Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojans PSW.Generic9.OCX and PWS.Agent.ASIO [Solved]


  • This topic is locked This topic is locked

#1
kerriev

kerriev

    Member

  • Member
  • PipPip
  • 16 posts
Hi,

I have an extremely slow performing computer and AVG 2012 has now identified a trojan. Last week it told me that it was PSW.Agent.ASIO and that it removed it from System.exe, but could not remove it from memory. I've been trying to see how to remove it and so attempted to use VIPRERescue which said it found 8 infections, but mentioned that it only removed 1. When I re-ran AVG overnight now says it has PSW.Generic9.OCX, but no mention of PSW.Agent.ASIO. Again this trojan (PSQ.Generic9.OCX) can't seem to be cleaned from memory. I have also tried Malwarebytes AntiMalware and it couldn't seem to find either trojan.

Thanks in advance for any assistance. I am really am not sure how proceed.

Cheers,
Kerrie

Extract from OTL:


OTL logfile created on: 16/02/2012 07:35:09 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kerrie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.98 Mb Total Physical Memory | 169.52 Mb Available Physical Memory | 16.72% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.84% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.15 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
Drive D: | 29.35 Gb Total Space | 11.17 Gb Free Space | 38.06% Space Free | Partition Type: NTFS

Computer Name: LOTSASMILES | User Name: Kerrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/15 15:07:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kerrie\My Documents\Downloads\OTL.exe
PRC - [2012/01/24 17:24:26 | 004,200,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgui.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/06 16:06:12 | 000,251,744 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/06/06 15:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/07 21:33:30 | 000,020,480 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2006/04/13 23:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 09:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/03/10 06:58:00 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/03/01 00:29:54 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2006/03/01 00:25:48 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/03/01 00:25:20 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/03/01 00:22:50 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/02/14 22:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/11/28 08:39:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 08:39:30 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/09 13:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/07/20 03:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/09 01:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/09 00:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2005/05/24 05:43:28 | 000,053,248 | ---- | M] (Global Locate, Inc.) -- C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe
PRC - [2004/11/17 22:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/08 20:51:10 | 000,106,496 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
PRC - [2004/08/19 11:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/02/21 00:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2002/03/15 02:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/01 16:48:48 | 008,217,088 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/04/01 16:41:58 | 002,267,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2008/03/25 15:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/10/07 21:33:35 | 000,049,152 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll
MOD - [2006/10/07 21:33:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll
MOD - [2006/10/07 21:33:30 | 000,020,480 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll
MOD - [2006/10/07 21:33:30 | 000,020,480 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
MOD - [2006/10/07 21:33:28 | 000,143,360 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll
MOD - [2006/03/01 00:39:02 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/03/01 00:39:02 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/03/01 00:39:02 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/02/14 00:15:04 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/09/09 13:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MOD - [2005/05/21 03:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2004/07/21 03:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 15:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2007/02/05 21:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 21:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 13:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 13:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 12:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/06/13 00:37:34 | 002,080,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/05/18 03:43:34 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 03:19:26 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/04/13 23:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/04/04 09:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 08:39:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 08:39:30 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 08:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/10/11 21:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/09/09 13:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/07/15 05:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/01/04 21:09:36 | 000,398,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/10 09:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2008/04/14 05:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/07/24 18:45:20 | 000,328,824 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007/07/11 19:20:26 | 000,201,848 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2006/06/06 16:23:30 | 000,974,464 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006/05/09 19:27:00 | 004,273,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/01 01:35:56 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/02/26 14:43:00 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/02/23 04:13:12 | 000,013,440 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/02/23 04:13:04 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/02/21 20:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/09 03:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/03 09:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/02/01 04:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/12/15 03:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/11/24 23:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/21 16:06:02 | 000,009,216 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\shpf.sys -- (shpf)
DRV - [2005/11/12 01:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/21 13:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/10/18 18:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 18:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 18:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/10 07:14:16 | 000,280,448 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mrvw125.sys -- (W8335XP) Marvell Libertas 802.11b/g Driver for Windows XP (8335)
DRV - [2005/09/02 03:54:26 | 000,032,000 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtf32bus.sys -- (GTF32BUS)
DRV - [2005/09/02 03:54:12 | 000,007,936 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2005/08/30 01:45:24 | 000,018,944 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtscser.sys -- (GTSCSER)
DRV - [2005/08/02 02:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/12 04:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/06/10 16:55:28 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2005/05/27 20:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 20:38:00 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 20:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/06 23:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 15:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/05 10:39:18 | 000,057,856 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBVCD.sys -- (USBVCD)
DRV - [2004/10/05 10:39:18 | 000,006,528 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VCIDRV.sys -- (VCIDRV)
DRV - [2004/10/05 10:39:18 | 000,004,992 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBREC.sys -- (USBREC)
DRV - [2003/12/08 21:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 21:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2002/08/20 13:59:32 | 000,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2000/12/06 02:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 21:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://remote.nabcapital.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google.co.uk"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?#!/?sk=lf"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@view22.com/Madison: C:\Program Files\view22\version_4\NPView22.dll (View22 Technology)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Kerrie\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Kerrie\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@view22.com/Madison: C:\Program Files\view22\version_4\NPView22.dll (View22 Technology)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/08 13:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/15 21:37:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/24 09:09:49 | 000,000,000 | ---D | M]

[2008/09/02 22:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kerrie\Application Data\Mozilla\Extensions
[2008/09/02 22:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kerrie\Application Data\Mozilla\Extensions\[email protected]
[2011/05/10 22:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kerrie\Application Data\Mozilla\Firefox\Profiles\0i51fhww.default\extensions
[2010/04/28 15:28:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kerrie\Application Data\Mozilla\Firefox\Profiles\0i51fhww.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/14 09:17:26 | 000,005,216 | ---- | M] () -- C:\Documents and Settings\Kerrie\Application Data\Mozilla\Firefox\Profiles\0i51fhww.default\searchplugins\linkedin.xml
[2012/02/14 09:17:26 | 000,005,231 | ---- | M] () -- C:\Documents and Settings\Kerrie\Application Data\Mozilla\Firefox\Profiles\0i51fhww.default\searchplugins\linkedinjobs.xml
[2012/01/15 23:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/15 23:43:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2009/09/15 13:30:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/12 00:38:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/09/13 21:29:00 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\atl71.dll
[2007/09/13 21:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\boost_filesystem-vc71-mt-1_33_1.dll
[2007/09/13 21:29:00 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp71.dll
[2007/09/13 21:29:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/09/13 21:29:00 | 000,172,032 | ---- | M] (View22 Technology) -- C:\Program Files\mozilla firefox\plugins\NPView22.dll
[2007/09/13 21:29:00 | 000,106,496 | ---- | M] (View22 Technology) -- C:\Program Files\mozilla firefox\plugins\v22_base.dll
[2007/09/13 21:29:00 | 000,114,688 | ---- | M] (View22 Technology) -- C:\Program Files\mozilla firefox\plugins\v22_compression.dll
[2007/09/13 21:29:00 | 000,106,496 | ---- | M] (View22 Technology) -- C:\Program Files\mozilla firefox\plugins\v22_connect.dll
[2007/09/13 21:29:00 | 000,229,376 | ---- | M] (View22 Technology) -- C:\Program Files\mozilla firefox\plugins\v22_update.dll
[2007/09/13 21:29:00 | 000,196,608 | ---- | M] (View22 Technology) -- C:\Program Files\mozilla firefox\plugins\v22_utility.dll
[2007/09/13 21:29:00 | 000,065,024 | ---- | M] (View22 Technology) -- C:\Program Files\mozilla firefox\plugins\v22_winapplib.dll
[2011/11/03 09:42:10 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/03 09:42:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/03 09:42:10 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/03 09:42:09 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/03 09:42:08 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Kerrie\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Kerrie\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Kerrie\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: View22 Gecko Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPView22.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Kerrie\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Kerrie\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Kerrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.4_0\
CHR - Extension: Google Search = C:\Documents and Settings\Kerrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Kerrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\Kerrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/02/26 22:53:53 | 000,302,468 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10428 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [Lto Manager] C:\Program Files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe (Global Locate, Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [WinDVR SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - ?p=ZK File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O15 - HKCU\..Trusted Domains: nabcapital.com ([remote] https in Trusted sites)
O15 - HKCU\..Trusted Domains: nabcapital.com ([vpn.remote] https in Trusted sites)
O15 - HKCU\..Trusted Domains: nabcapital.com ([webmail] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {181BCAB2-C89B-4E4B-9E6B-59FA67A426B5} https://vpn.remote.n...vista/nsepa.ocx (Nsepa Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159315280687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://www.bigfishga...sh.1.0.0.58.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B054FE6A-06A3-45AF-B9FD-A6FCEFF8B0B3}: DhcpNameServer = 10.176.66.71 10.188.66.103
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\t-mobile - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (fusstub.dll) - C:\WINDOWS\System32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/29 20:40:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{59103543-1e98-11df-974a-0002c7eb228c}\Shell - "" = AutoRun
O33 - MountPoints2\{59103543-1e98-11df-974a-0002c7eb228c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{59103543-1e98-11df-974a-0002c7eb228c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{753287d2-78c1-11dd-ba00-0002c7eb228c}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O33 - MountPoints2\{ea2b6ec8-2074-11e0-9766-0002c7eb228c}\Shell - "" = AutoRun
O33 - MountPoints2\{ea2b6ec8-2074-11e0-9766-0002c7eb228c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ea2b6ec8-2074-11e0-9766-0002c7eb228c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ea2b6ecc-2074-11e0-9766-0002c7eb228c}\Shell - "" = AutoRun
O33 - MountPoints2\{ea2b6ecc-2074-11e0-9766-0002c7eb228c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ea2b6ecc-2074-11e0-9766-0002c7eb228c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/15 15:59:23 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/02/15 15:59:23 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/02/15 15:31:39 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/02/11 15:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerrie\Desktop\Sebastian Competition
[2012/02/11 15:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerrie\Desktop\Album One
[2012/02/11 15:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerrie\Desktop\Harry - 12 - 24 mths
[2012/02/11 15:00:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/02/08 20:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerrie\Application Data\AVG
[2012/02/08 20:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/29 00:55:08 | 000,000,000 | ---D | C] -- C:\CF Card 20120228
[2012/01/27 09:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerrie\Desktop\388CANON
[2012/01/27 01:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerrie\Application Data\AVG2012
[2012/01/27 01:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/01/27 01:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/01/27 01:34:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/01/27 01:14:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/27 00:32:12 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/01/26 23:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerrie\Application Data\Media Player Classic
[2012/01/26 15:39:30 | 000,000,000 | ---D | C] -- C:\output media
[2012/01/26 15:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Convert M4A to MP3 AMR OGG AAC Converter
[2012/01/26 15:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Free Convert M4A to MP3 AMR OGG AAC Converter
[2012/01/26 15:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012/01/26 15:18:25 | 000,860,160 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2012/01/26 15:18:24 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2012/01/26 15:18:22 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2012/01/26 15:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/01/26 15:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/25 23:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kerrie\Desktop\Harry Photos
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/16 06:55:20 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1349642275-1904126512-3643703909-1006UA.job
[2012/02/15 15:55:27 | 089,060,692 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/15 15:15:07 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/15 15:02:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/15 14:50:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 14:50:42 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/15 14:50:42 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 12:53:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1349642275-1904126512-3643703909-1006Core.job
[2012/02/15 10:44:11 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\Pagewood Park Newsletter 2012-Feb-15 Draft v0.5.pub
[2012/02/15 10:21:46 | 005,298,176 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\Facet5 - Team Distribution - TEMPLATE.xlt
[2012/02/14 16:53:00 | 000,216,729 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\Pagewood_Park_Newsletter_2012-Feb-15_Draft_v0.5.pdf
[2012/02/14 14:50:03 | 000,058,044 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/13 10:59:38 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\Pagewood Park Newsletter 2012-Feb-XX Draft v0.4.pub
[2012/02/12 19:18:00 | 000,213,026 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\TeamScape Report Frank Caputo.pdf
[2012/02/11 16:03:38 | 000,778,330 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2730-2.jpg
[2012/02/11 16:01:38 | 001,131,941 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2730-1.jpg
[2012/02/11 15:55:40 | 002,701,695 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2730.jpg
[2012/02/11 15:19:20 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/02/11 10:33:18 | 003,570,065 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2743.jpg
[2012/02/11 10:32:46 | 003,918,764 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2742.jpg
[2012/02/11 10:31:58 | 003,170,604 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2740.jpg
[2012/02/11 10:28:16 | 003,053,586 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2733.jpg
[2012/02/09 12:00:58 | 005,759,120 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2700.jpg
[2012/02/08 20:28:43 | 000,223,232 | ---- | M] () -- C:\Documents and Settings\Kerrie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/08 14:30:03 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\Pagewood Park Newsletter 2012-Feb-XX Draft v0.2.pub
[2012/02/08 13:43:04 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\Pagewood Park Newsletter 2012-Feb-XX Draft v0.1.pub
[2012/02/08 13:09:15 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/02/07 23:50:03 | 000,042,232 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\428963_10150500931346771_623961770_9220344_69528869_n.jpg
[2012/02/07 23:49:52 | 000,073,556 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\428902_10150500835171771_623961770_9220061_1520077491_n.jpg
[2012/02/07 23:49:47 | 000,047,477 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\421069_10150500930776771_623961770_9220341_1562293486_n.jpg
[2012/02/07 23:40:29 | 000,099,446 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_5139.JPG
[2012/02/07 23:40:27 | 000,108,203 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_5106.JPG
[2012/02/07 22:00:37 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\Pagewood Park Newsletter 2012-Feb-XX Draft.pub
[2012/02/07 21:22:51 | 000,011,209 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\customLogo.gif.png
[2012/02/07 21:19:16 | 000,005,732 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\images.jpg
[2012/02/07 20:44:38 | 000,004,854 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\Regedit 20120207.reg
[2012/01/26 17:40:55 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\Kerrie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/26 17:40:54 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\Google Chrome.lnk
[2012/01/26 15:38:50 | 000,000,034 | -H-- | M] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2012/01/26 15:38:32 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Convert M4A to MP3 AMR OGG AAC Converter.lnk
[2012/01/26 15:37:15 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2012/01/26 14:08:41 | 000,057,344 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/26 02:09:17 | 000,040,162 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\belly2.jpg
[2012/01/26 02:08:34 | 000,037,305 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\Belly.jpg
[2012/01/19 10:39:10 | 004,076,051 | ---- | M] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_5089.JPG
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/15 15:55:27 | 089,060,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/15 15:15:07 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/15 11:54:52 | 000,216,729 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\Pagewood_Park_Newsletter_2012-Feb-15_Draft_v0.5.pdf
[2012/02/15 10:43:52 | 000,188,416 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\Pagewood Park Newsletter 2012-Feb-15 Draft v0.5.pub
[2012/02/15 10:21:41 | 005,298,176 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\Facet5 - Team Distribution - TEMPLATE.xlt
[2012/02/14 14:50:03 | 000,058,044 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/13 14:29:05 | 000,213,026 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\TeamScape Report Frank Caputo.pdf
[2012/02/13 10:59:38 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\Pagewood Park Newsletter 2012-Feb-XX Draft v0.4.pub
[2012/02/11 16:03:36 | 000,778,330 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2730-2.jpg
[2012/02/11 16:01:38 | 001,131,941 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2730-1.jpg
[2012/02/11 15:55:39 | 002,701,695 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2730.jpg
[2012/02/11 15:51:03 | 003,570,065 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2743.jpg
[2012/02/11 15:50:43 | 003,918,764 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2742.jpg
[2012/02/11 15:50:26 | 003,170,604 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2740.jpg
[2012/02/11 15:49:50 | 003,053,586 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2733.jpg
[2012/02/11 15:46:19 | 005,759,120 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_2700.jpg
[2012/02/10 14:56:50 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/08 13:43:14 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\Pagewood Park Newsletter 2012-Feb-XX Draft v0.2.pub
[2012/02/08 12:49:06 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1349642275-1904126512-3643703909-1006UA.job
[2012/02/08 12:48:58 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1349642275-1904126512-3643703909-1006Core.job
[2012/02/07 23:50:02 | 000,042,232 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\428963_10150500931346771_623961770_9220344_69528869_n.jpg
[2012/02/07 23:49:51 | 000,073,556 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\428902_10150500835171771_623961770_9220061_1520077491_n.jpg
[2012/02/07 23:49:44 | 000,047,477 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\421069_10150500930776771_623961770_9220341_1562293486_n.jpg
[2012/02/07 23:34:49 | 000,108,203 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_5106.JPG
[2012/02/07 23:33:53 | 000,099,446 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_5139.JPG
[2012/02/07 22:09:09 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\Pagewood Park Newsletter 2012-Feb-XX Draft v0.1.pub
[2012/02/07 21:22:39 | 000,011,209 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\customLogo.gif.png
[2012/02/07 21:19:05 | 000,005,732 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\images.jpg
[2012/02/07 21:11:29 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\Pagewood Park Newsletter 2012-Feb-XX Draft.pub
[2012/02/07 20:44:36 | 000,004,854 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\Regedit 20120207.reg
[2012/01/27 01:38:34 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/26 15:38:50 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2012/01/26 15:38:32 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Convert M4A to MP3 AMR OGG AAC Converter.lnk
[2012/01/26 15:19:16 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2012/01/26 15:18:37 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/01/26 15:18:25 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2012/01/26 15:18:20 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/01/26 15:18:18 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/01/26 15:18:13 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/01/26 02:09:09 | 000,040,162 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\belly2.jpg
[2012/01/26 02:08:28 | 000,037,305 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\Belly.jpg
[2012/01/25 22:34:38 | 004,076,051 | ---- | C] () -- C:\Documents and Settings\Kerrie\Desktop\IMG_5089.JPG
[2012/01/24 20:43:22 | 000,002,275 | ---- | C] () -- C:\Documents and Settings\Kerrie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/27 21:24:26 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Kerrie\Application Data\123 Cheese Prefs
[2009/12/08 21:06:11 | 059,231,275 | ---- | C] () -- C:\WINDOWS\System32\xa121497218.exe
[2009/12/08 21:05:45 | 059,231,275 | ---- | C] () -- C:\WINDOWS\System32\xa121471546.exe
[2009/10/17 15:59:53 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/26 23:31:31 | 000,003,856 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/10 02:35:21 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/01/10 01:05:40 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys
[2009/01/09 21:40:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/11/07 03:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/01/28 18:26:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2008/01/28 18:26:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/11/30 09:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/22 12:00:45 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/02/23 23:10:20 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2006/12/22 18:34:50 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/20 18:26:08 | 000,000,528 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/12/17 01:48:27 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/10/07 21:37:00 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/10/07 21:29:17 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2006/10/02 08:08:45 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/09/20 04:58:13 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/09/20 03:06:48 | 000,000,057 | ---- | C] () -- C:\WINDOWS\init.ini
[2006/09/20 03:05:53 | 000,065,973 | ---- | C] () -- C:\WINDOWS\sem_GCXXUninstall.exe
[2006/09/20 03:05:50 | 000,089,716 | ---- | C] () -- C:\WINDOWS\OptionPluss_PCCardInstallerUninstall.exe
[2006/09/20 03:05:43 | 000,090,499 | ---- | C] () -- C:\WINDOWS\OptionPCCardInstallerUninstall.exe
[2006/09/08 04:10:37 | 000,223,232 | ---- | C] () -- C:\Documents and Settings\Kerrie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/08 02:39:31 | 000,000,582 | ---- | C] () -- C:\WINDOWS\wwwconfig.dat
[2006/09/02 03:21:23 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Kerrie\Application Data\bbbconfig.dat
[2006/08/09 02:09:12 | 000,000,027 | ---- | C] () -- C:\WINDOWS\VOIPMOUSE.INI
[2006/08/09 00:48:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/09 00:47:28 | 000,003,665 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/04 10:44:05 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/08/04 10:44:05 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/08/04 10:44:05 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2006/08/01 21:11:18 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/07/30 22:23:45 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Kerrie\Local Settings\Application Data\fusioncache.dat
[2006/07/29 07:17:23 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\Kerrie\Application Data\wklnhst.dat
[2006/07/07 04:37:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/07/07 04:24:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/07 04:09:40 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/05/30 01:35:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/30 01:06:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/30 01:06:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/30 01:06:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/30 01:06:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/30 01:06:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/30 01:06:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/30 00:51:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/05/29 23:00:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/29 23:00:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/05/29 21:31:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/29 21:30:03 | 000,303,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/29 21:08:36 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/29 20:43:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/29 20:37:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/29 12:22:06 | 000,003,822 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/29 12:21:29 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/05/29 12:21:26 | 000,444,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/29 12:21:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/05/29 12:21:26 | 000,072,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/29 12:21:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/05/29 12:21:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/05/29 12:21:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/05/29 12:21:21 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/29 12:21:16 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/05/29 12:21:16 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/05/29 12:21:14 | 001,868,868 | ---- | C] () -- C:\WINDOWS\System32\RSA32_16.DLL
[2006/05/29 12:21:06 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/05/29 12:20:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/15 21:58:40 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\VNCX1.exe
[2005/11/01 19:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/03 00:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/23 07:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/10/25 14:57:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CUSBInst.exe
[2004/07/21 03:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/16 00:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/07 11:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000/01/07 11:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv
[1999/01/27 23:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 17:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2012/01/28 11:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2007/08/20 22:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2012/01/27 01:14:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/07/21 23:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/12/11 03:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2008/01/28 18:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2006/09/07 12:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/05/28 16:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/06/30 19:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2012/02/15 15:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/10/23 22:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/02/10 15:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/10/06 00:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\View22
[2007/01/29 11:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/11/27 21:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\123 Cheese
[2009/11/30 17:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\Alawar
[2011/07/28 23:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\Any Video Converter
[2012/02/08 20:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\AVG
[2012/01/27 01:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\AVG2012
[2008/05/11 21:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\Azureus
[2007/10/12 05:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\ForgottenRiddles
[2007/08/11 06:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\Gamelab
[2009/05/28 16:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\GetRightToGo
[2008/01/08 16:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\Grisoft
[2011/12/15 22:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\gtk-2.0
[2008/12/16 10:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\ICAClient
[2007/01/09 09:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\InterVideo
[2006/09/07 12:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\iWin
[2006/09/25 05:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\Leadertech
[2007/04/01 10:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\NCH Swift Sound
[2011/10/07 20:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\Opera
[2009/10/23 22:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\Playfirst
[2009/03/12 18:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\ProtectDisc
[2006/07/29 07:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\Protector Suite
[2007/07/22 01:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\Sandlot Games
[2009/03/12 18:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\Strokes 4.0
[2006/07/29 07:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\Template
[2008/09/02 22:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\TomTom
[2009/04/25 21:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2011/04/26 18:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\uTorrent
[2007/11/22 05:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kerrie\Application Data\WholeSecurity

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
kerriev

kerriev

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-21 22:28:55
-----------------------------
22:28:55.171 OS Version: Windows 5.1.2600 Service Pack 3
22:28:55.171 Number of processors: 1 586 0xE08
22:28:55.187 ComputerName: LOTSASMILES UserName: Kerrie
22:29:09.203 Initialize success
22:31:05.265 AVAST engine download error: 0
22:31:36.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:31:36.062 Disk 0 Vendor: TOSHIBA_MK8007GAH BG011A Size: 76319MB BusType: 3
22:31:36.062 Disk 1 \Device\Harddisk1\DR4 -> \Device\000000a1
22:31:36.062 Disk 1 Vendor: ( Size: 76319MB BusType: 0
22:31:36.062 Disk 2 \Device\Harddisk2\DR5 -> \Device\000000a2
22:31:36.062 Disk 2 Vendor: ( Size: 76319MB BusType: 0
22:31:36.062 Device owAZEVAoRGRCZ -> DriverStartIo RGRCZ@[email protected] f743c864
22:31:36.062 Disk 0 MBR read successfully
22:31:36.062 Disk 0 MBR scan
22:31:36.062 Disk 0 Windows XP default MBR code
22:31:36.093 Disk 0 Partition 1 00 12 Compaq diag NTFS 8110 MB offset 63
22:31:36.125 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 16611210
22:31:36.125 Disk 0 Partition - 00 0F Extended LBA 30051 MB offset 94751370
22:31:36.765 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30051 MB offset 94751433
22:31:36.968 Disk 0 scanning sectors +156296385
22:31:37.078 Disk 0 scanning C:\WINDOWS\system32\drivers
22:32:03.093 Service scanning
22:32:35.640 Modules scanning
22:32:51.921 Disk 0 trace - called modules:
22:32:51.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x87191000]<<
22:32:51.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87154ab8]
22:32:51.937 3 CLASSPNP.SYS[f7650fd7] -> nt!IofCallDriver -> \Device\00000088[0x8718e9e8]
22:32:51.937 5 ACPI.sys[f74c7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8718f940]
22:32:51.953 Scan finished successfully
22:33:20.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kerrie\Desktop\MBR.dat"
22:33:20.296 The log file has been saved successfully to "C:\Documents and Settings\Kerrie\Desktop\aswMBR.txt"
  • 0

#4
kerriev

kerriev

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-21 22:28:55
-----------------------------
22:28:55.171 OS Version: Windows 5.1.2600 Service Pack 3
22:28:55.171 Number of processors: 1 586 0xE08
22:28:55.187 ComputerName: LOTSASMILES UserName: Kerrie
22:29:09.203 Initialize success
22:31:05.265 AVAST engine download error: 0
22:31:36.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:31:36.062 Disk 0 Vendor: TOSHIBA_MK8007GAH BG011A Size: 76319MB BusType: 3
22:31:36.062 Disk 1 \Device\Harddisk1\DR4 -> \Device\000000a1
22:31:36.062 Disk 1 Vendor: ( Size: 76319MB BusType: 0
22:31:36.062 Disk 2 \Device\Harddisk2\DR5 -> \Device\000000a2
22:31:36.062 Disk 2 Vendor: ( Size: 76319MB BusType: 0
22:31:36.062 Device owAZEVAoRGRCZ -> DriverStartIo RGRCZ@[email protected] f743c864
22:31:36.062 Disk 0 MBR read successfully
22:31:36.062 Disk 0 MBR scan
22:31:36.062 Disk 0 Windows XP default MBR code
22:31:36.093 Disk 0 Partition 1 00 12 Compaq diag NTFS 8110 MB offset 63
22:31:36.125 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 16611210
22:31:36.125 Disk 0 Partition - 00 0F Extended LBA 30051 MB offset 94751370
22:31:36.765 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30051 MB offset 94751433
22:31:36.968 Disk 0 scanning sectors +156296385
22:31:37.078 Disk 0 scanning C:\WINDOWS\system32\drivers
22:32:03.093 Service scanning
22:32:35.640 Modules scanning
22:32:51.921 Disk 0 trace - called modules:
22:32:51.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x87191000]<<
22:32:51.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87154ab8]
22:32:51.937 3 CLASSPNP.SYS[f7650fd7] -> nt!IofCallDriver -> \Device\00000088[0x8718e9e8]
22:32:51.937 5 ACPI.sys[f74c7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8718f940]
22:32:51.953 Scan finished successfully
22:33:20.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kerrie\Desktop\MBR.dat"
22:33:20.296 The log file has been saved successfully to "C:\Documents and Settings\Kerrie\Desktop\aswMBR.txt"

Attached Files


  • 0

#5
kerriev

kerriev

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks - forgot to mention that I don't have the original windows disks available to me.
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed


NEXT...

Posted Image Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  • CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  • If you are using personal certificates I recommend you to export them before running ComboFix and save them to external media.
Please carefully follow all steps below:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofix. Use copy/paste.

Also please describe how your computer behaves at the moment.
  • 0

#7
kerriev

kerriev

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ok, so I ran this last night, but was worried I might have done a keypress when moving the computer as it stalled on the deletion of files.

I ran it again this morning, but it has stalled again (well past the 30mins point) and as I was out of the house I know that I didn't keypress! In this instance I have not rebooted or done anything (I'm using my work computer to send this), so was wondering whether I should kill the process or not. The current screen says:

-----------------------------------------
...
Completed Stage_49
Completed Stage_50

Deleting Files:
C:\DOCUME~1\Kerrie\LOCALS~1\Temp\IadHide4.dll
C:\Documents and Settings\Kerrie\Local Settings\Temp.IadHide4.dll

-----------------------------------------

Please advise. Thanks!!
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please leave it to do it's job. Give it at least 2 or 3 hours.
  • 0

#9
kerriev

kerriev

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks, left it for over 3 hours last night, but am happy to leave it longer. Will check back in later today. :-)
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK.
  • 0

Advertisements


#11
kerriev

kerriev

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I definitely must have bumped something last night, It worked this time. Log as follows:


ComboFix 12-02-21.02 - Kerrie 22/02/2012 7:21.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.567 [GMT 11:00]
Running from: c:\documents and settings\Kerrie\My Documents\Downloads\ComboFix.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Kerrie\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\Kerrie\Local Settings\Temp\IadHide4.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-16 22:00 . 2012-02-16 22:29 -------- d--h--w- c:\windows\$hf_mig$
2012-02-15 04:59 . 2010-11-09 02:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-15 04:59 . 2010-11-09 02:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2012-02-15 04:31 . 2012-02-15 10:37 -------- dc----w- C:\VIPRERESCUE
2012-02-08 09:52 . 2012-02-08 09:53 -------- dc----w- c:\documents and settings\Kerrie\Application Data\AVG
2012-01-28 13:55 . 2012-01-28 14:02 -------- dc----w- C:\CF Card 20120228
2012-01-28 04:46 . 2012-01-28 04:46 -------- dc----w- c:\documents and settings\Administrator\Application Data\AVG2012
2012-01-28 04:44 . 2012-01-28 04:44 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2012-01-26 14:34 . 2012-02-21 12:48 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-26 14:14 . 2012-01-26 14:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-01-26 13:32 . 2012-01-26 13:32 -------- dc----w- C:\$AVG
2012-01-26 12:22 . 2012-01-26 12:23 -------- dc----w- c:\documents and settings\Kerrie\Application Data\Media Player Classic
2012-01-26 04:39 . 2012-01-26 04:39 -------- dc----w- C:\output media
2012-01-26 04:38 . 2012-01-26 04:39 -------- d-----w- c:\program files\Free Convert M4A to MP3 AMR OGG AAC Converter
2012-01-26 04:18 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll
2012-01-26 04:18 . 2008-07-04 06:34 860160 ----a-w- c:\windows\system32\lameACM.acm
2012-01-26 04:18 . 2007-09-21 00:52 118784 ----a-w- c:\windows\system32\ac3acm.acm
2012-01-26 04:18 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2012-01-26 04:18 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2012-01-26 04:18 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2012-01-26 04:18 . 2008-06-12 18:36 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2012-01-26 04:18 . 2012-01-26 04:37 -------- d-----w- c:\program files\K-Lite Codec Pack
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2006-05-29 01:21 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-05-29 01:21 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2006-05-29 01:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-05-29 01:21 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-05-29 01:21 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 04:24 . 2010-05-11 23:56 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2006-05-29 01:21 293376 ----a-w- c:\windows\system32\winsrv.dll
2007-09-13 10:29 . 2007-10-05 13:10 89088 ------w- c:\program files\mozilla firefox\plugins\atl71.dll
2007-09-13 10:29 . 2007-10-05 13:10 53248 ------w- c:\program files\mozilla firefox\plugins\boost_filesystem-vc71-mt-1_33_1.dll
2007-09-13 10:29 . 2007-10-05 13:10 499712 ------w- c:\program files\mozilla firefox\plugins\msvcp71.dll
2007-09-13 10:29 . 2007-10-05 13:10 348160 ------w- c:\program files\mozilla firefox\plugins\msvcr71.dll
2007-09-13 10:29 . 2007-10-05 13:10 106496 ------w- c:\program files\mozilla firefox\plugins\v22_base.dll
2007-09-13 10:29 . 2007-10-05 13:10 114688 ------w- c:\program files\mozilla firefox\plugins\v22_compression.dll
2007-09-13 10:29 . 2007-10-05 13:10 106496 ------w- c:\program files\mozilla firefox\plugins\v22_connect.dll
2007-09-13 10:29 . 2007-10-05 13:10 229376 ------w- c:\program files\mozilla firefox\plugins\v22_update.dll
2007-09-13 10:29 . 2007-10-05 13:10 196608 ------w- c:\program files\mozilla firefox\plugins\v22_utility.dll
2007-09-13 10:29 . 2007-10-05 13:10 65024 ------w- c:\program files\mozilla firefox\plugins\v22_winapplib.dll
2011-12-11 13:38 . 2011-11-02 22:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 405583]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-10-07 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-03-09 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-09-08 106496]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-06-06 251744]
"Lto Manager"="c:\program files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe" [2005-05-23 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-22 17:11 39936 ------w- c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 13:51 73728 ------w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli fusstub
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtPCS.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [29/05/2006 12:22 9216]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [15/02/2012 15:59 98392]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [24/07/2007 18:45 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [11/07/2007 19:20 201848]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [23/02/2006 04:13 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [23/02/2006 04:13 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [29/05/2006 12:22 36352]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [29/05/2006 12:22 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [29/05/2006 12:22 226304]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [28/01/2008 18:26 974464]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [15/07/2011 10:27 18432]
S3 nk23.sys;nk23.sys;\??\c:\windows\system32\drivers\nk23.sys --> c:\windows\system32\drivers\nk23.sys [?]
S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [05/10/2004 10:39 4992]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - xcpip
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 06:57]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1349642275-1904126512-3643703909-1006Core.job
- c:\documents and settings\Kerrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-25 10:51]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1349642275-1904126512-3643703909-1006UA.job
- c:\documents and settings\Kerrie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-25 10:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://remote.nabcapital.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: nabcapital.com\remote
Trusted Zone: nabcapital.com\vpn.remote
Trusted Zone: nabcapital.com\webmail
DPF: {181BCAB2-C89B-4E4B-9E6B-59FA67A426B5} - hxxps://vpn.remote.nabcapital.com/epa/vista/nsepa.ocx
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://www.bigfishgames.com/online/dinerdash/DinerDash.1.0.0.58.cab
FF - ProfilePath - c:\documents and settings\Kerrie\Application Data\Mozilla\Firefox\Profiles\0i51fhww.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?#!/?sk=lf
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-22 09:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
.
- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\WININET.dll
c:\docume~1\Kerrie\LOCALS~1\Temp\IadHide4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ICO.EXE
c:\program files\Apoint\Apntex.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-02-22 09:57:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 22:57
.
Pre-Run: 6,339,821,568 bytes free
Post-Run: 6,457,131,008 bytes free
.
- - End Of File - - 6DBBD472D695D9B9437FB2D9C5321355
  • 0

#12
kerriev

kerriev

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Behaviour: Computer still seems to be 'busy' (HD light running constantly), but not sure if that is Chrome behaviour or not.
  • 0

#13
kerriev

kerriev

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Oh, and also noticed that Hibernate no longer works for the last few weeks. Not sure if this is related.

Apologies for the multiple posts. I forgot this information in the first ones!
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please proceed with following steps:

Step 1

  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.

When completed the above, please post back the following in the order asked for:
  • aswMBR log
  • TDSSKiller log

  • 0

#15
kerriev

kerriev

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
AswMBR log:
--------------------------

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-22 11:42:28
-----------------------------
11:42:28.565 OS Version: Windows 5.1.2600 Service Pack 3
11:42:28.565 Number of processors: 1 586 0xE08
11:42:28.565 ComputerName: LOTSASMILES UserName: Kerrie
11:42:31.862 Initialize success
12:07:49.300 AVAST engine defs: 12022101
12:20:48.065 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
12:20:48.065 Disk 0 Vendor: TOSHIBA_MK8007GAH BG011A Size: 76319MB BusType: 3
12:20:48.065 Disk 1 \Device\Harddisk1\DR4 -> \Device\0000009e
12:20:48.065 Disk 1 Vendor: ( Size: 76319MB BusType: 0
12:20:48.065 Disk 2 \Device\Harddisk2\DR5 -> \Device\0000009f
12:20:48.065 Disk 2 Vendor: ( Size: 76319MB BusType: 0
12:20:48.065 Device owAZEVAoRGRCZ -> DriverStartIo RGRCZ@[email protected] f7471864
12:20:48.065 Disk 0 MBR read successfully
12:20:48.065 Disk 0 MBR scan
12:20:48.097 Disk 0 Windows XP default MBR code
12:20:48.128 Disk 0 Partition 1 00 12 Compaq diag NTFS 8110 MB offset 63
12:20:48.159 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 16611210
12:20:48.175 Disk 0 Partition - 00 0F Extended LBA 30051 MB offset 94751370
12:20:48.597 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30051 MB offset 94751433
12:20:48.612 Disk 0 scanning sectors +156296385
12:20:48.722 Disk 0 scanning C:\WINDOWS\system32\drivers
12:21:12.503 Service scanning
12:21:47.284 Modules scanning
12:22:00.237 Disk 0 trace - called modules:
12:22:00.237 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86f7f000]<<
12:22:00.237 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f3eab8]
12:22:00.237 3 CLASSPNP.SYS[f7685fd7] -> nt!IofCallDriver -> \Device\00000085[0x86f383b8]
12:22:00.253 5 ACPI.sys[f74fc620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f4c940]
12:22:02.206 AVAST engine scan C:\WINDOWS
12:22:14.472 AVAST engine scan C:\WINDOWS\system32
12:26:41.878 AVAST engine scan C:\WINDOWS\system32\drivers
12:27:12.597 AVAST engine scan C:\Documents and Settings\Kerrie
12:45:46.393 AVAST engine scan C:\Documents and Settings\All Users
12:49:57.472 Scan finished successfully
12:57:22.472 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kerrie\Desktop\MBR.dat"
12:57:22.472 The log file has been saved successfully to "C:\Documents and Settings\Kerrie\Desktop\aswMBR.txt"


--------------------------------------------------------------

TdSSKiller Log:


12:57:45.0518 4124 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
12:57:47.0518 4124 ============================================================
12:57:47.0518 4124 Current date / time: 2012/02/22 12:57:47.0518
12:57:47.0518 4124 SystemInfo:
12:57:47.0518 4124
12:57:47.0518 4124 OS Version: 5.1.2600 ServicePack: 3.0
12:57:47.0518 4124 Product type: Workstation
12:57:47.0518 4124 ComputerName: LOTSASMILES
12:57:47.0565 4124 UserName: Kerrie
12:57:47.0565 4124 Windows directory: C:\WINDOWS
12:57:47.0565 4124 System windows directory: C:\WINDOWS
12:57:47.0565 4124 Processor architecture: Intel x86
12:57:47.0565 4124 Number of processors: 1
12:57:47.0565 4124 Page size: 0x1000
12:57:47.0565 4124 Boot type: Normal boot
12:57:47.0565 4124 ============================================================
12:57:50.0362 4124 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:57:50.0362 4124 \Device\Harddisk0\DR0:
12:57:50.0362 4124 MBR used
12:57:50.0362 4124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFD778A, BlocksNum 0x4A85300
12:57:50.0393 4124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5A5CAC9, BlocksNum 0x3AB19F8
12:57:51.0159 4124 Initialize success
12:57:51.0159 4124 ============================================================
12:58:19.0034 6056 ============================================================
12:58:19.0034 6056 Scan started
12:58:19.0034 6056 Mode: Manual; SigCheck; TDLFS;
12:58:19.0034 6056 ============================================================
12:58:19.0784 6056 3xHybrid (802bf86dd3100099c6ffe5694ebfef12) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
12:58:20.0206 6056 3xHybrid ( UnsignedFile.Multi.Generic ) - warning
12:58:20.0206 6056 3xHybrid - detected UnsignedFile.Multi.Generic (1)
12:58:20.0347 6056 Abiosdsk - ok
12:58:20.0362 6056 abp480n5 - ok
12:58:20.0456 6056 acedrv10 (b253d403cf527ff11921ceee193ef465) C:\WINDOWS\system32\drivers\acedrv10.sys
12:58:20.0862 6056 acedrv10 - ok
12:58:20.0909 6056 acehlp10 (77507733dc5e2953960c88da59a5c94b) C:\WINDOWS\system32\drivers\acehlp10.sys
12:58:20.0956 6056 acehlp10 - ok
12:58:21.0128 6056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:58:23.0003 6056 ACPI - ok
12:58:23.0175 6056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:58:23.0362 6056 ACPIEC - ok
12:58:23.0393 6056 adpu160m - ok
12:58:23.0456 6056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:58:23.0643 6056 aec - ok
12:58:23.0706 6056 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:58:23.0737 6056 AegisP ( UnsignedFile.Multi.Generic ) - warning
12:58:23.0737 6056 AegisP - detected UnsignedFile.Multi.Generic (1)
12:58:23.0800 6056 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:58:23.0909 6056 AFD - ok
12:58:24.0050 6056 Aha154x - ok
12:58:24.0065 6056 aic78u2 - ok
12:58:24.0081 6056 aic78xx - ok
12:58:24.0175 6056 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
12:58:24.0284 6056 alcan5wn - ok
12:58:24.0331 6056 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
12:58:24.0378 6056 alcaudsl - ok
12:58:24.0409 6056 AliIde - ok
12:58:24.0425 6056 amsint - ok
12:58:24.0487 6056 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:58:24.0565 6056 ApfiltrService - ok
12:58:24.0753 6056 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:58:25.0112 6056 Arp1394 - ok
12:58:25.0190 6056 asc - ok
12:58:25.0206 6056 asc3350p - ok
12:58:25.0222 6056 asc3550 - ok
12:58:25.0284 6056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:58:25.0487 6056 AsyncMac - ok
12:58:25.0534 6056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:58:25.0737 6056 atapi - ok
12:58:25.0753 6056 Atdisk - ok
12:58:25.0800 6056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:58:25.0987 6056 Atmarpc - ok
12:58:26.0050 6056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:58:26.0222 6056 audstub - ok
12:58:26.0393 6056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:58:27.0534 6056 Beep - ok
12:58:27.0565 6056 catchme - ok
12:58:27.0612 6056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:58:27.0893 6056 cbidf2k - ok
12:58:27.0972 6056 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:58:28.0143 6056 CCDECODE - ok
12:58:28.0159 6056 cd20xrnt - ok
12:58:28.0237 6056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:58:28.0440 6056 Cdaudio - ok
12:58:28.0487 6056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:58:28.0690 6056 Cdfs - ok
12:58:28.0737 6056 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:58:28.0925 6056 Cdrom - ok
12:58:29.0112 6056 Changer - ok
12:58:29.0175 6056 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:58:29.0362 6056 CmBatt - ok
12:58:29.0378 6056 CmdIde - ok
12:58:29.0425 6056 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:58:29.0612 6056 Compbatt - ok
12:58:29.0643 6056 Cpqarray - ok
12:58:29.0675 6056 dac2w2k - ok
12:58:29.0690 6056 dac960nt - ok
12:58:29.0737 6056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:58:29.0940 6056 Disk - ok
12:58:30.0034 6056 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:58:30.0268 6056 dmboot - ok
12:58:30.0440 6056 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
12:58:30.0643 6056 DMICall - ok
12:58:30.0706 6056 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:58:30.0940 6056 dmio - ok
12:58:31.0018 6056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:58:31.0237 6056 dmload - ok
12:58:31.0284 6056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:58:31.0472 6056 DMusic - ok
12:58:31.0503 6056 dpti2o - ok
12:58:31.0534 6056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:58:31.0722 6056 drmkaud - ok
12:58:31.0909 6056 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:58:32.0003 6056 E100B - ok
12:58:32.0034 6056 ewusbnet - ok
12:58:32.0143 6056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:58:32.0378 6056 Fastfat - ok
12:58:32.0425 6056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:58:32.0706 6056 Fdc - ok
12:58:32.0815 6056 FdRedir (59558c6547d0362afb639ac682a9fcc3) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
12:58:32.0847 6056 FdRedir ( UnsignedFile.Multi.Generic ) - warning
12:58:32.0847 6056 FdRedir - detected UnsignedFile.Multi.Generic (1)
12:58:32.0878 6056 FileDisk2 (30967822edd32fb37f8209500724ae6c) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
12:58:32.0909 6056 FileDisk2 ( UnsignedFile.Multi.Generic ) - warning
12:58:32.0909 6056 FileDisk2 - detected UnsignedFile.Multi.Generic (1)
12:58:33.0097 6056 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:58:33.0331 6056 Fips - ok
12:58:33.0378 6056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:58:33.0659 6056 Flpydisk - ok
12:58:33.0706 6056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:58:33.0893 6056 FltMgr - ok
12:58:33.0956 6056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:58:34.0159 6056 Fs_Rec - ok
12:58:34.0268 6056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:58:34.0456 6056 Ftdisk - ok
12:58:34.0581 6056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:58:34.0597 6056 GEARAspiWDM - ok
12:58:34.0643 6056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:58:34.0847 6056 Gpc - ok
12:58:34.0909 6056 GTF32BUS (32634c6cc92db8a721e63c8a37af5eea) C:\WINDOWS\system32\DRIVERS\gtf32bus.sys
12:58:34.0987 6056 GTF32BUS - ok
12:58:35.0112 6056 GTPTSER (571e647090b44f61d2f4f3feb267a5dd) C:\WINDOWS\system32\DRIVERS\gtptser.sys
12:58:35.0206 6056 GTPTSER - ok
12:58:35.0472 6056 GTSCSER (aaf5b637b72df8275b82ff64ff80791d) C:\WINDOWS\system32\DRIVERS\gtscser.sys
12:58:35.0534 6056 GTSCSER - ok
12:58:35.0643 6056 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:58:35.0925 6056 HDAudBus - ok
12:58:36.0050 6056 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:58:36.0237 6056 HidUsb - ok
12:58:36.0347 6056 hpn - ok
12:58:36.0440 6056 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:58:36.0487 6056 HSFHWAZL - ok
12:58:36.0581 6056 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:58:36.0690 6056 HSF_DPV - ok
12:58:36.0800 6056 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:58:36.0909 6056 HTTP - ok
12:58:36.0987 6056 hwdatacard - ok
12:58:37.0018 6056 hwusbdev - ok
12:58:37.0050 6056 i2omgmt - ok
12:58:37.0065 6056 i2omp - ok
12:58:37.0159 6056 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:58:37.0440 6056 i8042prt - ok
12:58:37.0565 6056 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:58:37.0753 6056 ialm - ok
12:58:37.0956 6056 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
12:58:38.0034 6056 IFXTPM - ok
12:58:38.0097 6056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:58:38.0362 6056 Imapi - ok
12:58:38.0393 6056 ini910u - ok
12:58:38.0706 6056 IntcAzAudAddService (255c82c31a570e6ef06f4b098521da52) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:58:39.0440 6056 IntcAzAudAddService - ok
12:58:39.0597 6056 IntelIde - ok
12:58:39.0675 6056 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:58:39.0925 6056 intelppm - ok
12:58:40.0003 6056 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:58:40.0206 6056 Ip6Fw - ok
12:58:40.0300 6056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:58:40.0487 6056 IpFilterDriver - ok
12:58:40.0550 6056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:58:40.0753 6056 IpInIp - ok
12:58:40.0815 6056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:58:41.0034 6056 IpNat - ok
12:58:41.0206 6056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:58:41.0393 6056 IPSec - ok
12:58:41.0425 6056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:58:41.0612 6056 IRENUM - ok
12:58:41.0659 6056 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:58:41.0862 6056 isapnp - ok
12:58:41.0925 6056 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:58:42.0128 6056 Kbdclass - ok
12:58:42.0175 6056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:58:42.0347 6056 kmixer - ok
12:58:42.0487 6056 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:58:42.0784 6056 KSecDD - ok
12:58:43.0315 6056 lbrtfdc - ok
12:58:43.0940 6056 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
12:58:44.0472 6056 LVUSBSta - ok
12:58:45.0050 6056 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:58:45.0128 6056 mdmxsdk - ok
12:58:45.0222 6056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:58:45.0409 6056 mnmdd - ok
12:58:45.0893 6056 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:58:46.0112 6056 Modem - ok
12:58:46.0456 6056 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:58:46.0690 6056 Mouclass - ok
12:58:46.0753 6056 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:58:47.0034 6056 mouhid - ok
12:58:47.0190 6056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:58:47.0393 6056 MountMgr - ok
12:58:47.0518 6056 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:58:47.0706 6056 MPE - ok
12:58:47.0737 6056 mraid35x - ok
12:58:47.0784 6056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:58:47.0987 6056 MRxDAV - ok
12:58:48.0081 6056 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:58:48.0222 6056 MRxSmb - ok
12:58:48.0487 6056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:58:48.0690 6056 Msfs - ok
12:58:48.0722 6056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:58:48.0972 6056 MSKSSRV - ok
12:58:49.0018 6056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:58:49.0222 6056 MSPCLOCK - ok
12:58:49.0253 6056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:58:49.0456 6056 MSPQM - ok
12:58:49.0518 6056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:58:49.0690 6056 mssmbios - ok
12:58:49.0690 6056 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:58:50.0440 6056 MSTEE - ok
12:58:50.0534 6056 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:58:50.0597 6056 Mup - ok
12:58:50.0768 6056 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:58:51.0050 6056 NABTSFEC - ok
12:58:51.0128 6056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:58:51.0331 6056 NDIS - ok
12:58:51.0409 6056 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:58:51.0597 6056 NdisIP - ok
12:58:51.0690 6056 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:58:51.0800 6056 NdisTapi - ok
12:58:52.0331 6056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:58:52.0597 6056 Ndisuio - ok
12:58:52.0659 6056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:58:52.0862 6056 NdisWan - ok
12:58:52.0972 6056 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:58:53.0081 6056 NDProxy - ok
12:58:53.0268 6056 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
12:58:53.0347 6056 Netaapl - ok
12:58:53.0440 6056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:58:53.0737 6056 NetBIOS - ok
12:58:53.0800 6056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:58:54.0003 6056 NetBT - ok
12:58:54.0097 6056 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:58:54.0284 6056 NIC1394 - ok
12:58:54.0300 6056 nk23.sys - ok
12:58:54.0331 6056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:58:54.0534 6056 Npfs - ok
12:58:54.0706 6056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:58:54.0972 6056 Ntfs - ok
12:58:55.0065 6056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:58:55.0237 6056 Null - ok
12:58:55.0315 6056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:58:55.0518 6056 NwlnkFlt - ok
12:58:55.0659 6056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:58:55.0862 6056 NwlnkFwd - ok
12:58:55.0940 6056 odysseyIM4 (7af6ec0ea4261ecf7da084103be31ea8) C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
12:58:56.0065 6056 odysseyIM4 - ok
12:58:56.0143 6056 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:58:56.0393 6056 ohci1394 - ok
12:58:56.0440 6056 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:58:56.0628 6056 Parport - ok
12:58:56.0784 6056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:58:56.0987 6056 PartMgr - ok
12:58:57.0050 6056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:58:57.0237 6056 ParVdm - ok
12:58:57.0284 6056 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:58:57.0487 6056 PCI - ok
12:58:57.0503 6056 PCIDump - ok
12:58:57.0565 6056 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:58:57.0768 6056 PCIIde - ok
12:58:57.0831 6056 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:58:58.0050 6056 Pcmcia - ok
12:58:58.0190 6056 PDCOMP - ok
12:58:58.0222 6056 PDFRAME - ok
12:58:58.0237 6056 PDRELI - ok
12:58:58.0268 6056 PDRFRAME - ok
12:58:58.0315 6056 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
12:58:58.0331 6056 pepifilter - ok
12:58:58.0362 6056 perc2 - ok
12:58:58.0378 6056 perc2hib - ok
12:58:58.0487 6056 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
12:58:58.0597 6056 PID_08A0 - ok
12:58:58.0675 6056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:58:58.0956 6056 PptpMiniport - ok
12:58:59.0143 6056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:58:59.0347 6056 PSched - ok
12:58:59.0393 6056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:58:59.0597 6056 Ptilink - ok
12:58:59.0659 6056 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:58:59.0675 6056 PxHelp20 - ok
12:58:59.0690 6056 ql1080 - ok
12:58:59.0722 6056 Ql10wnt - ok
12:58:59.0737 6056 ql12160 - ok
12:58:59.0753 6056 ql1240 - ok
12:58:59.0784 6056 ql1280 - ok
12:58:59.0847 6056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:59:00.0050 6056 RasAcd - ok
12:59:00.0112 6056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:59:00.0315 6056 Rasl2tp - ok
12:59:00.0472 6056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:59:00.0675 6056 RasPppoe - ok
12:59:00.0722 6056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:59:00.0925 6056 Raspti - ok
12:59:00.0972 6056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:59:01.0190 6056 Rdbss - ok
12:59:01.0268 6056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:59:01.0472 6056 RDPCDD - ok
12:59:01.0550 6056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:59:01.0753 6056 rdpdr - ok
12:59:01.0972 6056 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:59:02.0081 6056 RDPWD - ok
12:59:02.0159 6056 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:59:02.0362 6056 redbook - ok
12:59:02.0440 6056 s24trans (078eba5670fdaa041552cd86b984f2de) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:59:02.0487 6056 s24trans ( UnsignedFile.Multi.Generic ) - warning
12:59:02.0487 6056 s24trans - detected UnsignedFile.Multi.Generic (1)
12:59:02.0550 6056 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
12:59:02.0565 6056 SBRE - ok
12:59:02.0737 6056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:59:02.0940 6056 Secdrv - ok
12:59:03.0034 6056 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:59:03.0237 6056 Serial - ok
12:59:03.0284 6056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:59:03.0487 6056 Sfloppy - ok
12:59:03.0550 6056 shpf (b8e1ac2cdad522572bfc73781d0e37e2) C:\WINDOWS\system32\DRIVERS\shpf.sys
12:59:03.0597 6056 shpf ( UnsignedFile.Multi.Generic ) - warning
12:59:03.0597 6056 shpf - detected UnsignedFile.Multi.Generic (1)
12:59:03.0612 6056 Simbad - ok
12:59:03.0643 6056 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:59:03.0815 6056 SLIP - ok
12:59:04.0003 6056 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
12:59:04.0065 6056 SNC - ok
12:59:04.0081 6056 Sparrow - ok
12:59:04.0143 6056 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys
12:59:04.0206 6056 SPI - ok
12:59:04.0253 6056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:59:04.0518 6056 splitter - ok
12:59:04.0581 6056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:59:04.0784 6056 sr - ok
12:59:04.0862 6056 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:59:05.0003 6056 Srv - ok
12:59:05.0175 6056 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:59:05.0378 6056 streamip - ok
12:59:05.0456 6056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:59:05.0737 6056 swenum - ok
12:59:05.0815 6056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:59:06.0018 6056 swmidi - ok
12:59:06.0050 6056 symc810 - ok
12:59:06.0081 6056 symc8xx - ok
12:59:06.0097 6056 sym_hi - ok
12:59:06.0112 6056 sym_u3 - ok
12:59:06.0175 6056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:59:06.0362 6056 sysaudio - ok
12:59:06.0440 6056 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:59:06.0565 6056 Tcpip - ok
12:59:06.0722 6056 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
12:59:06.0800 6056 TcUsb - ok
12:59:06.0847 6056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:59:07.0081 6056 TDPIPE - ok
12:59:07.0143 6056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:59:07.0331 6056 TDTCP - ok
12:59:07.0378 6056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:59:07.0581 6056 TermDD - ok
12:59:07.0659 6056 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
12:59:07.0737 6056 ti21sony - ok
12:59:07.0925 6056 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
12:59:07.0940 6056 toshidpt ( UnsignedFile.Multi.Generic ) - warning
12:59:07.0940 6056 toshidpt - detected UnsignedFile.Multi.Generic (1)
12:59:07.0956 6056 TosIde - ok
12:59:08.0018 6056 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
12:59:08.0065 6056 tosporte ( UnsignedFile.Multi.Generic ) - warning
12:59:08.0065 6056 tosporte - detected UnsignedFile.Multi.Generic (1)
12:59:08.0128 6056 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys
12:59:08.0159 6056 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
12:59:08.0159 6056 Tosrfbd - detected UnsignedFile.Multi.Generic (1)
12:59:08.0206 6056 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
12:59:08.0237 6056 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
12:59:08.0237 6056 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
12:59:08.0284 6056 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
12:59:08.0315 6056 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
12:59:08.0315 6056 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
12:59:08.0503 6056 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
12:59:08.0534 6056 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
12:59:08.0534 6056 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
12:59:08.0581 6056 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
12:59:08.0612 6056 tosrfnds ( UnsignedFile.Multi.Generic ) - warning
12:59:08.0612 6056 tosrfnds - detected UnsignedFile.Multi.Generic (1)
12:59:08.0659 6056 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
12:59:08.0675 6056 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
12:59:08.0675 6056 TosRfSnd - detected UnsignedFile.Multi.Generic (1)
12:59:08.0737 6056 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys
12:59:08.0768 6056 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
12:59:08.0768 6056 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
12:59:08.0847 6056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:59:09.0128 6056 Udfs - ok
12:59:09.0253 6056 ultra - ok
12:59:09.0347 6056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:59:09.0581 6056 Update - ok
12:59:09.0628 6056 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:59:09.0706 6056 USBAAPL - ok
12:59:09.0768 6056 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:59:09.0972 6056 usbaudio - ok
12:59:10.0143 6056 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:59:10.0331 6056 usbccgp - ok
12:59:10.0393 6056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:59:10.0597 6056 usbehci - ok
12:59:10.0659 6056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:59:10.0847 6056 usbhub - ok
12:59:10.0909 6056 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:59:11.0097 6056 usbohci - ok
12:59:11.0268 6056 USBREC (8d9e86d710889ebb31dd42435922da2f) C:\WINDOWS\system32\DRIVERS\USBREC.sys
12:59:11.0362 6056 USBREC - ok
12:59:11.0425 6056 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:59:11.0628 6056 usbscan - ok
12:59:11.0706 6056 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:59:11.0972 6056 USBSTOR - ok
12:59:12.0097 6056 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:59:12.0284 6056 usbuhci - ok
12:59:12.0409 6056 USBVCD (f4a825865e31a849aca14efc8340f229) C:\WINDOWS\system32\drivers\USBVCD.sys
12:59:12.0456 6056 USBVCD - ok
12:59:12.0550 6056 VCIDRV (9b58d735c22e218e717f055d06354b77) C:\WINDOWS\system32\DRIVERS\VCIDRV.sys
12:59:12.0581 6056 VCIDRV - ok
12:59:12.0659 6056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:59:12.0831 6056 VgaSave - ok
12:59:12.0862 6056 ViaIde - ok
12:59:12.0925 6056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:59:13.0190 6056 VolSnap - ok
12:59:13.0284 6056 VPROEVENTMONITOR - ok
12:59:13.0440 6056 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
12:59:13.0643 6056 w39n51 - ok
12:59:13.0768 6056 W8335XP (b21116c6a922379f7693b66f90985016) C:\WINDOWS\system32\DRIVERS\Mrvw125.sys
12:59:13.0862 6056 W8335XP - ok
12:59:14.0050 6056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:59:14.0362 6056 Wanarp - ok
12:59:14.0425 6056 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
12:59:14.0503 6056 wceusbsh - ok
12:59:14.0643 6056 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:59:14.0690 6056 Wdf01000 - ok
12:59:14.0800 6056 WDICA - ok
12:59:14.0862 6056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:59:15.0112 6056 wdmaud - ok
12:59:15.0222 6056 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:59:15.0315 6056 winachsf - ok
12:59:15.0472 6056 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
12:59:15.0518 6056 WpdUsb - ok
12:59:15.0800 6056 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:59:16.0097 6056 WS2IFSL - ok
12:59:16.0175 6056 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:59:16.0362 6056 WSTCODEC - ok
12:59:16.0472 6056 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:59:16.0534 6056 WudfPf - ok
12:59:16.0643 6056 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:59:16.0690 6056 WudfRd - ok
12:59:16.0753 6056 xpsec - ok
12:59:16.0831 6056 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
12:59:16.0831 6056 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
12:59:16.0831 6056 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
12:59:16.0987 6056 Boot (0x1200) (72412319608862f60692e879058fe6c0) \Device\Harddisk0\DR0\Partition0
12:59:16.0987 6056 \Device\Harddisk0\DR0\Partition0 - ok
12:59:16.0987 6056 Boot (0x1200) (a9662f7a49f35981ba269aa730df7118) \Device\Harddisk0\DR0\Partition1
12:59:17.0003 6056 \Device\Harddisk0\DR0\Partition1 - ok
12:59:17.0003 6056 ============================================================
12:59:17.0003 6056 Scan finished
12:59:17.0003 6056 ============================================================
12:59:17.0128 4048 Detected object count: 16
12:59:17.0128 4048 Actual detected object count: 16
13:44:42.0097 4048 3xHybrid ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0097 4048 3xHybrid ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0097 4048 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0097 4048 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0097 4048 FdRedir ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0097 4048 FdRedir ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0097 4048 FileDisk2 ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0097 4048 FileDisk2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0097 4048 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0097 4048 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0112 4048 shpf ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0112 4048 shpf ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0112 4048 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0112 4048 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0112 4048 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0112 4048 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0112 4048 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0112 4048 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0128 4048 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0128 4048 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0128 4048 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0128 4048 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0128 4048 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0128 4048 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0128 4048 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0128 4048 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0128 4048 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0128 4048 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0143 4048 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:42.0143 4048 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:44:42.0550 4048 \Device\Harddisk0\DR0\# - copied to quarantine
13:44:42.0550 4048 \Device\Harddisk0\DR0 - copied to quarantine
13:44:42.0581 4048 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
13:44:42.0597 4048 \Device\Harddisk0\DR0 - ok
13:44:42.0597 4048 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
13:44:52.0253 5232 Deinitialize success

------------------------------------------------------
Computer is still running at Max processing...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP