This topic is locked
Almost no changes at all. MSE finally decided to join the party and detected a baddie, but I did not remove it. I seem to recall the indicated file needs to be replaced. No network connection and the same error pops up on reboot. - w3dbsmgr.exe ordinal 1009 not found in dll WSOCK32.dll
MSE's contribution -
Items:
driver:AFD
file:C:\Windows\system32\drivers\afd.sys
service:AFD
I went through and deleted a bunch of the old logs to make sure it wasnt lost in the crowd.16:31:04.0516 2416 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
16:31:04.0529 2416 ============================================================
16:31:04.0529 2416 Current date / time: 2012/02/14 16:31:04.0529
16:31:04.0529 2416 SystemInfo:
16:31:04.0529 2416
16:31:04.0529 2416 OS Version: 6.1.7601 ServicePack: 1.0
16:31:04.0529 2416 Product type: Workstation
16:31:04.0529 2416 ComputerName: COMP2
16:31:04.0529 2416 UserName: IT
16:31:04.0529 2416 Windows directory: C:\Windows
16:31:04.0529 2416 System windows directory: C:\Windows
16:31:04.0529 2416 Processor architecture: Intel x86
16:31:04.0529 2416 Number of processors: 2
16:31:04.0529 2416 Page size: 0x1000
16:31:04.0529 2416 Boot type: Normal boot
16:31:04.0529 2416 ============================================================
16:31:05.0829 2416 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:31:05.0831 2416 Drive \Device\Harddisk1\DR1 - Size: 0x3A2360000 (14.53 Gb), SectorSize: 0x200, Cylinders: 0x769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:31:05.0832 2416 \Device\Harddisk0\DR0:
16:31:05.0833 2416 MBR used
16:31:05.0833 2416 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
16:31:05.0833 2416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x10CA5720
16:31:05.0833 2416 \Device\Harddisk1\DR1:
16:31:05.0833 2416 MBR used
16:31:05.0833 2416 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D0FB80
16:31:05.0860 2416 Initialize success
16:31:05.0860 2416 ============================================================
16:31:27.0035 3496 ============================================================
16:31:27.0035 3496 Scan started
16:31:27.0035 3496 Mode: Manual; SigCheck; TDLFS;
16:31:27.0035 3496 ============================================================
16:31:27.0764 3496 .dfsc - ok
16:31:27.0795 3496 .vpcvmm - ok
16:31:27.0894 3496 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:31:27.0948 3496 1394ohci - ok
16:31:27.0985 3496 5689 - ok
16:31:28.0027 3496 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:31:28.0042 3496 ACPI - ok
16:31:28.0056 3496 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:31:28.0086 3496 AcpiPmi - ok
16:31:28.0140 3496 ADIHdAudAddService (9e5ae3da1956a7825cc5869be3350a96) C:\Windows\system32\drivers\ADIHdAud.sys
16:31:28.0190 3496 ADIHdAudAddService - ok
16:31:28.0256 3496 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:31:28.0275 3496 adp94xx - ok
16:31:28.0296 3496 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:31:28.0310 3496 adpahci - ok
16:31:28.0332 3496 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:31:28.0344 3496 adpu320 - ok
16:31:28.0414 3496 AFD (c427f91a748cd342a2b3f9278d9fd6a5) C:\Windows\system32\drivers\afd.sys
16:31:28.0454 3496 AFD - ok
16:31:28.0485 3496 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:31:28.0495 3496 agp440 - ok
16:31:28.0512 3496 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:31:28.0522 3496 aic78xx - ok
16:31:28.0575 3496 aksfridge (11f424d02aea63a3a53445087072fdd0) C:\Windows\system32\DRIVERS\aksfridge.sys
16:31:28.0624 3496 aksfridge - ok
16:31:28.0656 3496 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\Windows\system32\DRIVERS\akshasp.sys
16:31:28.0677 3496 akshasp - ok
16:31:28.0691 3496 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\Windows\system32\DRIVERS\akshhl.sys
16:31:28.0715 3496 akshhl - ok
16:31:28.0727 3496 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\Windows\system32\DRIVERS\aksusb.sys
16:31:28.0748 3496 aksusb - ok
16:31:28.0790 3496 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:31:28.0800 3496 aliide - ok
16:31:28.0821 3496 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:31:28.0832 3496 amdagp - ok
16:31:28.0850 3496 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:31:28.0860 3496 amdide - ok
16:31:28.0889 3496 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:31:28.0903 3496 AmdK8 - ok
16:31:28.0921 3496 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:31:28.0935 3496 AmdPPM - ok
16:31:28.0966 3496 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:31:28.0977 3496 amdsata - ok
16:31:28.0993 3496 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:31:29.0006 3496 amdsbs - ok
16:31:29.0019 3496 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:31:29.0029 3496 amdxata - ok
16:31:29.0058 3496 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:31:29.0132 3496 AppID - ok
16:31:29.0177 3496 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:31:29.0187 3496 arc - ok
16:31:29.0208 3496 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:31:29.0219 3496 arcsas - ok
16:31:29.0260 3496 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:31:29.0323 3496 AsyncMac - ok
16:31:29.0362 3496 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:31:29.0371 3496 atapi - ok
16:31:29.0490 3496 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys
16:31:29.0599 3496 atikmdag - ok
16:31:29.0697 3496 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:31:29.0736 3496 b06bdrv - ok
16:31:29.0754 3496 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:31:29.0771 3496 b57nd60x - ok
16:31:29.0837 3496 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:31:29.0876 3496 Beep - ok
16:31:29.0944 3496 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:31:29.0964 3496 blbdrive - ok
16:31:30.0001 3496 Blfp (d2f8d15f4852920e1f6b769e982414ad) C:\Windows\system32\DRIVERS\basp.sys
16:31:30.0036 3496 Blfp - ok
16:31:30.0070 3496 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:31:30.0091 3496 bowser - ok
16:31:30.0105 3496 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:31:30.0131 3496 BrFiltLo - ok
16:31:30.0144 3496 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:31:30.0167 3496 BrFiltUp - ok
16:31:30.0215 3496 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
16:31:30.0255 3496 BridgeMP - ok
16:31:30.0275 3496 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:31:30.0303 3496 Brserid - ok
16:31:30.0321 3496 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:31:30.0350 3496 BrSerWdm - ok
16:31:30.0374 3496 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:31:30.0395 3496 BrUsbMdm - ok
16:31:30.0414 3496 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:31:30.0427 3496 BrUsbSer - ok
16:31:30.0443 3496 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:31:30.0467 3496 BTHMODEM - ok
16:31:30.0580 3496 catchme - ok
16:31:30.0603 3496 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:31:30.0638 3496 cdfs - ok
16:31:30.0673 3496 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:31:30.0694 3496 circlass - ok
16:31:30.0744 3496 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:31:30.0758 3496 CLFS - ok
16:31:30.0797 3496 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:31:30.0821 3496 CmBatt - ok
16:31:30.0856 3496 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:31:30.0867 3496 cmdide - ok
16:31:30.0887 3496 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
16:31:30.0908 3496 CNG - ok
16:31:30.0927 3496 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:31:30.0936 3496 Compbatt - ok
16:31:30.0951 3496 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:31:30.0978 3496 CompositeBus - ok
16:31:31.0002 3496 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:31:31.0012 3496 crcdisk - ok
16:31:31.0057 3496 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
16:31:31.0091 3496 CSC - ok
16:31:31.0124 3496 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:31:31.0156 3496 discache - ok
16:31:31.0175 3496 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:31:31.0185 3496 Disk - ok
16:31:31.0228 3496 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:31:31.0257 3496 drmkaud - ok
16:31:31.0306 3496 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:31:31.0327 3496 DXGKrnl - ok
16:31:31.0391 3496 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:31:31.0449 3496 ebdrv - ok
16:31:31.0546 3496 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:31:31.0565 3496 elxstor - ok
16:31:31.0623 3496 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:31:31.0642 3496 ErrDev - ok
16:31:31.0684 3496 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:31:31.0711 3496 exfat - ok
16:31:31.0743 3496 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:31:31.0779 3496 fastfat - ok
16:31:31.0800 3496 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:31:31.0819 3496 fdc - ok
16:31:31.0854 3496 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:31:31.0865 3496 FileInfo - ok
16:31:31.0881 3496 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:31:31.0921 3496 Filetrace - ok
16:31:31.0959 3496 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:31:31.0982 3496 flpydisk - ok
16:31:32.0003 3496 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:31:32.0017 3496 FltMgr - ok
16:31:32.0040 3496 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:31:32.0052 3496 FsDepends - ok
16:31:32.0102 3496 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
16:31:32.0111 3496 fssfltr - ok
16:31:32.0127 3496 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:31:32.0136 3496 Fs_Rec - ok
16:31:32.0177 3496 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:31:32.0192 3496 fvevol - ok
16:31:32.0207 3496 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:31:32.0218 3496 gagp30kx - ok
16:31:32.0279 3496 Hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\Windows\system32\drivers\hardlock.sys
16:31:32.0308 3496 Hardlock - ok
16:31:32.0371 3496 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
16:31:32.0387 3496 Haspnt ( UnsignedFile.Multi.Generic ) - warning
16:31:32.0387 3496 Haspnt - detected UnsignedFile.Multi.Generic (1)
16:31:32.0421 3496 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:31:32.0450 3496 hcw85cir - ok
16:31:32.0478 3496 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:31:32.0506 3496 HDAudBus - ok
16:31:32.0524 3496 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:31:32.0550 3496 HidBatt - ok
16:31:32.0582 3496 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:31:32.0610 3496 HidBth - ok
16:31:32.0630 3496 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:31:32.0658 3496 HidIr - ok
16:31:32.0713 3496 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
16:31:32.0725 3496 HidUsb - ok
16:31:32.0756 3496 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:31:32.0767 3496 HpSAMD - ok
16:31:32.0809 3496 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:31:32.0846 3496 HTTP - ok
16:31:32.0879 3496 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:31:32.0888 3496 hwpolicy - ok
16:31:32.0907 3496 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:31:32.0920 3496 i8042prt - ok
16:31:32.0972 3496 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:31:32.0988 3496 iaStorV - ok
16:31:33.0122 3496 igfx (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:31:33.0213 3496 igfx - ok
16:31:33.0304 3496 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:31:33.0315 3496 iirsp - ok
16:31:33.0357 3496 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:31:33.0367 3496 intelide - ok
16:31:33.0381 3496 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:31:33.0403 3496 intelppm - ok
16:31:33.0424 3496 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:31:33.0461 3496 IpFilterDriver - ok
16:31:33.0511 3496 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:31:33.0532 3496 IPMIDRV - ok
16:31:33.0556 3496 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:31:33.0583 3496 IPNAT - ok
16:31:33.0601 3496 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:31:33.0633 3496 IRENUM - ok
16:31:33.0652 3496 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:31:33.0662 3496 isapnp - ok
16:31:33.0680 3496 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:31:33.0695 3496 iScsiPrt - ok
16:31:33.0766 3496 k57nd60x (62632763d9b2b7f92d2968d40406e7aa) C:\Windows\system32\DRIVERS\k57nd60x.sys
16:31:33.0790 3496 k57nd60x - ok
16:31:33.0809 3496 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
16:31:33.0819 3496 kbdclass - ok
16:31:33.0846 3496 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
16:31:33.0864 3496 kbdhid - ok
16:31:33.0897 3496 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
16:31:33.0908 3496 KSecDD - ok
16:31:33.0955 3496 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
16:31:33.0966 3496 KSecPkg - ok
16:31:33.0997 3496 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:31:34.0031 3496 lltdio - ok
16:31:34.0065 3496 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:31:34.0076 3496 LSI_FC - ok
16:31:34.0096 3496 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:31:34.0107 3496 LSI_SAS - ok
16:31:34.0123 3496 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:31:34.0135 3496 LSI_SAS2 - ok
16:31:34.0151 3496 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:31:34.0163 3496 LSI_SCSI - ok
16:31:34.0199 3496 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:31:34.0236 3496 luafv - ok
16:31:34.0258 3496 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:31:34.0268 3496 megasas - ok
16:31:34.0286 3496 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:31:34.0301 3496 MegaSR - ok
16:31:34.0325 3496 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:31:34.0355 3496 Modem - ok
16:31:34.0389 3496 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:31:34.0414 3496 monitor - ok
16:31:34.0454 3496 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:31:34.0465 3496 mouclass - ok
16:31:34.0491 3496 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:31:34.0503 3496 mouhid - ok
16:31:34.0542 3496 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:31:34.0552 3496 mountmgr - ok
16:31:34.0587 3496 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:31:34.0599 3496 mpio - ok
16:31:34.0651 3496 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:31:34.0661 3496 MpNWMon - ok
16:31:34.0689 3496 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:31:34.0723 3496 mpsdrv - ok
16:31:34.0774 3496 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:31:34.0828 3496 MRxDAV - ok
16:31:34.0858 3496 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:31:34.0879 3496 mrxsmb - ok
16:31:34.0935 3496 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:31:34.0951 3496 mrxsmb10 - ok
16:31:34.0966 3496 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:31:34.0991 3496 mrxsmb20 - ok
16:31:35.0025 3496 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:31:35.0035 3496 msahci - ok
16:31:35.0056 3496 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:31:35.0070 3496 msdsm - ok
16:31:35.0115 3496 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:31:35.0139 3496 Msfs - ok
16:31:35.0155 3496 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:31:35.0181 3496 mshidkmdf - ok
16:31:35.0199 3496 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:31:35.0209 3496 msisadrv - ok
16:31:35.0231 3496 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:31:35.0268 3496 MSKSSRV - ok
16:31:35.0309 3496 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:31:35.0347 3496 MSPCLOCK - ok
16:31:35.0367 3496 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:31:35.0406 3496 MSPQM - ok
16:31:35.0427 3496 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:31:35.0438 3496 MsRPC - ok
16:31:35.0476 3496 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:31:35.0486 3496 mssmbios - ok
16:31:35.0520 3496 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:31:35.0561 3496 MSTEE - ok
16:31:35.0597 3496 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:31:35.0619 3496 MTConfig - ok
16:31:35.0639 3496 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:31:35.0650 3496 Mup - ok
16:31:35.0677 3496 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:31:35.0707 3496 NativeWifiP - ok
16:31:35.0763 3496 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:31:35.0785 3496 NDIS - ok
16:31:35.0797 3496 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:31:35.0840 3496 NdisCap - ok
16:31:35.0857 3496 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:31:35.0889 3496 NdisTapi - ok
16:31:35.0925 3496 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:31:35.0963 3496 Ndisuio - ok
16:31:36.0003 3496 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:31:36.0029 3496 NdisWan - ok
16:31:36.0060 3496 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:31:36.0095 3496 NDProxy - ok
16:31:36.0141 3496 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:31:36.0180 3496 NetBIOS - ok
16:31:36.0246 3496 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
16:31:36.0293 3496 NetBT - ok
16:31:36.0327 3496 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:31:36.0337 3496 nfrd960 - ok
16:31:36.0383 3496 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:31:36.0391 3496 NisDrv - ok
16:31:36.0431 3496 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:31:36.0462 3496 Npfs - ok
16:31:36.0483 3496 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:31:36.0520 3496 nsiproxy - ok
16:31:36.0575 3496 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:31:36.0607 3496 Ntfs - ok
16:31:36.0625 3496 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:31:36.0665 3496 Null - ok
16:31:36.0699 3496 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:31:36.0711 3496 nvraid - ok
16:31:36.0731 3496 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:31:36.0743 3496 nvstor - ok
16:31:36.0779 3496 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:31:36.0791 3496 nv_agp - ok
16:31:36.0812 3496 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:31:36.0837 3496 ohci1394 - ok
16:31:36.0896 3496 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:31:36.0922 3496 Parport - ok
16:31:36.0951 3496 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
16:31:36.0962 3496 partmgr - ok
16:31:36.0998 3496 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:31:37.0020 3496 Parvdm - ok
16:31:37.0073 3496 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:31:37.0085 3496 pci - ok
16:31:37.0099 3496 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:31:37.0110 3496 pciide - ok
16:31:37.0130 3496 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:31:37.0143 3496 pcmcia - ok
16:31:37.0162 3496 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:31:37.0171 3496 pcw - ok
16:31:37.0211 3496 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:31:37.0254 3496 PEAUTH - ok
16:31:37.0326 3496 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:31:37.0364 3496 PptpMiniport - ok
16:31:37.0381 3496 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:31:37.0403 3496 Processor - ok
16:31:37.0453 3496 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:31:37.0493 3496 Psched - ok
16:31:37.0524 3496 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
16:31:37.0534 3496 PxHelp20 - ok
16:31:37.0571 3496 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:31:37.0607 3496 ql2300 - ok
16:31:37.0627 3496 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:31:37.0639 3496 ql40xx - ok
16:31:37.0657 3496 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:31:37.0672 3496 QWAVEdrv - ok
16:31:37.0704 3496 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:31:37.0743 3496 RasAcd - ok
16:31:37.0784 3496 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:31:37.0809 3496 RasAgileVpn - ok
16:31:37.0834 3496 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:31:37.0869 3496 Rasl2tp - ok
16:31:37.0899 3496 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:31:37.0934 3496 RasPppoe - ok
16:31:37.0955 3496 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:31:37.0990 3496 RasSstp - ok
16:31:38.0046 3496 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:31:38.0082 3496 rdbss - ok
16:31:38.0101 3496 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:31:38.0116 3496 rdpbus - ok
16:31:38.0150 3496 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:31:38.0186 3496 RDPCDD - ok
16:31:38.0244 3496 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
16:31:38.0286 3496 RDPDR - ok
16:31:38.0310 3496 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:31:38.0346 3496 RDPENCDD - ok
16:31:38.0370 3496 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:31:38.0405 3496 RDPREFMP - ok
16:31:38.0447 3496 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
16:31:38.0483 3496 RDPWD - ok
16:31:38.0533 3496 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:31:38.0547 3496 rdyboost - ok
16:31:38.0587 3496 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:31:38.0628 3496 rspndr - ok
16:31:38.0678 3496 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
16:31:38.0712 3496 s3cap - ok
16:31:38.0748 3496 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:31:38.0759 3496 sbp2port - ok
16:31:38.0807 3496 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:31:38.0846 3496 scfilter - ok
16:31:38.0900 3496 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:31:38.0938 3496 secdrv - ok
16:31:38.0962 3496 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:31:38.0990 3496 Serenum - ok
16:31:39.0033 3496 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:31:39.0059 3496 sermouse - ok
16:31:39.0101 3496 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:31:39.0136 3496 sffdisk - ok
16:31:39.0151 3496 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:31:39.0164 3496 sffp_mmc - ok
16:31:39.0181 3496 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:31:39.0204 3496 sffp_sd - ok
16:31:39.0226 3496 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:31:39.0249 3496 sfloppy - ok
16:31:39.0295 3496 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:31:39.0305 3496 sisagp - ok
16:31:39.0318 3496 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:31:39.0328 3496 SiSRaid2 - ok
16:31:39.0351 3496 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:31:39.0362 3496 SiSRaid4 - ok
16:31:39.0380 3496 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:31:39.0406 3496 Smb - ok
16:31:39.0428 3496 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:31:39.0437 3496 spldr - ok
16:31:39.0511 3496 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:31:39.0553 3496 srv - ok
16:31:39.0594 3496 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:31:39.0618 3496 srv2 - ok
16:31:39.0640 3496 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:31:39.0664 3496 srvnet - ok
16:31:39.0709 3496 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:31:39.0719 3496 stexstor - ok
16:31:39.0750 3496 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
16:31:39.0761 3496 storflt - ok
16:31:39.0784 3496 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
16:31:39.0794 3496 storvsc - ok
16:31:39.0815 3496 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:31:39.0825 3496 swenum - ok
16:31:39.0913 3496 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
16:31:39.0947 3496 Tcpip - ok
16:31:39.0974 3496 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
16:31:40.0002 3496 TCPIP6 - ok
16:31:40.0034 3496 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:31:40.0071 3496 tcpipreg - ok
16:31:40.0112 3496 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:31:40.0142 3496 TDPIPE - ok
16:31:40.0162 3496 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
16:31:40.0196 3496 TDTCP - ok
16:31:40.0241 3496 tdx (38f57d262164cb35bc8659785703cd6b) C:\Windows\system32\DRIVERS\tdx.sys
16:31:40.0242 3496 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: 38f57d262164cb35bc8659785703cd6b, Fake md5: cb39e896a2a83702d1737bfd402b3542
16:31:40.0242 3496 tdx ( Virus.Win32.ZAccess.c ) - infected
16:31:40.0243 3496 tdx - detected Virus.Win32.ZAccess.c (0)
16:31:40.0279 3496 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:31:40.0289 3496 TermDD - ok
16:31:40.0364 3496 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:31:40.0400 3496 tssecsrv - ok
16:31:40.0456 3496 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:31:40.0477 3496 TsUsbFlt - ok
16:31:40.0512 3496 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:31:40.0554 3496 tunnel - ok
16:31:40.0591 3496 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:31:40.0602 3496 uagp35 - ok
16:31:40.0642 3496 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:31:40.0679 3496 udfs - ok
16:31:40.0727 3496 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:31:40.0738 3496 uliagpkx - ok
16:31:40.0768 3496 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:31:40.0795 3496 umbus - ok
16:31:40.0816 3496 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:31:40.0843 3496 UmPass - ok
16:31:40.0892 3496 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:31:40.0940 3496 usbccgp - ok
16:31:40.0971 3496 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:31:40.0986 3496 usbcir - ok
16:31:41.0023 3496 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:31:41.0044 3496 usbehci - ok
16:31:41.0072 3496 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:31:41.0104 3496 usbhub - ok
16:31:41.0126 3496 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
16:31:41.0152 3496 usbohci - ok
16:31:41.0166 3496 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:31:41.0193 3496 usbprint - ok
16:31:41.0231 3496 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:31:41.0255 3496 USBSTOR - ok
16:31:41.0291 3496 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:31:41.0303 3496 usbuhci - ok
16:31:41.0355 3496 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
16:31:41.0380 3496 usbvideo - ok
16:31:41.0410 3496 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:31:41.0420 3496 vdrvroot - ok
16:31:41.0454 3496 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:31:41.0479 3496 vga - ok
[size="2"]16:31:41.0518 3496 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys[/size]
[size="2"]16:31:41.0544 3496 VgaSave - ok[/size]
[size="2"]16:31:41.0570 3496 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys[/size]
[size="2"]16:31:41.0584 3496 vhdmp - ok[/size]
[size="2"]16:31:41.0600 3496 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys[/size]
[size="2"]16:31:41.0611 3496 viaagp - ok[/size]
[size="2"]16:31:41.0629 3496 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys[/size]
[size="2"]16:31:41.0653 3496 ViaC7 - ok[/size]
[size="2"]16:31:41.0666 3496 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys[/size]
[size="2"]16:31:41.0676 3496 viaide - ok[/size]
[size="2"]16:31:41.0695 3496 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys[/size]
[size="2"]16:31:41.0708 3496 vmbus - ok[/size]
[size="2"]16:31:41.0724 3496 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys[/size]
[size="2"]16:31:41.0746 3496 VMBusHID - ok[/size]
[size="2"]16:31:41.0770 3496 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys[/size]
[size="2"]16:31:41.0781 3496 volmgr - ok[/size]
[size="2"]16:31:41.0803 3496 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys[/size]
[size="2"]16:31:41.0819 3496 volmgrx - ok[/size]
[size="2"]16:31:41.0842 3496 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys[/size]
[size="2"]16:31:41.0857 3496 volsnap - ok[/size]
[size="2"]16:31:41.0891 3496 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys[/size]
[size="2"]16:31:41.0903 3496 vpcbus - ok[/size]
[size="2"]16:31:41.0943 3496 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys[/size]
[size="2"]16:31:41.0976 3496 vpcusb - ok[/size]
[size="2"]16:31:42.0005 3496 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys[/size]
[size="2"]16:31:42.0017 3496 vsmraid - ok[/size]
[size="2"]16:31:42.0040 3496 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys[/size]
[size="2"]16:31:42.0062 3496 vwifibus - ok[/size]
[size="2"]16:31:42.0085 3496 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys[/size]
[size="2"]16:31:42.0110 3496 WacomPen - ok[/size]
[size="2"]16:31:42.0148 3496 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys[/size]
[size="2"]16:31:42.0189 3496 WANARP - ok[/size]
[size="2"]16:31:42.0193 3496 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys[/size]
[size="2"]16:31:42.0218 3496 Wanarpv6 - ok[/size]
[size="2"]16:31:42.0263 3496 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys[/size]
[size="2"]16:31:42.0273 3496 Wd - ok[/size]
[size="2"]16:31:42.0297 3496 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys[/size]
[size="2"]16:31:42.0317 3496 Wdf01000 - ok[/size]
[size="2"]16:31:42.0357 3496 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys[/size]
[size="2"]16:31:42.0381 3496 WfpLwf - ok[/size]
[size="2"]16:31:42.0396 3496 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys[/size]
[size="2"]16:31:42.0407 3496 WIMMount - ok[/size]
[size="2"]16:31:42.0501 3496 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys[/size]
[size="2"]16:31:42.0525 3496 WINUSB - ok[/size]
[size="2"]16:31:42.0574 3496 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys[/size]
[size="2"]16:31:42.0586 3496 WmiAcpi - ok[/size]
[size="2"]16:31:42.0637 3496 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys[/size]
[size="2"]16:31:42.0670 3496 ws2ifsl - ok[/size]
[size="2"]16:31:42.0731 3496 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys[/size]
[size="2"]16:31:42.0756 3496 WudfPf - ok[/size]
[size="2"]16:31:42.0775 3496 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys[/size]
[size="2"]16:31:42.0813 3496 WUDFRd - ok[/size]
[size="2"]16:31:42.0843 3496 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0[/size]
[size="2"]16:31:42.0934 3496 \Device\Harddisk0\DR0 ( TDSS File System ) - warning[/size]
[size="2"]16:31:42.0934 3496 \Device\Harddisk0\DR0 - detected TDSS File System (1)[/size]
[size="2"]16:31:42.0940 3496 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1[/size]
[size="2"]16:31:45.0343 3496 \Device\Harddisk1\DR1 - ok[/size]
[size="2"]16:31:45.0347 3496 Boot (0x1200) (15576ab3bbef52ebf0e7614e5b957224) \Device\Harddisk0\DR0\Partition0[/size]
[size="2"]16:31:45.0349 3496 \Device\Harddisk0\DR0\Partition0 - ok[/size]
[size="2"]16:31:45.0368 3496 Boot (0x1200) (6ab3f2df73ca4d0c35c038286ebf8b7f) \Device\Harddisk0\DR0\Partition1[/size]
[size="2"]16:31:45.0372 3496 \Device\Harddisk0\DR0\Partition1 - ok[/size]
[size="2"]16:31:45.0378 3496 Boot (0x1200) (27a6b9d7375b2ff43db9aacf3324feb3) \Device\Harddisk1\DR1\Partition0[/size]
[size="2"]16:31:45.0379 3496 \Device\Harddisk1\DR1\Partition0 - ok[/size]
[size="2"]16:31:45.0380 3496 ============================================================[/size]
[size="2"]16:31:45.0380 3496 Scan finished[/size]
[size="2"]16:31:45.0380 3496 ============================================================[/size]
[size="2"]16:31:45.0395 1280 Detected object count: 3[/size]
[size="2"]16:31:45.0395 1280 Actual detected object count: 3[/size]
[size="2"]16:32:23.0399 1280 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user[/size]
[size="2"]16:32:23.0399 1280 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip [/size]
[size="2"]16:32:23.0446 1280 C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine[/size]
[size="2"]16:32:23.0504 1280 Backup copy found, using it..[/size]
[size="2"]16:32:23.0512 1280 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot[/size]
[size="2"]16:32:25.0752 1280 tdx ( Virus.Win32.ZAccess.c ) - User select action: Cure [/size]
[size="2"]16:32:25.0753 1280 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user[/size]
[size="2"]16:32:25.0753 1280 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip [/size]
[size="2"]16:32:32.0506 0608 Deinitialize success[/size]
[size="2"]
OTL logfile created on: 2/14/2012 4:37:57 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\IT\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.17% Memory free
3.98 Gb Paging File | 2.98 Gb Available in Paging File | 74.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.32 Gb Total Space | 74.72 Gb Free Space | 55.63% Space Free | Partition Type: NTFS
Drive D: | 14.53 Gb Total Space | 11.41 Gb Free Space | 78.57% Space Free | Partition Type: FAT32
Computer Name: COMP2 | User Name: IT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/02/09 14:50:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2010/09/27 16:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2010/04/14 04:01:34 | 000,015,656 | ---- | M] () -- C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe
PRC - [2010/04/07 20:04:58 | 000,107,816 | ---- | M] (Timberline Software Corp.) -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe
PRC - [2010/03/03 17:07:26 | 000,210,944 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIRemoteService.exe
PRC - [2009/12/06 21:12:00 | 001,590,216 | ---- | M] (UltraVNC) -- C:\Program Files\ultravnc\winvnc.exe
PRC - [2009/10/22 13:48:58 | 000,435,488 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/04/21 14:37:16 | 002,010,147 | ---- | M] (Great Lakes Data Systems, Inc.) -- C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010/12/23 09:01:48 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/10/26 17:28:06 | 000,278,928 | ---- | M] () -- C:\Program Files\Smart PDF Converter Pro\ExplorerExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/09/27 16:42:18 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2010/05/14 11:18:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/14 04:01:34 | 000,015,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Sage\SIM\Server\Sage.Sim.Server.WindowsService.exe -- (SageInstMgrServer)
SRV - [2010/04/07 20:04:58 | 000,107,816 | ---- | M] (Timberline Software Corp.) [Auto | Running] -- C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.0\Sage.LS1.ServiceHost.exe -- (Sage.LS1.ServiceHost.1.0) Sage Service Host (v1.0)
SRV - [2010/03/03 17:07:26 | 000,210,944 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\Windows\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
SRV - [2009/12/06 21:12:00 | 001,590,216 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (winvnc.exe)
SRV - [2009/12/03 12:40:23 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:14:41 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\hpn.dll -- (emupia)
SRV - [2009/04/21 14:37:16 | 002,010,147 | ---- | M] (Great Lakes Data Systems, Inc.) [Auto | Running] -- C:\Program Files\GLDS\UpgradeManager\UpgradeManagerSvc.exe -- (UpgradeManager)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
========== Driver Services (SafeList) ==========
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/23 12:13:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/11/20 07:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/27 16:42:24 | 000,356,864 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2010/09/27 16:42:16 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2010/09/27 16:42:14 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2010/09/27 16:42:14 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2010/09/27 16:42:12 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2009/08/05 05:48:28 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/05/11 12:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-823518204-261903793-839522115-5150\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\IT\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\IT\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\IT\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\IT\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 16:55:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/22 13:49:22 | 000,000,000 | ---D | M]
[2011/12/06 12:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Extensions
[2011/05/05 15:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Firefox\Profiles\d5wusoz7.default\extensions
[2011/12/06 09:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IT\AppData\Roaming\mozilla\Firefox\Profiles\d5wusoz7.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2011/12/06 12:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/02 16:55:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/09 08:17:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/09 08:17:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/02/14 08:36:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-823518204-261903793-839522115-5150\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: QuickLaunchEnabled = 1
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-823518204-261903793-839522115-5150\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} https://site.cmbchin...oad/CMBEdit.cab (Edit Class)
O16 - DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} http://shoretel/shor...oiceMessage.ocx (VoiceMessage Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FA6424B7-D971-11D1-9697-00A0C928D512} http://shoretel/shor...TwentyFour7.ocx (TwentyFour7 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OO.NET
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/12/22 13:47:36 | 000,000,016 | -H-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: emupia - C:\Windows\System32\hpn.dll (Oak Technology Inc.)
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/02/14 16:29:39 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/02/14 08:39:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/14 08:33:20 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Local\temp
[2012/02/14 08:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/13 17:43:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/13 17:38:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/10 12:55:14 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\IT\Desktop\aswMBR.exe
[2012/02/10 12:55:14 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\IT\Desktop\tdsskiller.exe
[2012/02/10 12:55:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
[2012/02/10 12:55:13 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\IT\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/08 15:25:10 | 000,083,456 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\serial.sys
[2012/02/08 14:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw VP
[2012/02/08 14:21:59 | 000,000,000 | ---D | C] -- C:\Users\IT\Desktop\RK_Quarantine
[2012/02/08 14:21:56 | 004,403,246 | R--- | C] (Swearware) -- C:\Users\IT\Desktop\ComboFix.exe
[2012/02/08 13:36:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/08 08:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/08 08:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/07 15:11:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 15:03:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/07 15:03:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/07 15:03:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/07 15:02:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/25 10:12:54 | 000,000,000 | ---D | C] -- C:\Users\IT\AppData\Local\Applications
[2012/01/24 10:49:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2009/05/04 07:12:48 | 006,224,944 | ---- | C] (PKWARE, Inc. ) -- C:\Program Files\pkreader.exe
========== Files - Modified Within 30 Days ==========
[2012/02/14 16:33:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/14 16:33:08 | 1601,937,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/14 16:31:56 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 16:31:56 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 16:22:38 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\IT\Desktop\tdsskiller.exe
[2012/02/14 16:21:52 | 004,403,246 | R--- | M] (Swearware) -- C:\Users\IT\Desktop\ComboFix.exe
[2012/02/14 10:23:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150UA.job
[2012/02/14 08:36:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/09 14:50:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\IT\Desktop\OTL.exe
[2012/02/09 14:47:02 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\IT\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/09 14:46:04 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\IT\Desktop\aswMBR.exe
[2012/02/08 14:22:35 | 000,722,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/08 14:22:35 | 000,145,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/08 14:14:42 | 001,202,688 | ---- | M] () -- C:\Users\IT\Desktop\RogueKiller.exe
[2012/02/08 13:51:39 | 277,389,603 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/08 12:25:55 | 005,492,736 | ---- | M] () -- C:\Users\IT\Desktop\Deadline_Manager.mdb
[2012/02/08 08:56:17 | 000,000,158 | ---- | M] () -- C:\Windows\ricdb.ini
[2012/02/08 08:14:20 | 000,002,679 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/08 06:23:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-261903793-839522115-5150Core1cc4ec8c6f8f671.job
[2012/02/07 17:17:28 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/07 17:02:25 | 172,953,600 | ---- | M] () -- C:\Users\IT\Desktop\Service Department_BE.mdb
[2012/02/07 10:21:40 | 003,271,124 | ---- | M] () -- C:\Users\IT\Desktop\International Property Maintenance Code.pdf
[2012/02/01 16:57:24 | 036,769,792 | ---- | M] () -- C:\Users\IT\Desktop\Service Department.mdb
[2012/02/01 10:31:01 | 000,002,447 | ---- | M] () -- C:\Users\IT\Desktop\s Quick Connect.lnk
[2012/01/23 15:36:05 | 000,000,284 | ---- | M] () -- C:\Users\IT\Desktop\repair.bat
========== Files Created - No Company Name ==========
[2012/02/14 08:26:48 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\500 Asset Accounting.lnk
[2012/02/14 08:26:48 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\500 Asset Inventory.lnk
[2012/02/14 08:26:48 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Rent Manager.lnk
[2012/02/14 08:26:48 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/02/13 17:32:28 | 000,002,039 | ---- | C] () -- C:\500 Asset Accounting.lnk
[2012/02/13 17:32:28 | 000,002,021 | ---- | C] () -- C:\500 Asset Inventory.lnk
[2012/02/13 17:32:28 | 000,001,956 | ---- | C] () -- C:\Rent Manager.lnk
[2012/02/13 17:32:28 | 000,000,981 | ---- | C] () -- C:\Malwarebytes' Anti-Malware.lnk
[2012/02/08 14:23:16 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012/02/08 14:23:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/02/08 14:23:16 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/02/08 14:23:16 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/02/08 14:23:16 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/02/08 14:23:16 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCable.lnk
[2012/02/08 14:23:15 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
[2012/02/08 14:23:14 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/02/08 14:23:12 | 000,002,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012/02/08 14:23:11 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/08 14:23:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/02/08 14:23:10 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
[2012/02/08 14:23:10 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crystal Reports XI Release 2 for Sage.lnk
[2012/02/08 14:23:10 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/02/08 14:23:10 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4.lnk
[2012/02/08 14:23:10 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/02/08 14:23:10 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta.lnk
[2012/02/08 14:21:56 | 001,202,688 | ---- | C] () -- C:\Users\IT\Desktop\RogueKiller.exe
[2012/02/08 12:16:27 | 005,492,736 | ---- | C] () -- C:\Users\IT\Desktop\Deadline_Manager.mdb
[2012/02/07 15:03:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 15:03:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 15:03:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/07 15:03:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/07 15:03:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/07 10:20:08 | 003,271,124 | ---- | C] () -- C:\Users\IT\Desktop\International Property Maintenance Code.pdf
[2012/02/01 16:44:27 | 036,769,792 | ---- | C] () -- C:\Users\IT\Desktop\Service Department.mdb
[2012/02/01 13:42:39 | 172,953,600 | ---- | C] () -- C:\Users\IT\Desktop\Service Department_BE.mdb
[2012/02/01 10:31:01 | 000,002,447 | ---- | C] () -- C:\Users\IT\Desktop\s Quick Connect.lnk
[2012/01/23 15:36:05 | 000,000,284 | ---- | C] () -- C:\Users\IT\Desktop\repair.bat
[2011/12/09 16:36:06 | 000,094,208 | ---- | C] () -- C:\Windows\TIRHService.exe
[2011/07/26 06:42:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/26 06:42:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/06/17 12:10:18 | 000,847,360 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2011/06/17 12:10:17 | 001,986,560 | ---- | C] () -- C:\Windows\System32\pvsdk.dll
[2011/04/28 14:36:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/08 12:03:13 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx151ic.ini
[2011/01/26 07:52:33 | 000,000,662 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/06 10:28:51 | 000,000,315 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2010/11/23 12:13:10 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010/11/23 12:13:05 | 000,024,576 | ---- | C] () -- C:\Windows\System32\hdduinst.exe
[2010/08/05 12:37:23 | 000,000,000 | ---- | C] () -- C:\Windows\gllink32.INI
[2010/08/04 13:35:20 | 000,000,158 | ---- | C] () -- C:\Windows\ricdb.ini
[2010/07/27 07:45:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/23 12:37:10 | 000,000,795 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/12 11:52:54 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2009/12/17 12:18:41 | 000,023,052 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/12/17 10:40:16 | 000,006,604 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/03 12:33:13 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/10/22 15:38:56 | 000,000,392 | ---- | C] () -- C:\Windows\System32\BTRDRVR.SYS
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,449,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,722,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,145,030 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/11/20 22:17:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2008/11/20 22:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2007/09/14 14:54:36 | 000,397,312 | ---- | C] () -- C:\Windows\System32\CMBEdit.dll
[2007/08/16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2006/11/29 01:30:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx13_ic.ini
[2006/10/04 18:32:20 | 000,479,232 | ---- | C] () -- C:\Windows\System32\pfpro.dll
[2006/08/15 09:00:00 | 000,454,656 | R--- | C] () -- C:\Windows\System32\PaintX.dll
[2005/12/21 18:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005/12/21 18:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2003/04/01 18:43:22 | 000,139,264 | ---- | C] () -- C:\Windows\System32\TripleDes.dll
========== LOP Check ==========
[2010/10/28 08:32:44 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Audacity
[2010/05/12 14:06:10 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\BACS.exe
[2011/01/06 11:19:15 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Downloaded Installations
[2011/01/26 07:54:46 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Event 1
[2010/07/12 09:11:07 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\KnowledgeTree
[2012/01/09 14:30:01 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Macro Recorder
[2011/01/06 11:33:03 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Nitro PDF
[2010/09/21 09:52:18 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\PO Management
[2012/02/02 13:36:20 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\ShoreWare Client
[2011/01/06 10:22:30 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Smart PDF Converter Pro
[2010/08/10 08:37:37 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SmartDraw
[2011/01/06 10:31:27 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SmartSoftOCRHelper
[2010/08/31 15:24:37 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\SystemTools
[2011/01/26 08:08:06 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Timberline
[2011/05/04 10:18:38 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\Track-It!
[2011/06/29 08:09:13 | 000,000,000 | ---D | M] -- C:\Users\IT\AppData\Roaming\webex
[2012/02/14 08:18:21 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/07/13 18:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Group" = PNP_TDI
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"TransportBindName" = \Device\
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 18:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 00 01 05 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 5
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 20:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< C:\Windows\assembly\tmp\U\*.* /s >
< C:\windows\*. /RP /s >
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\$NtUninstallKB2913$] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type
========== Alternate Data Streams ==========
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A4A25FD3
< End of report >[/size]
Edited by Dustylady, 27 February 2012 - 07:59 AM.
Sign In
Create Account
