05:36.0357 2520 RDPCDD - ok
21:05:36.0544 2520 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:05:36.0606 2520 RDPENCDD - ok
21:05:36.0638 2520 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:05:36.0684 2520 RDPREFMP - ok
21:05:36.0981 2520 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:05:37.0028 2520 RDPWD - ok
21:05:37.0246 2520 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:05:37.0262 2520 rdyboost - ok
21:05:37.0574 2520 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:05:37.0620 2520 rspndr - ok
21:05:37.0667 2520 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:05:37.0683 2520 sbp2port - ok
21:05:38.0088 2520 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:05:38.0135 2520 scfilter - ok
21:05:38.0291 2520 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:05:38.0338 2520 secdrv - ok
21:05:38.0494 2520 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:05:38.0525 2520 Serenum - ok
21:05:38.0603 2520 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:05:38.0634 2520 Serial - ok
21:05:38.0697 2520 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:05:38.0712 2520 sermouse - ok
21:05:38.0759 2520 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:05:38.0790 2520 sffdisk - ok
21:05:38.0915 2520 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:05:38.0946 2520 sffp_mmc - ok
21:05:38.0962 2520 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:05:38.0993 2520 sffp_sd - ok
21:05:39.0149 2520 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:05:39.0196 2520 sfloppy - ok
21:05:39.0290 2520 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:05:39.0305 2520 sisagp - ok
21:05:39.0352 2520 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:05:39.0368 2520 SiSRaid2 - ok
21:05:39.0461 2520 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:05:39.0477 2520 SiSRaid4 - ok
21:05:39.0539 2520 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:05:39.0570 2520 Smb - ok
21:05:39.0711 2520 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:05:39.0711 2520 spldr - ok
21:05:39.0976 2520 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:05:40.0038 2520 srv - ok
21:05:40.0397 2520 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:05:40.0413 2520 srv2 - ok
21:05:40.0616 2520 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:05:40.0662 2520 srvnet - ok
21:05:40.0834 2520 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:05:40.0881 2520 stexstor - ok
21:05:40.0943 2520 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:05:40.0943 2520 swenum - ok
21:05:41.0552 2520 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:05:41.0614 2520 Tcpip - ok
21:05:41.0864 2520 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:05:41.0895 2520 TCPIP6 - ok
21:05:42.0004 2520 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:05:42.0035 2520 tcpipreg - ok
21:05:42.0160 2520 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:05:42.0222 2520 TDPIPE - ok
21:05:42.0316 2520 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:05:42.0410 2520 TDTCP - ok
21:05:42.0612 2520 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:05:42.0800 2520 tdx - ok
21:05:43.0377 2520 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:05:43.0377 2520 TermDD - ok
21:05:43.0907 2520 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:05:43.0954 2520 tssecsrv - ok
21:05:44.0141 2520 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:05:44.0219 2520 TsUsbFlt - ok
21:05:44.0453 2520 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:05:44.0500 2520 tunnel - ok
21:05:44.0718 2520 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:05:44.0734 2520 uagp35 - ok
21:05:44.0765 2520 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:05:44.0812 2520 udfs - ok
21:05:45.0186 2520 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:05:45.0233 2520 uliagpkx - ok
21:05:45.0358 2520 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:05:45.0436 2520 umbus - ok
21:05:45.0576 2520 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:05:45.0608 2520 UmPass - ok
21:05:45.0935 2520 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
21:05:46.0013 2520 usbccgp - ok
21:05:46.0107 2520 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:05:46.0138 2520 usbcir - ok
21:05:46.0154 2520 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:05:46.0185 2520 usbehci - ok
21:05:46.0356 2520 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:05:46.0388 2520 usbhub - ok
21:05:46.0497 2520 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:05:46.0544 2520 usbohci - ok
21:05:46.0606 2520 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:05:46.0637 2520 usbprint - ok
21:05:46.0668 2520 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:05:46.0746 2520 USBSTOR - ok
21:05:46.0871 2520 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:05:46.0918 2520 usbuhci - ok
21:05:46.0980 2520 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:05:47.0012 2520 vdrvroot - ok
21:05:47.0152 2520 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:05:47.0199 2520 vga - ok
21:05:47.0199 2520 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:05:47.0230 2520 VgaSave - ok
21:05:47.0261 2520 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:05:47.0277 2520 vhdmp - ok
21:05:47.0433 2520 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:05:47.0464 2520 viaagp - ok
21:05:47.0542 2520 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:05:47.0573 2520 ViaC7 - ok
21:05:47.0745 2520 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:05:47.0760 2520 viaide - ok
21:05:47.0776 2520 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:05:47.0792 2520 volmgr - ok
21:05:47.0870 2520 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:05:47.0885 2520 volmgrx - ok
21:05:47.0963 2520 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:05:47.0979 2520 volsnap - ok
21:05:48.0072 2520 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:05:48.0072 2520 vsmraid - ok
21:05:48.0088 2520 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:05:48.0135 2520 vwifibus - ok
21:05:48.0135 2520 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:05:48.0213 2520 WacomPen - ok
21:05:48.0338 2520 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:05:48.0384 2520 WANARP - ok
21:05:48.0384 2520 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:05:48.0400 2520 Wanarpv6 - ok
21:05:48.0509 2520 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:05:48.0525 2520 Wd - ok
21:05:48.0743 2520 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:05:48.0774 2520 Wdf01000 - ok
21:05:48.0977 2520 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:05:49.0008 2520 WfpLwf - ok
21:05:49.0024 2520 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:05:49.0024 2520 WIMMount - ok
21:05:49.0102 2520 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:05:49.0133 2520 WmiAcpi - ok
21:05:49.0554 2520 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:05:49.0601 2520 ws2ifsl - ok
21:05:49.0742 2520 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:05:49.0773 2520 WudfPf - ok
21:05:49.0835 2520 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:05:49.0866 2520 WUDFRd - ok
21:05:49.0898 2520 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:05:50.0085 2520 \Device\Harddisk0\DR0 - ok
21:05:50.0100 2520 Boot (0x1200) (280f406c68afbce5502ce3229a2e7e47) \Device\Harddisk0\DR0\Partition0
21:05:50.0100 2520 \Device\Harddisk0\DR0\Partition0 - ok
21:05:50.0132 2520 Boot (0x1200) (52537955046b2a54fb37977d3099b40e) \Device\Harddisk0\DR0\Partition1
21:05:50.0147 2520 \Device\Harddisk0\DR0\Partition1 - ok
21:05:50.0147 2520 ============================================================
21:05:50.0147 2520 Scan finished
21:05:50.0147 2520 ============================================================
21:05:50.0163 2516 Detected object count: 0
21:05:50.0163 2516 Actual detected object count: 0
21:05:58.0930 2352 Deinitialize success
  • 0

#8
RKinner
Posted 01 December 2011 - 08:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK Let's try aswMBR again. This time

Do not uncheck trace disk IO calls

Change the A-V Scan to c:\

Allow it to download the stuff it needs. This should take a lot longer.
  • 0

#9
elguapo79
Posted 01 December 2011 - 08:38 PM

elguapo79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I will do this and leave the results either late tonight or in the morning as I'm off to bed. Early day tomorrow.

Thank you again for your help.
  • 0

#10
elguapo79
Posted 01 December 2011 - 08:40 PM

elguapo79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Really quick, Ron. Can you tell me how to change the A-V Scan to c:\

There must be an option that I'm not seeing.
  • 0

Advertisements

#11
RKinner
Posted 01 December 2011 - 08:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The last time I ran it there was a line near the bottom right that said a-v scan then a box that said something like quick and to the right of the box was a down arrow. You click on it and it shows you some options. One of them was C:\
  • 0

#12
elguapo79
Posted 01 December 2011 - 08:56 PM

elguapo79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
This is all I get.

Posted Image

If you leave a reply I will try to check it in the middle of the night or early morning.

Thanks again for your ongoing help!
  • 0

#13
RKinner
Posted 01 December 2011 - 09:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK. Looks like they took it out.

The more I read on this the more I think we are going to have to replace the MBR. Do you have the Windows disk?
  • 0

#14
elguapo79
Posted 02 December 2011 - 05:55 AM

elguapo79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Yes, I do have the windows disk.
  • 0

#15
RKinner
Posted 02 December 2011 - 11:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Put the Windows Vista or Windows 7 installation disc in the disc drive, and then start the computer.
Press a key when you are prompted.
Select a language, a time, a currency, a keyboard or an input method, and then click Next.
Click Repair your computer.
Click the operating system that you want to repair, and then click Next.
In the System Recovery Options dialog box, click Command Prompt.
Type Bootrec.exe, and then press ENTER.

Note To start the computer from the Windows Vista or Windows 7 DVD, the computer must be configured to start from the DVD drive. For more information about how to configure the computer to start from the DVD drive, see the documentation that is included with the computer or contact the computer manufacturer.
Type each line in the following code box. Hit Enter after each line. I use two spaces in the code box so you will be sure to see where one space goes.
    bcdedit  /export  C:\BCD_Backup
    c:
    cd  boot
    attrib  bcd  -s  -h  -r
    ren  c:\boot\bcd  bcd.old
    bootrec  /FixMbr
    bootrec  /FixBoot
    bootrec  /RebuildBcd

Note When you do bootrec /RebuildBcd. This option scans all disks for installations that are compatible with Windows Vista or Windows 7. Additionally, this option lets you select the installations that you want to add to the BCD store. We really only want the one from C: called HP in your last attachment. After the last command you can Exit, remove the disk and reboot into regular mode.

Does MSSE still see Dos:Alureon.E?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP