Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijacked browsing after rogue.fakehdd removed. [Solved]


  • This topic is locked This topic is locked

#1
b3l

b3l

    Member

  • Member
  • PipPip
  • 20 posts
I had the rogue.fakeHDD and PUM.Hijack.StartMenu which I took care of with Malwarebytes and then recovered visibility of my files and icons with unhide.exe. However, 'services' in task manager is hogging a huge amount of cpu and it wasn't that way before. Also, my browser is being hijacked from going to certain sites... such as security sites where I can download combofix. I tried combofix but couldn't get it to work properly. As a result, I uninstalled AVG but when trying combofix again it claims to detect AVG as still running. I also uninstalled firefox but it doesn't seem to be completely gone.

I tried to use rescue and recovery and the whole thing froze. I would rather not have to reinstall until I have more time in a couple months. I'm using Win XP sp3. I'd be grateful for help in cleaning up my computer.

================================

OTL logfile created on: 1/8/2012 3:22:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.40 Mb Total Physical Memory | 372.46 Mb Available Physical Memory | 36.72% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.43% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.14 Gb Total Space | 13.37 Gb Free Space | 19.06% Space Free | Partition Type: NTFS

Computer Name: YAW | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/08 15:14:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/16 12:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/07/14 20:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/07/14 20:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/07/14 18:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/05/30 01:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 19:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2005/07/05 00:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/07 00:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Modules (No Company Name) ==========

MOD - [2006/08/02 03:26:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 03:24:54 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/07/14 20:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2006/07/14 20:35:28 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2006/07/14 20:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
MOD - [2006/07/14 18:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2006/05/25 11:13:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2006/05/25 11:13:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2006/02/23 12:22:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL
MOD - [2005/11/30 06:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/10/28 06:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/07/12 13:55:00 | 000,122,880 | ---- | M] () -- C:\WINDOWS\system32\tp4uires.dll
MOD - [2005/07/05 00:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005/06/07 00:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2007/11/26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006/08/16 12:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/07/14 20:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/14 18:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006/07/11 20:04:42 | 000,015,872 | ---- | M] ( ) [Disabled | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/07/11 19:52:52 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/06/07 00:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/24 20:49:38 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/26 13:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 13:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 13:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/08/16 12:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/08/02 11:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/08/02 11:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/02 04:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/20 12:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/05/25 11:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/03/09 03:20:10 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/02/02 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 08:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 15:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 15:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2001/08/17 13:06:02 | 000,154,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam4USB.sys -- (Icam4USB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/08/27 14:48:07 | 000,000,000 | ---D | M]

[2011/08/07 12:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/01/08 10:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/13 14:00:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/09/13 14:00:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/02 22:03:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2012/01/08 11:22:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\User\Start Menu\backup\Programs\Startup\Stickies.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1301018434884 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1301018496584 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AwayNotify: DllName - (C:\Program Files\Lenovo\AwayTask\AwayNotify.dll) - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1024_768 Think Americas Map.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/08 15:19:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/01/08 14:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/08 14:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/01/08 14:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/01/08 14:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2012/01/08 14:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/08 14:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/08 14:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/08 14:00:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/08 13:52:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/08 12:59:28 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/08 12:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\desk
[2012/01/08 11:58:31 | 004,374,678 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/01/08 11:42:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/08 10:40:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/08 10:40:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/08 10:40:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/08 10:40:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/08 10:39:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/08 10:37:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/08 10:20:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/08 10:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/08 10:02:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/01/08 09:03:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/01/08 08:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/08 08:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/07 23:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2012/01/07 19:36:10 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/01/07 19:17:26 | 000,000,000 | ---D | C] -- C:\found.000
[2012/01/07 17:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/07 17:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/07 17:58:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/07 17:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/07 12:40:50 | 000,000,000 | ---D | C] -- C:\bd_logs
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/08 15:19:05 | 000,009,971 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012/01/08 15:19:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/08 15:18:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/08 15:18:49 | 1063,747,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/08 15:14:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/01/08 14:41:59 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2012/01/08 12:43:13 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 12:43:13 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/08 12:09:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/01/08 11:42:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/08 11:22:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/08 08:44:54 | 004,374,678 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/01/08 08:09:37 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{407DC8A4-E999-477E-95DC-A24C0D9B2E49}.job
[2012/01/07 22:41:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/07 19:49:13 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/08 14:19:03 | 1063,747,584 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/08 11:42:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/08 11:42:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/08 10:40:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/08 10:40:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/08 10:40:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/08 10:40:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/08 10:40:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/07 23:25:21 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\backup\Programs\Startup\Stickies.lnk.disabled
[2012/01/07 22:45:14 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/01/07 22:45:14 | 000,002,321 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/01/07 22:45:14 | 000,001,987 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/01/07 22:45:14 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2012/01/07 22:45:14 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/01/07 22:45:14 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk
[2012/01/07 22:45:14 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/07 22:45:14 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2012/01/07 22:45:14 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/07 21:32:09 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/07 21:32:09 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/07 20:05:22 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/08/27 13:37:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/08/09 21:59:44 | 000,021,864 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/07 12:28:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/02 23:40:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/28 13:19:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/25 19:02:41 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/14 01:38:20 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/12 11:33:11 | 000,001,652 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/03/24 23:35:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/03/24 23:28:30 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2011/03/24 23:23:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2011/03/24 23:20:39 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/24 23:18:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/03/24 23:18:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/03/24 23:18:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/03/24 23:18:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/03/24 23:18:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/03/24 23:18:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/03/24 23:13:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2011/03/24 23:12:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2011/03/24 23:11:58 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2011/03/24 23:11:58 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2011/03/24 23:11:49 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2011/03/24 23:10:27 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2011/03/24 23:06:19 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2011/03/24 23:05:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[2011/03/24 23:05:22 | 000,005,788 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[2011/03/24 23:05:19 | 000,073,782 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[2011/03/24 20:57:01 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/03/24 20:48:43 | 000,000,474 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2007/08/09 16:43:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2006/08/17 03:00:13 | 000,009,971 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006/08/17 03:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2006/08/02 20:27:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/08/02 20:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006/07/11 19:52:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\psasrv.exe
[2006/06/14 11:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/06/12 15:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 02:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/30 02:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/30 01:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/30 01:55:55 | 000,433,634 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/30 01:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/30 01:55:55 | 000,068,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/30 01:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/30 01:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/30 01:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/30 01:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 01:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/30 01:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/30 01:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/30 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/04/29 19:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/29 19:03:29 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/08 04:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe

========== LOP Check ==========

[2011/09/13 12:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/05/14 09:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/24 23:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2011/06/28 12:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2012/01/08 10:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/08 11:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/07/08 18:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2012/01/08 14:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/27 17:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/08/17 08:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/08/17 08:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC
[2011/05/14 09:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG10
[2011/05/11 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Lenovo
[2011/07/05 17:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2011/09/02 21:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Philipp Winterberg
[2011/09/05 09:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SoftGrid Client
[2012/01/08 08:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\stickies
[2011/07/08 18:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SulusGames
[2011/03/24 23:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ThinkVantage
[2011/08/27 15:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TP
[2012/01/04 21:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2012/01/08 08:09:37 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{407DC8A4-E999-477E-95DC-A24C0D9B2E49}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, b3l Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.


Sorry for the delay, let's get started :)


Could you do the following two scans for me, then get back to me with the logs please.


1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log



2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

If it asks to download the Avast defintions, just click No.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL log
aswMBR log

  • 0

#3
b3l

b3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hello BlackOxide... thanks so much for your help.

I have pasted OTL log below but could not get ASWMBR to run in regular or safe mode.

---------------------
OTL logfile created on: 1/12/2012 11:04:47 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.40 Mb Total Physical Memory | 368.30 Mb Available Physical Memory | 36.31% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.36% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.14 Gb Total Space | 13.37 Gb Free Space | 19.06% Space Free | Partition Type: NTFS

Computer Name: YAW | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/08 15:14:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/16 12:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/07/14 20:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/07/14 20:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/07/14 18:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/05/30 01:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 19:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2005/07/05 00:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/07 00:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Modules (No Company Name) ==========

MOD - [2006/08/02 03:26:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 03:24:54 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/07/14 20:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2006/07/14 20:35:28 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2006/07/14 20:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
MOD - [2006/07/14 18:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2006/05/25 11:13:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2006/05/25 11:13:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2006/02/23 12:22:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL
MOD - [2005/11/30 06:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/10/28 06:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/07/12 13:55:00 | 000,122,880 | ---- | M] () -- C:\WINDOWS\system32\tp4uires.dll
MOD - [2005/07/05 00:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005/06/07 00:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2007/11/26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006/08/16 12:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/07/14 20:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/14 18:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006/07/11 20:04:42 | 000,015,872 | ---- | M] ( ) [Disabled | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/07/11 19:52:52 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/06/07 00:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/24 20:49:38 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/26 13:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 13:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 13:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/08/16 12:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/08/02 11:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/08/02 11:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/02 04:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/20 12:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/05/25 11:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/03/09 03:20:10 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/02/02 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 08:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 15:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 15:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2001/08/17 13:06:02 | 000,154,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam4USB.sys -- (Icam4USB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1697861012-3424590130-1003572462-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1697861012-3424590130-1003572462-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/08/27 14:48:07 | 000,000,000 | ---D | M]

[2011/08/07 12:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/01/08 10:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/13 14:00:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/09/13 14:00:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/02 22:03:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2012/01/08 11:22:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1697861012-3424590130-1003572462-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1697861012-3424590130-1003572462-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKU\S-1-5-21-1697861012-3424590130-1003572462-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\User\Start Menu\backup\Programs\Startup\Stickies.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1697861012-3424590130-1003572462-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1697861012-3424590130-1003572462-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1697861012-3424590130-1003572462-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1697861012-3424590130-1003572462-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1697861012-3424590130-1003572462-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1301018434884 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1301018496584 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AwayNotify: DllName - (C:\Program Files\Lenovo\AwayTask\AwayNotify.dll) - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1024_768 Think Americas Map.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/08 15:19:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/01/08 14:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/08 14:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/01/08 14:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/01/08 14:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2012/01/08 14:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/08 14:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/08 14:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/08 14:00:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/08 13:52:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/08 12:59:28 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/08 12:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\desk
[2012/01/08 11:58:31 | 004,374,678 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/01/08 11:42:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/08 10:40:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/08 10:40:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/08 10:40:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/08 10:40:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/08 10:39:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/08 10:37:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/08 10:20:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/08 10:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/08 10:02:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/01/08 09:03:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/01/08 08:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/08 08:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/07 23:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2012/01/07 19:36:10 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/01/07 19:17:26 | 000,000,000 | ---D | C] -- C:\found.000
[2012/01/07 17:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/07 17:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/07 17:58:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/07 17:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/07 12:40:50 | 000,000,000 | ---D | C] -- C:\bd_logs
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/12 11:05:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{407DC8A4-E999-477E-95DC-A24C0D9B2E49}.job
[2012/01/08 15:19:05 | 000,009,971 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012/01/08 15:19:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/08 15:18:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/08 15:18:49 | 1063,747,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/08 15:14:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/01/08 14:41:59 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2012/01/08 12:43:13 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 12:43:13 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/08 12:09:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/01/08 11:42:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/08 11:22:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/08 08:44:54 | 004,374,678 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/01/07 22:41:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/07 19:49:13 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/08 14:19:03 | 1063,747,584 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/08 11:42:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/08 11:42:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/08 10:40:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/08 10:40:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/08 10:40:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/08 10:40:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/08 10:40:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/07 23:25:21 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\backup\Programs\Startup\Stickies.lnk.disabled
[2012/01/07 22:45:14 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/01/07 22:45:14 | 000,002,321 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/01/07 22:45:14 | 000,001,987 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/01/07 22:45:14 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2012/01/07 22:45:14 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/01/07 22:45:14 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk
[2012/01/07 22:45:14 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/07 22:45:14 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2012/01/07 22:45:14 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/07 21:32:09 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/07 21:32:09 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/07 20:05:22 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/08/27 13:37:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/08/09 21:59:44 | 000,021,864 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/07 12:28:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/02 23:40:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/28 13:19:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/25 19:02:41 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/14 01:38:20 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/12 11:33:11 | 000,001,652 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/03/24 23:35:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/03/24 23:28:30 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2011/03/24 23:23:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2011/03/24 23:20:39 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/24 23:18:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/03/24 23:18:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/03/24 23:18:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/03/24 23:18:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/03/24 23:18:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/03/24 23:18:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/03/24 23:13:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2011/03/24 23:12:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2011/03/24 23:11:58 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2011/03/24 23:11:58 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2011/03/24 23:11:49 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2011/03/24 23:10:27 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2011/03/24 23:06:19 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2011/03/24 23:05:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[2011/03/24 23:05:22 | 000,005,788 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[2011/03/24 23:05:19 | 000,073,782 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[2011/03/24 20:57:01 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/03/24 20:48:43 | 000,000,474 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2007/08/09 16:43:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2006/08/17 03:00:13 | 000,009,971 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006/08/17 03:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2006/08/02 20:27:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/08/02 20:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006/07/11 19:52:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\psasrv.exe
[2006/06/14 11:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/06/12 15:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 02:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/30 02:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/30 01:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/30 01:55:55 | 000,433,634 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/30 01:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/30 01:55:55 | 000,068,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/30 01:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/30 01:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/30 01:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/30 01:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 01:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/30 01:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/30 01:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/30 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/04/29 19:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/29 19:03:29 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/08 04:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe

========== LOP Check ==========

[2011/03/24 20:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2011/03/24 23:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ThinkVantage
[2011/09/13 12:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/05/14 09:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/24 23:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2011/06/28 12:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2012/01/08 10:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/08 11:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/07/08 18:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2012/01/08 14:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/27 17:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/08/17 08:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/08/17 08:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC
[2011/03/24 20:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2011/03/24 23:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ThinkVantage
[2011/05/14 09:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG10
[2011/05/11 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Lenovo
[2011/07/05 17:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2011/09/02 21:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Philipp Winterberg
[2011/09/05 09:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SoftGrid Client
[2012/01/08 08:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\stickies
[2011/07/08 18:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SulusGames
[2011/03/24 23:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ThinkVantage
[2011/08/27 15:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TP
[2012/01/04 21:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2012/01/12 11:05:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{407DC8A4-E999-477E-95DC-A24C0D9B2E49}.job

========== Purity Check ==========



< End of report >
  • 0

#4
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs.

I have pasted OTL log below but could not get ASWMBR to run in regular or safe mode.

Sounds like the malware is intentionally blocking aswMBR.

Lets try a couple of other tools now...



1)
Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and press Enter on the keyboard
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.




2)
Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.



In your next reply
Please post the contents of...
RogueKiller log
MBRCheck log

  • 0

#5
b3l

b3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I am using a usb drive to ransfer log files from the sick computer to my good one. However, the light keeps flashing and I get the msg that something is accessing the usb drive when I try to eject it properly... so I just yank it out. I fear my good computer may be infected now too.

I have a recovery sector on that computer... could that be why aswMBR wouldn't work? I don't want to screw that up because I have no installation disks.

Below are the logs.

----------------------
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Scan -- Date : 01/12/2012 21:38:15

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 6dccb25f1768193e548c187f641ec181
[BSP] f4c591de792699da39f00b1647548a8f : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 75308 Mo
1 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 147087360 | Size: 4714 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] d861953366f2faea8cd7d102faebe46c
[BSP] f4c591de792699da39f00b1647548a8f : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 63 | Size: 75308 Mo
1 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 147087360 | Size: 4714 Mo
2 - [ACTIVE] NTFS [HIDDEN!] Offset (sectors): 156295440 | Size: 3 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] d861953366f2faea8cd7d102faebe46c
[BSP] f4c591de792699da39f00b1647548a8f : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 63 | Size: 75308 Mo
1 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 147087360 | Size: 4714 Mo
2 - [ACTIVE] NTFS [HIDDEN!] Offset (sectors): 156295440 | Size: 3 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt



---------------------
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 149):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7AFC000 \WINDOWS\system32\KDCOM.DLL
0xF7A0C000 \WINDOWS\system32\BOOTVID.dll
0xF74CD000 ACPI.sys
0xF7AFE000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74BC000 pci.sys
0xF75FC000 isapnp.sys
0xF7A10000 compbatt.sys
0xF7A14000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BC4000 pciide.sys
0xF787C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF749E000 pcmcia.sys
0xF760C000 MountMgr.sys
0xF747F000 ftdisk.sys
0xF7B00000 dmload.sys
0xF7459000 dmio.sys
0xF7884000 PartMgr.sys
0xF7A18000 ACPIEC.sys
0xF7BC5000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF761C000 VolSnap.sys
0xF7441000 atapi.sys
0xF736B000 iaStor.sys
0xF762C000 disk.sys
0xF763C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF734B000 fltmgr.sys
0xF7339000 sr.sys
0xF7323000 DRVMCDB.SYS
0xF764C000 PxHelp20.sys
0xF730C000 KSecDD.sys
0xF727F000 Ntfs.sys
0xF7252000 NDIS.sys
0xF7238000 Mup.sys
0xF76BC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5A48000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5A34000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5A0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF59E3000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF5841000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
0xF78CC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF581D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78D4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76CC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78DC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF68F1000 \SystemRoot\system32\DRIVERS\tp4track.sys
0xF78E4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF68ED000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF68E9000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xF76DC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF78EC000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7B4E000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF76EC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76FC000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF57FA000 \SystemRoot\system32\DRIVERS\ks.sys
0xF78F4000 \SystemRoot\system32\drivers\InCDPass.sys
0xF770C000 \SystemRoot\system32\drivers\InCDRm.sys
0xF78FC000 \SystemRoot\system32\DRIVERS\tvtpktfilter.sys
0xF7C21000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF772C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7ABC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF57E3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF773C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF774C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7904000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF57D2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6058000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7914000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF791C000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF57A2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6048000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B52000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5744000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AD4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6038000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA69ED000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BC2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA5915000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA58F1000 \SystemRoot\system32\drivers\portcls.sys
0xA69DD000 \SystemRoot\system32\drivers\drmk.sys
0xA58DA000 \SystemRoot\system32\drivers\AEAudio.sys
0xA86A5000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B06000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA646C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B08000 \SystemRoot\System32\Drivers\Beep.SYS
0xA6C68000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xA6BF6000 \SystemRoot\System32\drivers\vga.sys
0xF7B0A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B0C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA869D000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xA588A000 \SystemRoot\system32\drivers\InCDFs.sys
0xA6BEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA6BE6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA8699000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA5827000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA57CE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA577E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA5758000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8024000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA5736000 \SystemRoot\System32\drivers\afd.sys
0xA699D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA6BDE000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xA6BD6000 \SystemRoot\System32\drivers\Tppwrif.sys
0xA6BCE000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xA6BC6000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xA6BBE000 \SystemRoot\System32\drivers\Smapint.sys
0xA56F4000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xA6BB6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA56C9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA5659000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA6546000 \SystemRoot\System32\Drivers\Fips.SYS
0xA6536000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9F732000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9E7D8000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9F1FE000 \SystemRoot\System32\drivers\Dxapi.sys
0x9F94A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CBE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xBF48D000 \SystemRoot\System32\ATMFD.DLL
0xA4729000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7BDC000 \SystemRoot\System32\DLA\DLADResN.SYS
0x9DFF1000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF719B000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x9F9DB000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x9F169000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x9DFD9000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x9DFC3000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA4F5B000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA86B9000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA8014000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9CF54000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9CF17000 \SystemRoot\system32\drivers\wdmaud.sys
0xF786C000 \SystemRoot\system32\drivers\sysaudio.sys
0xA484B000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0xA0453000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0x9CD9D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA044B000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
0x9CC11000 \SystemRoot\system32\DRIVERS\srv.sys
0x9F560000 \??\C:\Program Files\SMI2\smi2.sys
0x9CB29000 \??\C:\WINDOWS\system32\drivers\tvtfilter.sys
0xA4F4B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9C770000 \SystemRoot\System32\Drivers\HTTP.sys
0x9C4A4000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9C45D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
1344 C:\WINDOWS\system32\smss.exe
1400 csrss.exe
1424 C:\WINDOWS\system32\winlogon.exe
1468 C:\WINDOWS\system32\services.exe
1480 C:\WINDOWS\system32\lsass.exe
1668 C:\WINDOWS\system32\ibmpmsvc.exe
1696 C:\WINDOWS\system32\svchost.exe
1784 svchost.exe
1824 C:\WINDOWS\system32\svchost.exe
1880 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
260 C:\WINDOWS\explorer.exe
384 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
544 svchost.exe
688 svchost.exe
960 C:\WINDOWS\system32\spoolsv.exe
1032 svchost.exe
1044 C:\WINDOWS\system32\tp4serv.exe
1060 C:\WINDOWS\system32\rundll32.exe
1068 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
1096 C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
1144 C:\Program Files\Analog Devices\Core\smax4pnp.exe
1196 C:\WINDOWS\system32\IPSSVC.EXE
1200 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
1228 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1276 C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
1304 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
1336 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
144 C:\WINDOWS\system32\hkcmd.exe
1392 C:\WINDOWS\system32\igfxpers.exe
1936 C:\WINDOWS\system32\ctfmon.exe
1532 C:\WINDOWS\system32\igfxsrvc.exe
200 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
548 C:\WINDOWS\system32\svchost.exe
916 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
1076 C:\WINDOWS\system32\TpKmpSvc.exe
164 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
2160 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
2272 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
2292 wdfmgr.exe
2520 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
3120 alg.exe
3312 C:\WINDOWS\system32\wscntfy.exe
3428 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
2168 C:\WINDOWS\system32\taskmgr.exe
460 C:\Documents and Settings\User\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2080BHPL, Rev: 00840029

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: B9D872217B47101B6158E6E983C4185CC8815E4A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Edited by b3l, 12 January 2012 - 08:53 PM.

  • 0

#6
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

However, the light keeps flashing and I get the msg that something is accessing the usb drive when I try to eject it properly... so I just yank it out. I fear my good computer may be infected now too.

Hmmm, that is a little suspicious. It may not be an infection, but lets presume it is. What we'll do is "vaccinate" your USB with Panda USB Vaccine. This should stop any infections from automatically launching when the USB device gets inserted into another PC/Laptop. I know it may have already been spread that way but we'll stop any more of it happening. Also, after we are done here, if you like, I can take a look at that PC to see if it is infected or not :)


I have a recovery sector on that computer... could that be why aswMBR wouldn't work? I don't want to screw that up because I have no installation disks.

That shouldn't be the reason it's not working. I strongly suspect it's the Rootkit at work stopping it from running. We will try running it a different way though. I'll post the instructions below...



1)
Lets get your USB Stick vaccinated now with Panda USB Vaccine.

On the other PC (hopefully it's not infected, but proceed with the instructions anyway), download Panda USB Vaccine from here
Once downloaded, plug in your USB stick
Run Panda USB Vaccine and in the USB drive Vaccination area at the bottom, make sure your USB's drive letter is selected
Now click Vaccinate USB to complete the process




2)
Lets try running aswMBR a different way:

Double click aswMBR.exe to run it.

If it asks to download the Avast defintions, just click No.

UNtick Trace disk IO calls


Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




3)
I need you to run MBRCheck again to create a 'dump' of the MBR.


Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:


Enter 1 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):


Enter 0 and press Enter

The following dialog will be presented:

Enter filename to dump to:


Type dump.txt and press Enter

It will then create a file on the desktop called dump.txt. Please Exit MBRCheck and Attach dump.txt to your next reply.

To attach a file...
  • Click Add Reply as you would do normally
  • Then within the 'Attachments' area, click Browse and select the file that you want to attach
  • Click the Attach This File button
  • Now click Add to Post on the right hand side, to insert the attachment into your post.



In your next reply
Please post the contents of...
aswMBR log
Attach the dump.txt file
  • 0

#7
b3l

b3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you for the USB vaccine... it will be very useful.

I tried running aswMBR again and got the same result. Nothing happens when I click on it... nothing comes up, no processes start in task manager. I tried in safe mode also.

FYI, I uninstalled superantispyware.

Edited by b3l, 13 January 2012 - 01:44 PM.

  • 0

#8
b3l

b3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Oops, sorry, I didn't read properly. Will get back to you with the proper log.
  • 0

#9
b3l

b3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
My confusion came from the end of your post where you asked me to attach the aswMBR log instead of the one MBRcheck.exe... all is well. Thanks so much for your help.

Attached Files

  • Attached File  dump.txt   512bytes   25 downloads

  • 0

#10
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
You got back to me with what I needed :)
We'll leave aswMBR now, as the infection has been confirmed by the other tools.

You are currently infected with a Rootkit which we'll now try and remove. Can you run the following tool below and then get back to me with the log please...




Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

Advertisements


#11
b3l

b3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I did tdss twice because the first time I was confused and thought I may have done something wrong. However, both logs are attached in the order in which they were done and I did not delete or cure anything.

log 1


15:47:35.0000 3552 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
15:47:35.0125 3552 ============================================================
15:47:35.0125 3552 Current date / time: 2012/01/13 15:47:35.0125
15:47:35.0125 3552 SystemInfo:
15:47:35.0125 3552
15:47:35.0125 3552 OS Version: 5.1.2600 ServicePack: 3.0
15:47:35.0125 3552 Product type: Workstation
15:47:35.0125 3552 ComputerName: YAW
15:47:35.0125 3552 UserName: User
15:47:35.0125 3552 Windows directory: C:\WINDOWS
15:47:35.0125 3552 System windows directory: C:\WINDOWS
15:47:35.0125 3552 Processor architecture: Intel x86
15:47:35.0125 3552 Number of processors: 2
15:47:35.0125 3552 Page size: 0x1000
15:47:35.0125 3552 Boot type: Normal boot
15:47:35.0125 3552 ============================================================
15:47:36.0156 3552 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000, SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K', Flags 0x00000050
15:47:36.0203 3552 Initialize success
15:48:21.0078 3700 ============================================================
15:48:21.0078 3700 Scan started
15:48:21.0078 3700 Mode: Manual; SigCheck; TDLFS;
15:48:21.0078 3700 ============================================================
15:48:21.0406 3700 Abiosdsk - ok
15:48:21.0453 3700 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:48:23.0406 3700 abp480n5 - ok
15:48:23.0546 3700 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
15:48:23.0796 3700 ac97intc - ok
15:48:23.0828 3700 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:48:24.0031 3700 ACPI - ok
15:48:24.0046 3700 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:48:24.0203 3700 ACPIEC - ok
15:48:24.0250 3700 ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:48:24.0312 3700 ADIHdAudAddService - ok
15:48:24.0343 3700 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:48:24.0531 3700 adpu160m - ok
15:48:24.0671 3700 AEAudioService (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
15:48:24.0734 3700 AEAudioService - ok
15:48:24.0781 3700 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:48:24.0968 3700 aec - ok
15:48:25.0015 3700 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:48:25.0046 3700 AegisP ( UnsignedFile.Multi.Generic ) - warning
15:48:25.0046 3700 AegisP - detected UnsignedFile.Multi.Generic (1)
15:48:25.0109 3700 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
15:48:25.0203 3700 AFD - ok
15:48:25.0250 3700 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:48:25.0421 3700 agp440 - ok
15:48:25.0421 3700 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:48:25.0609 3700 agpCPQ - ok
15:48:25.0750 3700 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:48:25.0828 3700 Aha154x - ok
15:48:25.0875 3700 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:48:26.0062 3700 aic78u2 - ok
15:48:26.0078 3700 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:48:26.0265 3700 aic78xx - ok
15:48:26.0296 3700 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:48:26.0468 3700 AliIde - ok
15:48:26.0500 3700 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:48:26.0656 3700 alim1541 - ok
15:48:26.0687 3700 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:48:26.0875 3700 amdagp - ok
15:48:26.0906 3700 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:48:27.0000 3700 amsint - ok
15:48:27.0015 3700 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:48:27.0203 3700 asc - ok
15:48:27.0234 3700 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:48:27.0312 3700 asc3350p - ok
15:48:27.0328 3700 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:48:27.0515 3700 asc3550 - ok
15:48:27.0640 3700 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:48:27.0828 3700 AsyncMac - ok
15:48:27.0875 3700 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:48:28.0046 3700 atapi - ok
15:48:28.0046 3700 Atdisk - ok
15:48:28.0093 3700 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:48:28.0265 3700 Atmarpc - ok
15:48:28.0281 3700 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:48:28.0437 3700 audstub - ok
15:48:28.0500 3700 b57w2k (bb1a2a73f993b623f99e03ed2f9e014c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:48:28.0562 3700 b57w2k - ok
15:48:28.0578 3700 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:48:28.0734 3700 Beep - ok
15:48:28.0843 3700 catchme - ok
15:48:28.0968 3700 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:48:29.0156 3700 cbidf - ok
15:48:29.0171 3700 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:48:29.0328 3700 cbidf2k - ok
15:48:29.0390 3700 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:48:29.0546 3700 CCDECODE - ok
15:48:29.0562 3700 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:48:29.0640 3700 cd20xrnt - ok
15:48:29.0671 3700 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:48:29.0859 3700 Cdaudio - ok
15:48:29.0906 3700 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:48:30.0078 3700 Cdfs - ok
15:48:30.0109 3700 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:48:30.0296 3700 Cdrom - ok
15:48:30.0296 3700 Changer - ok
15:48:30.0343 3700 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:48:30.0515 3700 CmBatt - ok
15:48:30.0531 3700 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:48:30.0703 3700 CmdIde - ok
15:48:30.0781 3700 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:48:30.0968 3700 Compbatt - ok
15:48:31.0031 3700 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:48:31.0234 3700 Cpqarray - ok
15:48:31.0281 3700 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:48:31.0468 3700 dac2w2k - ok
15:48:31.0500 3700 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:48:31.0671 3700 dac960nt - ok
15:48:31.0734 3700 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:48:31.0906 3700 Disk - ok
15:48:32.0000 3700 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
15:48:32.0031 3700 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
15:48:32.0031 3700 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
15:48:32.0125 3700 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:48:32.0140 3700 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
15:48:32.0140 3700 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
15:48:32.0187 3700 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
15:48:32.0203 3700 DLADResN ( UnsignedFile.Multi.Generic ) - warning
15:48:32.0203 3700 DLADResN - detected UnsignedFile.Multi.Generic (1)
15:48:32.0281 3700 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
15:48:32.0312 3700 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
15:48:32.0312 3700 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
15:48:32.0390 3700 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
15:48:32.0406 3700 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
15:48:32.0406 3700 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
15:48:32.0484 3700 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
15:48:32.0500 3700 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
15:48:32.0500 3700 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
15:48:32.0578 3700 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
15:48:32.0609 3700 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
15:48:32.0609 3700 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
15:48:32.0703 3700 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
15:48:32.0718 3700 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
15:48:32.0718 3700 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
15:48:32.0750 3700 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
15:48:32.0765 3700 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
15:48:32.0765 3700 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
15:48:32.0875 3700 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:48:33.0093 3700 dmboot - ok
15:48:33.0156 3700 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:48:33.0328 3700 dmio - ok
15:48:33.0390 3700 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:48:33.0578 3700 dmload - ok
15:48:33.0687 3700 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:48:33.0843 3700 DMusic - ok
15:48:33.0906 3700 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:48:34.0078 3700 dpti2o - ok
15:48:34.0140 3700 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:48:34.0296 3700 drmkaud - ok
15:48:34.0343 3700 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:48:34.0359 3700 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
15:48:34.0359 3700 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
15:48:34.0375 3700 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:48:34.0390 3700 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
15:48:34.0390 3700 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
15:48:34.0437 3700 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:48:34.0625 3700 E100B - ok
15:48:34.0734 3700 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
15:48:34.0734 3700 EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
15:48:34.0734 3700 EGATHDRV - detected UnsignedFile.Multi.Generic (1)
15:48:34.0812 3700 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:48:35.0000 3700 Fastfat - ok
15:48:35.0093 3700 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:48:35.0265 3700 Fdc - ok
15:48:35.0328 3700 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:48:35.0484 3700 Fips - ok
15:48:35.0546 3700 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:48:35.0718 3700 Flpydisk - ok
15:48:35.0796 3700 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:48:35.0984 3700 FltMgr - ok
15:48:36.0031 3700 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:48:36.0203 3700 Fs_Rec - ok
15:48:36.0312 3700 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:48:36.0500 3700 Ftdisk - ok
15:48:36.0593 3700 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:48:36.0765 3700 Gpc - ok
15:48:36.0812 3700 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:48:37.0000 3700 HDAudBus - ok
15:48:37.0140 3700 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:48:37.0312 3700 HidUsb - ok
15:48:37.0468 3700 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:48:37.0640 3700 hpn - ok
15:48:37.0750 3700 HSF_DPV (b1fc0b027df4374f9e5b796cfdf797b3) C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys
15:48:37.0921 3700 HSF_DPV - ok
15:48:38.0000 3700 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
15:48:38.0031 3700 HSXHWAZL - ok
15:48:38.0140 3700 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:48:38.0234 3700 HTTP - ok
15:48:38.0375 3700 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:48:38.0546 3700 i2omgmt - ok
15:48:38.0609 3700 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:48:38.0796 3700 i2omp - ok
15:48:38.0843 3700 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:48:39.0015 3700 i8042prt - ok
15:48:39.0343 3700 ialm (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:48:39.0921 3700 ialm - ok
15:48:40.0203 3700 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:48:40.0328 3700 iaStor - ok
15:48:40.0375 3700 IBMPMDRV (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
15:48:40.0406 3700 IBMPMDRV - ok
15:48:40.0515 3700 Icam4USB (222f74130a2e3a2ed655226d97f03812) C:\WINDOWS\system32\Drivers\Icam4USB.sys
15:48:40.0703 3700 Icam4USB - ok
15:48:40.0843 3700 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:48:41.0015 3700 Imapi - ok
15:48:41.0093 3700 InCDfs (b02a8a25192ee1c5e653628637ab6aaa) C:\WINDOWS\system32\drivers\InCDFs.sys
15:48:41.0125 3700 InCDfs - ok
15:48:41.0156 3700 InCDPass (b49bd5b663e1af9bf3233b782b70d865) C:\WINDOWS\system32\drivers\InCDPass.sys
15:48:41.0171 3700 InCDPass - ok
15:48:41.0203 3700 InCDrec (8fd364edbd97983575cee3e8909e62b4) C:\WINDOWS\system32\drivers\InCDrec.sys
15:48:41.0218 3700 InCDrec - ok
15:48:41.0296 3700 incdrm (fc04e827133d54ab79ca254708f76cd0) C:\WINDOWS\system32\drivers\InCDRm.sys
15:48:41.0312 3700 incdrm - ok
15:48:41.0437 3700 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:48:41.0625 3700 ini910u - ok
15:48:41.0781 3700 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:48:41.0953 3700 IntelIde - ok
15:48:42.0015 3700 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:48:42.0187 3700 intelppm - ok
15:48:42.0234 3700 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:48:42.0406 3700 Ip6Fw - ok
15:48:42.0468 3700 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:48:42.0640 3700 IpFilterDriver - ok
15:48:42.0750 3700 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:48:42.0906 3700 IpInIp - ok
15:48:42.0968 3700 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:48:43.0156 3700 IpNat - ok
15:48:43.0250 3700 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:48:43.0421 3700 IPSec - ok
15:48:43.0468 3700 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:48:43.0640 3700 IRENUM - ok
15:48:43.0687 3700 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:48:43.0875 3700 isapnp - ok
15:48:43.0984 3700 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
15:48:44.0015 3700 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
15:48:44.0015 3700 Iviaspi - detected UnsignedFile.Multi.Generic (1)
15:48:44.0093 3700 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:48:44.0265 3700 Kbdclass - ok
15:48:44.0359 3700 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:48:44.0546 3700 kmixer - ok
15:48:44.0640 3700 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:48:44.0750 3700 KSecDD - ok
15:48:44.0875 3700 lbrtfdc - ok
15:48:44.0968 3700 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:48:44.0984 3700 mdmxsdk - ok
15:48:45.0062 3700 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:48:45.0234 3700 mnmdd - ok
15:48:45.0328 3700 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:48:45.0500 3700 Modem - ok
15:48:45.0578 3700 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:48:45.0734 3700 Mouclass - ok
15:48:45.0859 3700 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:48:46.0031 3700 mouhid - ok
15:48:46.0187 3700 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:48:46.0359 3700 MountMgr - ok
15:48:46.0406 3700 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:48:46.0562 3700 mraid35x - ok
15:48:46.0609 3700 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:48:46.0812 3700 MRxDAV - ok
15:48:46.0953 3700 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:48:47.0093 3700 MRxSmb - ok
15:48:47.0171 3700 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:48:47.0343 3700 Msfs - ok
15:48:47.0406 3700 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:48:47.0578 3700 MSKSSRV - ok
15:48:47.0625 3700 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:48:47.0781 3700 MSPCLOCK - ok
15:48:47.0828 3700 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:48:48.0000 3700 MSPQM - ok
15:48:48.0093 3700 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:48:48.0281 3700 mssmbios - ok
15:48:48.0343 3700 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:48:48.0515 3700 MSTEE - ok
15:48:48.0593 3700 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:48:48.0671 3700 Mup - ok
15:48:48.0734 3700 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:48:48.0906 3700 NABTSFEC - ok
15:48:49.0000 3700 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:48:49.0171 3700 NDIS - ok
15:48:49.0265 3700 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:48:49.0437 3700 NdisIP - ok
15:48:49.0500 3700 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:48:49.0687 3700 NdisTapi - ok
15:48:49.0734 3700 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:48:49.0890 3700 Ndisuio - ok
15:48:49.0921 3700 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:48:50.0109 3700 NdisWan - ok
15:48:50.0187 3700 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:48:50.0265 3700 NDProxy - ok
15:48:50.0406 3700 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:48:50.0593 3700 NetBIOS - ok
15:48:50.0687 3700 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:48:50.0875 3700 NetBT - ok
15:48:51.0031 3700 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
15:48:51.0281 3700 NETw3x32 - ok
15:48:51.0421 3700 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:48:51.0593 3700 nm - ok
15:48:51.0687 3700 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:48:51.0859 3700 Npfs - ok
15:48:51.0937 3700 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:48:52.0156 3700 Ntfs - ok
15:48:52.0203 3700 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:48:52.0359 3700 Null - ok
15:48:52.0484 3700 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:48:52.0812 3700 nv - ok
15:48:52.0937 3700 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:48:53.0109 3700 NwlnkFlt - ok
15:48:53.0109 3700 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:48:53.0281 3700 NwlnkFwd - ok
15:48:53.0328 3700 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:48:53.0515 3700 Parport - ok
15:48:53.0546 3700 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:48:53.0718 3700 PartMgr - ok
15:48:53.0734 3700 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:48:53.0921 3700 ParVdm - ok
15:48:53.0937 3700 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:48:54.0109 3700 PCI - ok
15:48:54.0109 3700 PCIDump - ok
15:48:54.0125 3700 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:48:54.0296 3700 PCIIde - ok
15:48:54.0312 3700 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:48:54.0500 3700 Pcmcia - ok
15:48:54.0593 3700 PDCOMP - ok
15:48:54.0656 3700 PDFRAME - ok
15:48:54.0687 3700 PDRELI - ok
15:48:54.0703 3700 PDRFRAME - ok
15:48:54.0718 3700 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:48:54.0875 3700 perc2 - ok
15:48:54.0906 3700 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:48:55.0093 3700 perc2hib - ok
15:48:55.0187 3700 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
15:48:55.0203 3700 pmem ( UnsignedFile.Multi.Generic ) - warning
15:48:55.0203 3700 pmem - detected UnsignedFile.Multi.Generic (1)
15:48:55.0281 3700 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:48:55.0437 3700 PptpMiniport - ok
15:48:55.0500 3700 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
15:48:55.0531 3700 PROCDD ( UnsignedFile.Multi.Generic ) - warning
15:48:55.0531 3700 PROCDD - detected UnsignedFile.Multi.Generic (1)
15:48:55.0656 3700 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:48:55.0812 3700 Processor - ok
15:48:55.0859 3700 psadd (fb4c54f3a168b178dabf15eebaed8276) C:\WINDOWS\system32\Drivers\psadd.sys
15:48:55.0875 3700 psadd ( UnsignedFile.Multi.Generic ) - warning
15:48:55.0875 3700 psadd - detected UnsignedFile.Multi.Generic (1)
15:48:55.0890 3700 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:48:56.0078 3700 PSched - ok
15:48:56.0109 3700 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:48:56.0296 3700 Ptilink - ok
15:48:56.0343 3700 PxHelp20 (63de5a1e7f28e3c60a5801bb241fc9c9) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:48:56.0359 3700 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
15:48:56.0359 3700 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
15:48:56.0390 3700 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:48:56.0562 3700 ql1080 - ok
15:48:56.0578 3700 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:48:56.0750 3700 Ql10wnt - ok
15:48:56.0843 3700 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:48:57.0031 3700 ql12160 - ok
15:48:57.0093 3700 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:48:57.0265 3700 ql1240 - ok
15:48:57.0312 3700 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:48:57.0468 3700 ql1280 - ok
15:48:57.0515 3700 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:48:57.0687 3700 RasAcd - ok
15:48:57.0765 3700 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:48:57.0937 3700 Rasl2tp - ok
15:48:57.0984 3700 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:48:58.0156 3700 RasPppoe - ok
15:48:58.0250 3700 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:48:58.0437 3700 Raspti - ok
15:48:58.0515 3700 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:48:58.0703 3700 Rdbss - ok
15:48:58.0765 3700 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:48:58.0937 3700 RDPCDD - ok
15:48:59.0031 3700 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:48:59.0218 3700 rdpdr - ok
15:48:59.0343 3700 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:48:59.0515 3700 RDPWD - ok
15:48:59.0609 3700 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:48:59.0781 3700 redbook - ok
15:48:59.0875 3700 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:48:59.0890 3700 s24trans ( UnsignedFile.Multi.Generic ) - warning
15:48:59.0890 3700 s24trans - detected UnsignedFile.Multi.Generic (1)
15:48:59.0968 3700 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:49:00.0140 3700 Secdrv - ok
15:49:00.0203 3700 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:49:00.0375 3700 serenum - ok
15:49:00.0484 3700 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:49:00.0671 3700 Serial - ok
15:49:00.0765 3700 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:49:00.0937 3700 Sfloppy - ok
15:49:00.0984 3700 Simbad - ok
15:49:01.0046 3700 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:49:01.0203 3700 sisagp - ok
15:49:01.0281 3700 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:49:01.0468 3700 SLIP - ok
15:49:01.0593 3700 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
15:49:01.0609 3700 Smapint ( UnsignedFile.Multi.Generic ) - warning
15:49:01.0609 3700 Smapint - detected UnsignedFile.Multi.Generic (1)
15:49:01.0734 3700 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
15:49:01.0750 3700 smi2 ( UnsignedFile.Multi.Generic ) - warning
15:49:01.0750 3700 smi2 - detected UnsignedFile.Multi.Generic (1)
15:49:01.0843 3700 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:49:01.0921 3700 Sparrow - ok
15:49:01.0984 3700 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:49:02.0171 3700 splitter - ok
15:49:02.0218 3700 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:49:02.0390 3700 sr - ok
15:49:02.0453 3700 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:49:02.0515 3700 Srv - ok
15:49:02.0562 3700 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:49:02.0718 3700 streamip - ok
15:49:02.0781 3700 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:49:02.0953 3700 swenum - ok
15:49:03.0031 3700 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:49:03.0203 3700 swmidi - ok
15:49:03.0296 3700 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:49:03.0484 3700 symc810 - ok
15:49:03.0515 3700 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:49:03.0687 3700 symc8xx - ok
15:49:03.0796 3700 SYMIDSCO - ok
15:49:03.0859 3700 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:49:04.0031 3700 sym_hi - ok
15:49:04.0109 3700 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:49:04.0265 3700 sym_u3 - ok
15:49:04.0359 3700 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:49:04.0515 3700 sysaudio - ok
15:49:04.0656 3700 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:49:04.0750 3700 Tcpip - ok
15:49:04.0828 3700 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:49:04.0984 3700 TDPIPE - ok
15:49:05.0078 3700 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
15:49:05.0093 3700 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
15:49:05.0093 3700 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
15:49:05.0140 3700 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:49:05.0312 3700 TDTCP - ok
15:49:05.0375 3700 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:49:05.0546 3700 TermDD - ok
15:49:05.0593 3700 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:49:05.0781 3700 TosIde - ok
15:49:05.0828 3700 Tp4Track (e06117f4ee0fd094532d8b82f1b7883a) C:\WINDOWS\system32\DRIVERS\tp4track.sys
15:49:05.0875 3700 Tp4Track - ok
15:49:05.0937 3700 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
15:49:05.0953 3700 TPHKDRV ( UnsignedFile.Multi.Generic ) - warning
15:49:05.0953 3700 TPHKDRV - detected UnsignedFile.Multi.Generic (1)
15:49:06.0046 3700 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
15:49:06.0046 3700 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
15:49:06.0046 3700 TPPWRIF - detected UnsignedFile.Multi.Generic (1)
15:49:06.0140 3700 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
15:49:06.0140 3700 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
15:49:06.0140 3700 TSMAPIP - detected UnsignedFile.Multi.Generic (1)
15:49:06.0265 3700 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys
15:49:06.0281 3700 tvtfilter ( UnsignedFile.Multi.Generic ) - warning
15:49:06.0281 3700 tvtfilter - detected UnsignedFile.Multi.Generic (1)
15:49:06.0375 3700 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
15:49:06.0437 3700 TVTPktFilter - ok
15:49:06.0546 3700 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:49:06.0734 3700 Udfs - ok
15:49:06.0796 3700 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:49:06.0875 3700 ultra - ok
15:49:06.0968 3700 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:49:07.0156 3700 Update - ok
15:49:07.0218 3700 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:49:07.0390 3700 usbehci - ok
15:49:07.0468 3700 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:49:07.0656 3700 usbhub - ok
15:49:07.0750 3700 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:49:07.0921 3700 usbprint - ok
15:49:08.0015 3700 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:49:08.0171 3700 USBSTOR - ok
15:49:08.0218 3700 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:49:08.0390 3700 usbuhci - ok
15:49:08.0468 3700 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:49:08.0625 3700 VgaSave - ok
15:49:08.0687 3700 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:49:08.0890 3700 viaagp - ok
15:49:08.0937 3700 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:49:09.0109 3700 ViaIde - ok
15:49:09.0171 3700 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:49:09.0328 3700 VolSnap - ok
15:49:09.0406 3700 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:49:09.0562 3700 Wanarp - ok
15:49:09.0578 3700 WDICA - ok
15:49:09.0609 3700 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:49:09.0796 3700 wdmaud - ok
15:49:09.0875 3700 winachsf (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys
15:49:09.0937 3700 winachsf - ok
15:49:10.0015 3700 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:49:10.0171 3700 WS2IFSL - ok
15:49:10.0250 3700 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:49:10.0406 3700 WSTCODEC - ok
15:49:10.0453 3700 MBR (0x1B8) (602f584dec14be7e0c1d0787729c68cb) \Device\Harddisk0\DR0
15:49:10.0484 3700 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
15:49:10.0484 3700 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
15:49:10.0546 3700 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:49:10.0546 3700 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:49:10.0546 3700 Boot (0x1200) (d2ab08997f19b6a79dced485ccf8f3a5) \Device\Harddisk0\DR0\Partition0
15:49:10.0562 3700 \Device\Harddisk0\DR0\Partition0 - ok
15:49:10.0562 3700 ============================================================
15:49:10.0562 3700 Scan finished
15:49:10.0562 3700 ============================================================
15:49:10.0671 0960 Detected object count: 28
15:49:10.0671 0960 Actual detected object count: 28
15:49:34.0921 0960 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0921 0960 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0937 0960 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0937 0960 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0937 0960 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0937 0960 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0937 0960 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0937 0960 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0937 0960 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0937 0960 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0937 0960 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0937 0960 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0937 0960 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0937 0960 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0937 0960 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0937 0960 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0937 0960 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0937 0960 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0937 0960 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0937 0960 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0953 0960 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0953 0960 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0953 0960 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0953 0960 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0953 0960 EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0953 0960 EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0953 0960 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0953 0960 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0953 0960 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0953 0960 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0953 0960 PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0953 0960 PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0953 0960 psadd ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0953 0960 psadd ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0968 0960 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0968 0960 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0968 0960 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0968 0960 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0968 0960 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0968 0960 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0968 0960 smi2 ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0968 0960 smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0968 0960 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0968 0960 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0968 0960 TPHKDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0968 0960 TPHKDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0968 0960 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0968 0960 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0968 0960 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0968 0960 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0984 0960 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0984 0960 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0984 0960 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
15:49:34.0984 0960 \Device\Harddisk0\DR0 - ok
15:49:34.0984 0960 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
15:49:34.0984 0960 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:49:34.0984 0960 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:52:17.0171 2532 Deinitialize success
==========================





log 2

15:52:23.0406 3856 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
15:52:23.0421 3856 ============================================================
15:52:23.0421 3856 Current date / time: 2012/01/13 15:52:23.0421
15:52:23.0421 3856 SystemInfo:
15:52:23.0421 3856
15:52:23.0421 3856 OS Version: 5.1.2600 ServicePack: 3.0
15:52:23.0421 3856 Product type: Workstation
15:52:23.0421 3856 ComputerName: YAW
15:52:23.0421 3856 UserName: User
15:52:23.0421 3856 Windows directory: C:\WINDOWS
15:52:23.0421 3856 System windows directory: C:\WINDOWS
15:52:23.0421 3856 Processor architecture: Intel x86
15:52:23.0421 3856 Number of processors: 2
15:52:23.0421 3856 Page size: 0x1000
15:52:23.0421 3856 Boot type: Normal boot
15:52:23.0421 3856 ============================================================
15:52:23.0781 3856 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000, SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K', Flags 0x00000050
15:52:23.0828 3856 Initialize success
15:52:35.0609 3972 ============================================================
15:52:35.0609 3972 Scan started
15:52:35.0609 3972 Mode: Manual; SigCheck; TDLFS;
15:52:35.0609 3972 ============================================================
15:52:35.0812 3972 Abiosdsk - ok
15:52:35.0859 3972 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:52:36.0187 3972 abp480n5 - ok
15:52:36.0234 3972 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
15:52:36.0406 3972 ac97intc - ok
15:52:36.0453 3972 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:52:36.0640 3972 ACPI - ok
15:52:36.0656 3972 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:52:36.0812 3972 ACPIEC - ok
15:52:36.0859 3972 ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:52:36.0906 3972 ADIHdAudAddService - ok
15:52:37.0015 3972 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:52:37.0203 3972 adpu160m - ok
15:52:37.0250 3972 AEAudioService (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
15:52:37.0296 3972 AEAudioService - ok
15:52:37.0343 3972 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:52:37.0531 3972 aec - ok
15:52:37.0609 3972 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:52:37.0625 3972 AegisP ( UnsignedFile.Multi.Generic ) - warning
15:52:37.0625 3972 AegisP - detected UnsignedFile.Multi.Generic (1)
15:52:37.0718 3972 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
15:52:37.0734 3972 AFD - ok
15:52:37.0875 3972 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:52:38.0031 3972 agp440 - ok
15:52:38.0062 3972 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:52:38.0234 3972 agpCPQ - ok
15:52:38.0265 3972 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:52:38.0359 3972 Aha154x - ok
15:52:38.0406 3972 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:52:38.0578 3972 aic78u2 - ok
15:52:38.0671 3972 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:52:38.0843 3972 aic78xx - ok
15:52:38.0968 3972 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:52:39.0140 3972 AliIde - ok
15:52:39.0218 3972 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:52:39.0390 3972 alim1541 - ok
15:52:39.0453 3972 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:52:39.0625 3972 amdagp - ok
15:52:39.0671 3972 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:52:39.0765 3972 amsint - ok
15:52:39.0828 3972 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:52:40.0015 3972 asc - ok
15:52:40.0109 3972 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:52:40.0171 3972 asc3350p - ok
15:52:40.0218 3972 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:52:40.0406 3972 asc3550 - ok
15:52:40.0484 3972 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:52:40.0656 3972 AsyncMac - ok
15:52:40.0718 3972 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:52:40.0890 3972 atapi - ok
15:52:40.0937 3972 Atdisk - ok
15:52:41.0015 3972 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:52:41.0203 3972 Atmarpc - ok
15:52:41.0250 3972 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:52:41.0421 3972 audstub - ok
15:52:41.0562 3972 b57w2k (bb1a2a73f993b623f99e03ed2f9e014c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:52:41.0609 3972 b57w2k - ok
15:52:41.0640 3972 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:52:41.0812 3972 Beep - ok
15:52:41.0937 3972 catchme - ok
15:52:41.0984 3972 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:52:42.0187 3972 cbidf - ok
15:52:42.0250 3972 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:52:42.0421 3972 cbidf2k - ok
15:52:42.0500 3972 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:52:42.0656 3972 CCDECODE - ok
15:52:42.0703 3972 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:52:42.0765 3972 cd20xrnt - ok
15:52:42.0875 3972 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:52:43.0062 3972 Cdaudio - ok
15:52:43.0171 3972 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:52:43.0343 3972 Cdfs - ok
15:52:43.0406 3972 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:52:43.0578 3972 Cdrom - ok
15:52:43.0671 3972 Changer - ok
15:52:43.0703 3972 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:52:43.0875 3972 CmBatt - ok
15:52:43.0921 3972 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:52:44.0093 3972 CmdIde - ok
15:52:44.0187 3972 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:52:44.0359 3972 Compbatt - ok
15:52:44.0421 3972 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:52:44.0593 3972 Cpqarray - ok
15:52:44.0656 3972 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:52:44.0843 3972 dac2w2k - ok
15:52:44.0921 3972 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:52:45.0093 3972 dac960nt - ok
15:52:45.0187 3972 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:52:45.0343 3972 Disk - ok
15:52:45.0531 3972 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
15:52:45.0546 3972 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
15:52:45.0546 3972 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
15:52:45.0593 3972 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:52:45.0609 3972 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
15:52:45.0609 3972 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
15:52:45.0656 3972 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
15:52:45.0671 3972 DLADResN ( UnsignedFile.Multi.Generic ) - warning
15:52:45.0671 3972 DLADResN - detected UnsignedFile.Multi.Generic (1)
15:52:45.0750 3972 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
15:52:45.0765 3972 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
15:52:45.0765 3972 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
15:52:45.0843 3972 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
15:52:45.0859 3972 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
15:52:45.0859 3972 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
15:52:46.0031 3972 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
15:52:46.0046 3972 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
15:52:46.0046 3972 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
15:52:46.0125 3972 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
15:52:46.0156 3972 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
15:52:46.0156 3972 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
15:52:46.0203 3972 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
15:52:46.0218 3972 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
15:52:46.0218 3972 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
15:52:46.0250 3972 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
15:52:46.0265 3972 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
15:52:46.0265 3972 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
15:52:46.0375 3972 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:52:46.0562 3972 dmboot - ok
15:52:46.0609 3972 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:52:46.0796 3972 dmio - ok
15:52:46.0890 3972 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:52:47.0062 3972 dmload - ok
15:52:47.0156 3972 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:52:47.0343 3972 DMusic - ok
15:52:47.0406 3972 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:52:47.0578 3972 dpti2o - ok
15:52:47.0625 3972 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:52:47.0796 3972 drmkaud - ok
15:52:47.0875 3972 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:52:47.0906 3972 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
15:52:47.0906 3972 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
15:52:47.0937 3972 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:52:47.0953 3972 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
15:52:47.0953 3972 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
15:52:48.0062 3972 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:52:48.0234 3972 E100B - ok
15:52:48.0312 3972 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
15:52:48.0312 3972 EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
15:52:48.0312 3972 EGATHDRV - detected UnsignedFile.Multi.Generic (1)
15:52:48.0421 3972 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:52:48.0593 3972 Fastfat - ok
15:52:48.0640 3972 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:52:48.0812 3972 Fdc - ok
15:52:48.0843 3972 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:52:49.0015 3972 Fips - ok
15:52:49.0125 3972 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:52:49.0296 3972 Flpydisk - ok
15:52:49.0390 3972 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:52:49.0578 3972 FltMgr - ok
15:52:49.0625 3972 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:52:49.0812 3972 Fs_Rec - ok
15:52:49.0875 3972 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:52:50.0062 3972 Ftdisk - ok
15:52:50.0203 3972 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:52:50.0375 3972 Gpc - ok
15:52:50.0468 3972 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:52:50.0656 3972 HDAudBus - ok
15:52:50.0734 3972 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:52:50.0906 3972 HidUsb - ok
15:52:50.0953 3972 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:52:51.0125 3972 hpn - ok
15:52:51.0218 3972 HSF_DPV (b1fc0b027df4374f9e5b796cfdf797b3) C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys
15:52:51.0265 3972 HSF_DPV - ok
15:52:51.0453 3972 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
15:52:51.0484 3972 HSXHWAZL - ok
15:52:51.0562 3972 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:52:51.0593 3972 HTTP - ok
15:52:51.0671 3972 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:52:51.0843 3972 i2omgmt - ok
15:52:51.0921 3972 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:52:52.0109 3972 i2omp - ok
15:52:52.0234 3972 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:52:52.0406 3972 i8042prt - ok
15:52:52.0734 3972 ialm (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:52:53.0078 3972 ialm - ok
15:52:53.0203 3972 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:52:53.0265 3972 iaStor - ok
15:52:53.0343 3972 IBMPMDRV (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
15:52:53.0375 3972 IBMPMDRV - ok
15:52:53.0437 3972 Icam4USB (222f74130a2e3a2ed655226d97f03812) C:\WINDOWS\system32\Drivers\Icam4USB.sys
15:52:53.0609 3972 Icam4USB - ok
15:52:53.0671 3972 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:52:53.0843 3972 Imapi - ok
15:52:53.0953 3972 InCDfs (b02a8a25192ee1c5e653628637ab6aaa) C:\WINDOWS\system32\drivers\InCDFs.sys
15:52:53.0968 3972 InCDfs - ok
15:52:53.0984 3972 InCDPass (b49bd5b663e1af9bf3233b782b70d865) C:\WINDOWS\system32\drivers\InCDPass.sys
15:52:54.0000 3972 InCDPass - ok
15:52:54.0015 3972 InCDrec (8fd364edbd97983575cee3e8909e62b4) C:\WINDOWS\system32\drivers\InCDrec.sys
15:52:54.0031 3972 InCDrec - ok
15:52:54.0093 3972 incdrm (fc04e827133d54ab79ca254708f76cd0) C:\WINDOWS\system32\drivers\InCDRm.sys
15:52:54.0109 3972 incdrm - ok
15:52:54.0140 3972 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:52:54.0312 3972 ini910u - ok
15:52:54.0343 3972 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:52:54.0515 3972 IntelIde - ok
15:52:54.0578 3972 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:52:54.0734 3972 intelppm - ok
15:52:54.0750 3972 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:52:54.0921 3972 Ip6Fw - ok
15:52:55.0000 3972 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:52:55.0171 3972 IpFilterDriver - ok
15:52:55.0218 3972 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:52:55.0375 3972 IpInIp - ok
15:52:55.0406 3972 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:52:55.0578 3972 IpNat - ok
15:52:55.0671 3972 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:52:55.0906 3972 IPSec - ok
15:52:55.0937 3972 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:52:56.0140 3972 IRENUM - ok
15:52:56.0187 3972 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:52:56.0359 3972 isapnp - ok
15:52:56.0406 3972 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
15:52:56.0406 3972 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
15:52:56.0406 3972 Iviaspi - detected UnsignedFile.Multi.Generic (1)
15:52:56.0500 3972 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:52:56.0687 3972 Kbdclass - ok
15:52:56.0765 3972 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:52:56.0937 3972 kmixer - ok
15:52:57.0031 3972 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:52:57.0062 3972 KSecDD - ok
15:52:57.0078 3972 lbrtfdc - ok
15:52:57.0125 3972 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:52:57.0156 3972 mdmxsdk - ok
15:52:57.0218 3972 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:52:57.0375 3972 mnmdd - ok
15:52:57.0421 3972 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:52:57.0609 3972 Modem - ok
15:52:57.0703 3972 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:52:57.0859 3972 Mouclass - ok
15:52:57.0921 3972 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:52:58.0093 3972 mouhid - ok
15:52:58.0187 3972 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:52:58.0375 3972 MountMgr - ok
15:52:58.0421 3972 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:52:58.0593 3972 mraid35x - ok
15:52:58.0625 3972 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:52:58.0796 3972 MRxDAV - ok
15:52:58.0875 3972 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:52:58.0921 3972 MRxSmb - ok
15:52:59.0000 3972 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:52:59.0156 3972 Msfs - ok
15:52:59.0406 3972 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:52:59.0578 3972 MSKSSRV - ok
15:52:59.0625 3972 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:52:59.0796 3972 MSPCLOCK - ok
15:52:59.0953 3972 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:53:00.0156 3972 MSPQM - ok
15:53:00.0171 3972 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:53:00.0328 3972 mssmbios - ok
15:53:00.0375 3972 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:53:00.0546 3972 MSTEE - ok
15:53:00.0593 3972 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:53:00.0640 3972 Mup - ok
15:53:00.0640 3972 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:53:00.0796 3972 NABTSFEC - ok
15:53:00.0843 3972 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:53:01.0015 3972 NDIS - ok
15:53:01.0156 3972 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:53:01.0328 3972 NdisIP - ok
15:53:01.0375 3972 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:53:01.0546 3972 NdisTapi - ok
15:53:01.0578 3972 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:53:01.0734 3972 Ndisuio - ok
15:53:01.0765 3972 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:53:01.0921 3972 NdisWan - ok
15:53:01.0968 3972 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:53:02.0000 3972 NDProxy - ok
15:53:02.0062 3972 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:53:02.0234 3972 NetBIOS - ok
15:53:02.0265 3972 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:53:02.0453 3972 NetBT - ok
15:53:02.0593 3972 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
15:53:02.0718 3972 NETw3x32 - ok
15:53:02.0859 3972 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:53:03.0031 3972 nm - ok
15:53:03.0046 3972 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:53:03.0218 3972 Npfs - ok
15:53:03.0265 3972 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:53:03.0453 3972 Ntfs - ok
15:53:03.0484 3972 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:53:03.0640 3972 Null - ok
15:53:03.0750 3972 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:53:04.0000 3972 nv - ok
15:53:04.0000 3972 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:53:04.0187 3972 NwlnkFlt - ok
15:53:04.0203 3972 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:53:04.0375 3972 NwlnkFwd - ok
15:53:04.0453 3972 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:53:04.0625 3972 Parport - ok
15:53:04.0750 3972 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:53:04.0937 3972 PartMgr - ok
15:53:04.0968 3972 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:53:05.0140 3972 ParVdm - ok
15:53:05.0156 3972 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:53:05.0328 3972 PCI - ok
15:53:05.0343 3972 PCIDump - ok
15:53:05.0359 3972 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:53:05.0546 3972 PCIIde - ok
15:53:05.0546 3972 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:53:05.0734 3972 Pcmcia - ok
15:53:05.0765 3972 PDCOMP - ok
15:53:05.0781 3972 PDFRAME - ok
15:53:05.0796 3972 PDRELI - ok
15:53:05.0812 3972 PDRFRAME - ok
15:53:05.0828 3972 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:53:05.0984 3972 perc2 - ok
15:53:06.0000 3972 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:53:06.0171 3972 perc2hib - ok
15:53:06.0250 3972 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
15:53:06.0250 3972 pmem ( UnsignedFile.Multi.Generic ) - warning
15:53:06.0250 3972 pmem - detected UnsignedFile.Multi.Generic (1)
15:53:06.0390 3972 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:53:06.0546 3972 PptpMiniport - ok
15:53:06.0640 3972 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
15:53:06.0656 3972 PROCDD ( UnsignedFile.Multi.Generic ) - warning
15:53:06.0656 3972 PROCDD - detected UnsignedFile.Multi.Generic (1)
15:53:06.0703 3972 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:53:06.0859 3972 Processor - ok
15:53:06.0937 3972 psadd (fb4c54f3a168b178dabf15eebaed8276) C:\WINDOWS\system32\Drivers\psadd.sys
15:53:06.0953 3972 psadd ( UnsignedFile.Multi.Generic ) - warning
15:53:06.0953 3972 psadd - detected UnsignedFile.Multi.Generic (1)
15:53:06.0984 3972 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:53:07.0156 3972 PSched - ok
15:53:07.0250 3972 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:53:07.0437 3972 Ptilink - ok
15:53:07.0578 3972 PxHelp20 (63de5a1e7f28e3c60a5801bb241fc9c9) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:53:07.0593 3972 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
15:53:07.0593 3972 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
15:53:07.0640 3972 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:53:07.0828 3972 ql1080 - ok
15:53:07.0843 3972 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:53:08.0015 3972 Ql10wnt - ok
15:53:08.0265 3972 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:53:08.0453 3972 ql12160 - ok
15:53:08.0500 3972 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:53:08.0656 3972 ql1240 - ok
15:53:08.0703 3972 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:53:08.0859 3972 ql1280 - ok
15:53:08.0921 3972 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:53:09.0093 3972 RasAcd - ok
15:53:09.0187 3972 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:53:09.0359 3972 Rasl2tp - ok
15:53:09.0468 3972 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:53:09.0640 3972 RasPppoe - ok
15:53:09.0703 3972 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:53:09.0875 3972 Raspti - ok
15:53:09.0921 3972 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:53:10.0093 3972 Rdbss - ok
15:53:10.0125 3972 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:53:10.0296 3972 RDPCDD - ok
15:53:10.0375 3972 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:53:10.0546 3972 rdpdr - ok
15:53:10.0640 3972 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
15:53:10.0812 3972 RDPWD - ok
15:53:10.0953 3972 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:53:11.0125 3972 redbook - ok
15:53:11.0234 3972 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:53:11.0234 3972 s24trans ( UnsignedFile.Multi.Generic ) - warning
15:53:11.0234 3972 s24trans - detected UnsignedFile.Multi.Generic (1)
15:53:11.0296 3972 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:53:11.0484 3972 Secdrv - ok
15:53:11.0546 3972 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:53:11.0718 3972 serenum - ok
15:53:11.0765 3972 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:53:11.0937 3972 Serial - ok
15:53:12.0015 3972 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:53:12.0187 3972 Sfloppy - ok
15:53:12.0312 3972 Simbad - ok
15:53:12.0328 3972 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:53:12.0484 3972 sisagp - ok
15:53:12.0546 3972 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:53:12.0703 3972 SLIP - ok
15:53:12.0765 3972 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
15:53:12.0781 3972 Smapint ( UnsignedFile.Multi.Generic ) - warning
15:53:12.0781 3972 Smapint - detected UnsignedFile.Multi.Generic (1)
15:53:12.0875 3972 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
15:53:12.0890 3972 smi2 ( UnsignedFile.Multi.Generic ) - warning
15:53:12.0890 3972 smi2 - detected UnsignedFile.Multi.Generic (1)
15:53:12.0953 3972 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:53:13.0031 3972 Sparrow - ok
15:53:13.0187 3972 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:53:13.0375 3972 splitter - ok
15:53:13.0671 3972 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:53:13.0843 3972 sr - ok
15:53:13.0937 3972 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:53:13.0968 3972 Srv - ok
15:53:14.0062 3972 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:53:14.0234 3972 streamip - ok
15:53:14.0296 3972 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:53:14.0468 3972 swenum - ok
15:53:14.0578 3972 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:53:14.0750 3972 swmidi - ok
15:53:14.0828 3972 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:53:15.0000 3972 symc810 - ok
15:53:15.0046 3972 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:53:15.0203 3972 symc8xx - ok
15:53:15.0281 3972 SYMIDSCO - ok
15:53:15.0343 3972 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:53:15.0515 3972 sym_hi - ok
15:53:15.0562 3972 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:53:15.0734 3972 sym_u3 - ok
15:53:15.0796 3972 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:53:15.0953 3972 sysaudio - ok
15:53:16.0109 3972 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:53:16.0187 3972 Tcpip - ok
15:53:16.0250 3972 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:53:16.0437 3972 TDPIPE - ok
15:53:16.0531 3972 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
15:53:16.0546 3972 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
15:53:16.0546 3972 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
15:53:16.0609 3972 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:53:16.0796 3972 TDTCP - ok
15:53:17.0000 3972 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:53:17.0203 3972 TermDD - ok
15:53:17.0328 3972 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:53:17.0546 3972 TosIde - ok
15:53:17.0625 3972 Tp4Track (e06117f4ee0fd094532d8b82f1b7883a) C:\WINDOWS\system32\DRIVERS\tp4track.sys
15:53:17.0656 3972 Tp4Track - ok
15:53:17.0953 3972 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
15:53:17.0968 3972 TPHKDRV ( UnsignedFile.Multi.Generic ) - warning
15:53:17.0968 3972 TPHKDRV - detected UnsignedFile.Multi.Generic (1)
15:53:18.0062 3972 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
15:53:18.0109 3972 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
15:53:18.0109 3972 TPPWRIF - detected UnsignedFile.Multi.Generic (1)
15:53:18.0203 3972 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
15:53:18.0312 3972 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
15:53:18.0312 3972 TSMAPIP - detected UnsignedFile.Multi.Generic (1)
15:53:18.0390 3972 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys
15:53:18.0421 3972 tvtfilter ( UnsignedFile.Multi.Generic ) - warning
15:53:18.0421 3972 tvtfilter - detected UnsignedFile.Multi.Generic (1)
15:53:18.0515 3972 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
15:53:18.0531 3972 TVTPktFilter - ok
15:53:18.0671 3972 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:53:18.0828 3972 Udfs - ok
15:53:18.0953 3972 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:53:19.0031 3972 ultra - ok
15:53:19.0109 3972 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:53:19.0312 3972 Update - ok
15:53:19.0375 3972 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:53:19.0562 3972 usbehci - ok
15:53:19.0625 3972 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:53:19.0796 3972 usbhub - ok
15:53:19.0937 3972 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:53:20.0125 3972 usbprint - ok
15:53:20.0234 3972 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:53:20.0390 3972 USBSTOR - ok
15:53:20.0453 3972 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:53:20.0625 3972 usbuhci - ok
15:53:20.0687 3972 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:53:20.0843 3972 VgaSave - ok
15:53:21.0000 3972 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:53:21.0171 3972 viaagp - ok
15:53:21.0250 3972 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:53:21.0421 3972 ViaIde - ok
15:53:21.0453 3972 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:53:21.0625 3972 VolSnap - ok
15:53:21.0687 3972 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:53:21.0843 3972 Wanarp - ok
15:53:21.0859 3972 WDICA - ok
15:53:21.0906 3972 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:53:22.0078 3972 wdmaud - ok
15:53:22.0156 3972 winachsf (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys
15:53:22.0187 3972 winachsf - ok
15:53:22.0296 3972 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:53:22.0453 3972 WS2IFSL - ok
15:53:22.0546 3972 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:53:22.0718 3972 WSTCODEC - ok
15:53:22.0765 3972 MBR (0x1B8) (602f584dec14be7e0c1d0787729c68cb) \Device\Harddisk0\DR0
15:53:23.0046 3972 \Device\Harddisk0\DR0 - ok
15:53:23.0046 3972 Boot (0x1200) (d2ab08997f19b6a79dced485ccf8f3a5) \Device\Harddisk0\DR0\Partition0
15:53:23.0046 3972 \Device\Harddisk0\DR0\Partition0 - ok
15:53:23.0046 3972 ============================================================
15:53:23.0046 3972 Scan finished
15:53:23.0046 3972 ============================================================
15:53:23.0156 3504 Detected object count: 26
15:53:23.0156 3504 Actual detected object count: 26
15:54:49.0250 3504 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0250 3504 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0250 3504 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0250 3504 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0250 3504 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0250 3504 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0250 3504 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0250 3504 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0265 3504 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0265 3504 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0265 3504 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0265 3504 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0265 3504 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0265 3504 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0265 3504 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0265 3504 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0265 3504 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0265 3504 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0265 3504 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0265 3504 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0265 3504 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0265 3504 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0265 3504 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0281 3504 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0281 3504 EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0281 3504 EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0281 3504 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0281 3504 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0281 3504 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0281 3504 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0281 3504 PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0281 3504 PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0281 3504 psadd ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0281 3504 psadd ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0281 3504 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0281 3504 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0281 3504 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0281 3504 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0296 3504 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0296 3504 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0296 3504 smi2 ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0296 3504 smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0296 3504 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0296 3504 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0296 3504 TPHKDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0296 3504 TPHKDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0296 3504 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0296 3504 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0296 3504 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0296 3504 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:49.0296 3504 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:49.0296 3504 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:00.0328 3864 Deinitialize success
  • 0

#12
b3l

b3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
When I rebooted I got a found new hardware wizard. I just cancelled it.
  • 0

#13
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for posting both logs. TDSSKiller has automatically Cured the Rootkit that was present, which is good to see. Could you now run the following scan with ComboFix. I'll check on that Found New Hardware Wizard shortly.



Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


In your next reply
Please post the contents of...
ComboFix log
  • 0

#14
b3l

b3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
On starting combofix, as I described in my initial post, it detected AVG running, even though I uninstalled AVG. Don't seem to be getting browser redirects any more and services.exe is no longer hogging cpu. Things are looking good, thank you! I did get the new hardware found wizard again and just closed it.

Combofix log is below.

ComboFix 12-01-13.03 - User 01/13/2012 16:32:36.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.541 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-08 19:15 . 2012-01-08 19:15 -------- d-----w- c:\program files\SpywareBlaster
2012-01-08 13:52 . 2012-01-08 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-08 13:52 . 2012-01-08 15:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-08 04:00 . 2012-01-08 04:00 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2012-01-08 00:36 . 2012-01-08 00:36 -------- d-----w- C:\!KillBox
2012-01-08 00:17 . 2012-01-08 00:17 -------- d-----w- C:\found.000
2012-01-07 22:59 . 2012-01-07 22:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-01-07 22:58 . 2012-01-07 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-07 22:58 . 2012-01-07 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-07 22:58 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-07 22:56 . 2012-01-07 22:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2012-01-07 20:12 . 2012-01-07 20:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-01-07 17:40 . 2012-01-07 17:41 -------- d-----w- C:\bd_logs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 05:00 . 2011-03-25 04:28 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-12-27 16:31 . 2011-11-01 20:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( [email protected]_18.37.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-13 21:03 . 2012-01-13 21:03 16384 c:\windows\temp\Perflib_Perfdata_3e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4serv.exe" [2005-07-12 94208]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-08-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1416" [?]
.
c:\documents and settings\User\Start Menu\backup\Programs\Startup\
Stickies.lnk.disabled [2011-7-10 719]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-10-25 19:13 821144 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-10-25 19:13 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Synchronizer]
2010-10-25 19:13 1216416 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
2006-08-16 17:07 69632 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2006-05-25 16:13 208896 ------w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-19 00:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-02-02 13:20 122940 ------w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-11-26 18:54 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-28 00:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-28 00:50 81920 ------w- c:\program files\Common Files\Installshield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2006-07-04 16:11 110592 ------w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-08-08 13:56 421888 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-11-26 18:54 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2006-07-15 02:05 503808 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SUService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"InCDsrv"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yawcam\\Yawcam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8081:TCP"= 8081:TCP:yaw stream tcp
"8081:UDP"= 8081:UDP:yaw stream udp
"8888:TCP"= 8888:TCP:yaw http tcp
"8888:UDP"= 8888:UDP:yaw http udp
"465:TCP"= 465:TCP:smtp gmail
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 6:55 PM 3968]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [3/24/2011 11:05 PM 13840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 16:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-13 c:\windows\Tasks\User_Feed_Synchronization-{407DC8A4-E999-477E-95DC-A24C0D9B2E49}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title = vegetation station
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-13 16:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1697861012-3424590130-1003572462-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1404)
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
- - - - - - - > 'explorer.exe'(1612)
c:\windows\system32\WININET.dll
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-01-13 16:48:30
ComboFix-quarantined-files.txt 2012-01-13 21:48
ComboFix2.txt 2012-01-08 18:52
.
Pre-Run: 14,456,991,744 bytes free
Post-Run: 14,447,185,920 bytes free
.
- - End Of File - - DA6DCA28EF7063E197FD2BD5F20F16AA
  • 0

#15
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Yep, looking much better now :)

Lets remove AVG completely by using the AVG Removal Tool. Then if you could run a fresh scan with MBAM and we'll see if it's reporting a clean PC.


1)
Remove Leftovers of AVG
Click here to download the AVG Removal Tool
Once downloaded, double click on the tool and let it run through uninterrupted
Reboot the PC once it has completed



2)
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply



3)
Lets now look into the New Hardware Found Wizard. Please run MiniToolBox using the instructions below...

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • List last 10 Event Viewer log
  • List Devices
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.



In your next reply
Please post the contents of...
MBAM log
MiniToolbox log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP