Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avast Detected MBR:Whistler [Rtk] [Solved]


  • This topic is locked This topic is locked

#1
DZSlasher

DZSlasher

    Member

  • Member
  • PipPip
  • 21 posts
In a recent scan of avast, it detected MBR:Whistler [Rtk]. The file name is Disk 0 Master Boot Record. I asked a friend who is good with computers and he said that I should run combofix. Unfortunately, the virus is still there. I have been having issues with my internet. It takes extremely long to open any webpages. It never did that before. I have a high speed internet connection. What are the steps that I need to take to get rid of this virus? Any help would be much appreciated. Here is my OTL log.

OTL logfile created on: 3/9/2012 1:01:28 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Arjun\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 51.21% Memory free
7.93 Gb Paging File | 6.35 Gb Available in Paging File | 80.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.31 Gb Total Space | 48.90 Gb Free Space | 22.20% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 135.71 Gb Free Space | 58.28% Space Free | Partition Type: NTFS
Drive E: | 12.58 Gb Total Space | 1.97 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
Drive G: | 1.87 Gb Total Space | 1.87 Gb Free Space | 99.97% Space Free | Partition Type: FAT

Computer Name: ARJUN-PC | User Name: Arjun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/09 12:59:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Arjun\Desktop\OTL.exe
PRC - [2012/03/08 23:28:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/04 16:00:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/31 10:43:30 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2011/05/31 10:43:30 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/04 16:00:57 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/05 21:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/17 01:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 13:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2012/03/08 23:28:42 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/19 21:36:41 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/19 05:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/12/18 11:55:55 | 003,316,000 | ---- | M] () [On_Demand | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/31 10:43:30 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/03/17 20:51:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/05 21:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/12/05 21:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/05 20:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/12/05 13:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/06/17 19:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/30 05:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 05:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/04/30 05:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/04/30 05:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 11:12:48 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/02/26 14:18:02 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/22 19:11:40 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/17 14:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 14:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/05/27 21:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/11 12:00:40 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/04/14 00:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/23 13:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 23:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 6B C2 08 87 EA CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "about:blank"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Arjun\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Arjun\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Arjun\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Arjun\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Arjun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 12.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012/01/29 14:55:47 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 12.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/19 10:13:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/04 16:01:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/08 11:20:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/09/08 11:20:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/05/24 17:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arjun\AppData\Roaming\Mozilla\Extensions
[2010/10/22 20:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arjun\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/02/19 20:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arjun\AppData\Roaming\Mozilla\Firefox\Profiles\rgtjei8m.default\extensions
[2012/01/03 11:48:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Arjun\AppData\Roaming\Mozilla\Firefox\Profiles\rgtjei8m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/02/19 20:35:54 | 000,000,000 | ---D | M] (Stratiform) -- C:\Users\Arjun\AppData\Roaming\Mozilla\Firefox\Profiles\rgtjei8m.default\extensions\[email protected]
[2011/06/22 10:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/12 18:07:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ARJUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RGTJEI8M.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/04 16:00:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/04 16:00:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/03/09 11:14:39 | 001,045,189 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 31266 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Arjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Arjun\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Arjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe - Shortcut.lnk = C:\Users\Arjun\Downloads\ProcessExplorer\procexp.exe (Sysinternals - www.sysinternals.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 136.176.120.10 136.176.253.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D14B65E-8F46-4150-8402-3C2DBEA6C656}: DhcpNameServer = 136.176.120.10 136.176.253.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E8B0F8A-143E-453B-AFE7-66C17D3C325C}: DhcpNameServer = 136.176.253.10 136.176.120.10
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/09 13:00:35 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Arjun\Desktop\OTL.exe
[2012/03/08 22:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/03/08 18:03:33 | 000,000,000 | ---D | C] -- C:\Users\Arjun\Desktop\Psych.S06E11.PROPER.720p.HDTV.x264-ORENJI
[2012/03/08 12:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/08 12:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/07 19:23:04 | 000,000,000 | ---D | C] -- C:\Users\Arjun\AppData\Roaming\StreamTorrent
[2012/03/07 19:23:03 | 000,000,000 | ---D | C] -- C:\Users\Arjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamTorrent 1.0
[2012/03/07 19:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTorrent 1.0
[2012/03/05 17:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2012/03/05 17:55:45 | 000,000,000 | ---D | C] -- C:\Users\Arjun\AppData\Roaming\Oracle
[2012/03/05 17:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle Crystal Ball
[2012/03/05 17:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/03/05 17:54:27 | 000,000,000 | ---D | C] -- C:\Users\Arjun\AppData\Local\ApplicationHistory
[2012/03/05 17:51:59 | 000,000,000 | ---D | C] -- C:\Users\Arjun\AppData\Local\Downloaded Installations
[2012/03/01 23:14:50 | 000,000,000 | ---D | C] -- C:\Users\Arjun\Documents\My Digital Editions
[2012/02/29 09:51:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/29 09:47:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/29 01:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/29 01:24:51 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/29 01:24:51 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/29 01:24:43 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/02/29 01:24:41 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/29 01:24:40 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/29 01:24:39 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/29 01:24:24 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/29 01:24:24 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/29 01:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/29 01:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/27 01:57:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/27 01:57:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/27 01:57:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/27 01:56:36 | 004,420,481 | R--- | C] (Swearware) -- C:\Users\Arjun\Desktop\ComboFix.exe
[2012/02/27 01:56:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/27 01:54:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/24 15:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/02/23 19:25:57 | 000,000,000 | ---D | C] -- C:\Users\Arjun\AppData\Roaming\Becker Professional Education
[2012/02/23 16:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/23 16:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/20 09:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/02/13 13:41:04 | 000,000,000 | ---D | C] -- C:\Users\Arjun\Documents\Battlefield 3
[2012/02/13 13:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/02/13 13:25:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/02/13 11:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/02/13 11:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/02/13 11:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Pro Control Center
[2012/02/11 08:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/09 13:04:50 | 000,890,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/09 13:04:50 | 000,738,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/09 13:04:50 | 000,150,686 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/09 12:59:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Arjun\Desktop\OTL.exe
[2012/03/09 12:41:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4249213004-2586139575-3597199197-1000UA.job
[2012/03/09 11:14:39 | 001,045,189 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/09 09:48:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/08 23:28:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/03/08 23:28:25 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/03/08 23:28:25 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/08 23:27:52 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/03/08 23:17:30 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 23:17:30 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 23:09:26 | 3195,420,672 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 20:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4249213004-2586139575-3597199197-1000Core.job
[2012/03/07 17:39:51 | 000,000,908 | ---- | M] () -- C:\Users\Arjun\Desktop\12oihbqeorvfhbpiubqnfv3_350_ref.mov
[2012/03/01 13:36:04 | 000,001,019 | ---- | M] () -- C:\Users\Arjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/29 01:24:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/02/28 20:42:42 | 000,001,329 | ---- | M] () -- C:\Users\Arjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe - Shortcut.lnk
[2012/02/27 10:21:07 | 001,045,129 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120309-111439.backup
[2012/02/27 02:22:56 | 000,610,475 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120227-102107.backup
[2012/02/25 17:19:40 | 004,420,481 | R--- | M] (Swearware) -- C:\Users\Arjun\Desktop\ComboFix.exe
[2012/02/16 13:40:22 | 000,002,114 | ---- | M] () -- C:\Users\Arjun\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/02/16 11:38:48 | 004,968,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/14 00:20:43 | 000,013,013 | ---- | M] () -- C:\Users\Arjun\AppData\Roaming\Comma Separated Values (Windows).CAL
[2012/02/09 17:01:39 | 493,354,719 | ---- | M] () -- C:\Windows\MEMORY.DMP
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/07 17:39:51 | 000,000,908 | ---- | C] () -- C:\Users\Arjun\Desktop\12oihbqeorvfhbpiubqnfv3_350_ref.mov
[2012/03/01 23:14:42 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/03/01 13:36:04 | 000,001,019 | ---- | C] () -- C:\Users\Arjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/28 20:42:42 | 000,001,329 | ---- | C] () -- C:\Users\Arjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe - Shortcut.lnk
[2012/02/27 01:57:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/27 01:57:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/27 01:57:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/27 01:57:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/27 01:57:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/14 00:20:43 | 000,013,013 | ---- | C] () -- C:\Users\Arjun\AppData\Roaming\Comma Separated Values (Windows).CAL
[2012/02/09 17:01:39 | 493,354,719 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/12/05 20:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/12/05 20:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/12 17:43:13 | 000,037,126 | ---- | C] () -- C:\Users\Arjun\AppData\Roaming\UserTile.png
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/07 14:17:13 | 000,000,562 | ---- | C] () -- C:\Users\Arjun\AppData\Roaming\AutoGK.ini
[2011/06/09 10:53:21 | 000,001,903 | ---- | C] () -- C:\Windows\explorer.exe - Shortcut.lnk
[2011/05/31 10:43:52 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011/05/17 16:33:18 | 000,883,742 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/17 16:30:10 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/04/28 00:08:12 | 000,000,132 | ---- | C] () -- C:\Users\Arjun\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/03/28 10:30:12 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/28 10:30:12 | 000,000,088 | RHS- | C] () -- C:\ProgramData\DD95ABB2BC.sys
[2011/03/27 21:18:09 | 000,000,008 | -H-- | C] () -- C:\Users\Arjun\AppData\Local\L8457789110
[2011/03/21 22:56:20 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/03/21 22:20:16 | 000,611,840 | ---- | C] () -- C:\Windows\SysWow64\DVD43.dll
[2011/02/28 16:57:17 | 000,000,444 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/02/01 13:06:15 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2010/12/14 15:44:22 | 000,164,794 | ---- | C] () -- C:\Windows\hpoins13.dat
[2010/12/14 15:44:22 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2010/12/05 19:58:26 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/11/29 00:44:07 | 000,188,448 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/11/26 17:42:32 | 000,000,575 | ---- | C] () -- C:\Windows\hpwmdl21.dat.temp
[2010/11/13 15:38:32 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/11/13 15:38:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/04 20:58:02 | 000,000,132 | ---- | C] () -- C:\Users\Arjun\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/10/23 13:40:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/22 20:14:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/22 19:23:41 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/10/22 18:34:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/08/08 10:07:29 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\ACFEExamPrep
[2011/03/28 10:26:47 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\ACT
[2011/07/18 10:50:06 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Audacity
[2010/11/03 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Auslogics
[2012/03/08 21:06:27 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Becker Professional Education
[2011/10/15 23:09:55 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Box.Net
[2011/01/05 10:28:44 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\CD Art Display
[2010/12/15 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/11 09:02:17 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\DAEMON Tools Lite
[2012/03/08 23:10:19 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Dropbox
[2011/03/26 20:31:13 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Electronic Arts
[2011/03/27 21:19:04 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\FileMaker Pro
[2011/05/14 00:24:24 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Gleim
[2011/03/07 15:45:34 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\ImgBurn
[2011/03/28 10:30:10 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\IsolatedStorage
[2011/01/30 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Leadertech
[2011/05/24 00:09:11 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\LibrariIcon
[2010/10/23 12:19:17 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\mkvtoolnix
[2012/03/05 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Oracle
[2011/11/18 15:43:39 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Origin
[2010/10/23 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Rainmeter
[2012/01/15 19:38:44 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\redsn0w
[2012/03/08 21:13:27 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Spotify
[2011/07/31 10:50:12 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/03/07 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\StreamTorrent
[2011/08/02 16:42:50 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\TeamViewer
[2011/03/27 23:03:55 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\TheraQuick Demo
[2010/10/22 20:14:33 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\Thunderbird
[2012/01/09 11:47:14 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\TS3Client
[2011/07/25 16:01:50 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\webex
[2011/11/18 16:05:27 | 000,000,000 | ---D | M] -- C:\Users\Arjun\AppData\Roaming\XWindows Dock
[2012/01/28 21:44:48 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:502D809E

< End of report >

Edited by DZSlasher, 09 March 2012 - 01:28 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you run the following for me please

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
DZSlasher

DZSlasher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thank you Essexboy for your help. I have tried to run the program twice as an admin and both times the program crashed before the scan could finish. The version of the program that I am using is aswMBR 0.9.9.1649. I have avast installed. Should I disable it when I run the scan?
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No that is an indication of the problem

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#5
DZSlasher

DZSlasher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I ran TDSSKiller and I got this warning message when I selected cure for the malicious object. I left it up since I was not sure what to press.

Attached Thumbnails

  • Message From TDSSKiller.jpg

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Select cure, that is if you had an old version of a dell computer or the like where they have a specific bootloader for factory restore, windows 7 is different . If you are running a dual boot we will need to repair that later
  • 0

#7
DZSlasher

DZSlasher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
So should I select yes on the warning? Thanks.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thats right

Once done post the log and let me know what problems remain
  • 0

#9
DZSlasher

DZSlasher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the log from TDSSKiller. My computer still takes an extremely long time to load a webpage. Should I run an Avast antivirus scan to see if the virus is still there? What program can I use to wipe my flash drives to make sure that they don't have the rootkit?

10:32:30.0493 1400 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
10:32:30.0863 1400 ============================================================
10:32:30.0863 1400 Current date / time: 2012/03/10 10:32:30.0863
10:32:30.0863 1400 SystemInfo:
10:32:30.0863 1400
10:32:30.0863 1400 OS Version: 6.1.7601 ServicePack: 1.0
10:32:30.0863 1400 Product type: Workstation
10:32:30.0863 1400 ComputerName: ARJUN-PC
10:32:30.0863 1400 UserName: Arjun
10:32:30.0863 1400 Windows directory: C:\Windows
10:32:30.0863 1400 System windows directory: C:\Windows
10:32:30.0863 1400 Running under WOW64
10:32:30.0863 1400 Processor architecture: Intel x64
10:32:30.0863 1400 Number of processors: 2
10:32:30.0863 1400 Page size: 0x1000
10:32:30.0863 1400 Boot type: Normal boot
10:32:30.0863 1400 ============================================================
10:32:32.0752 1400 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:32:32.0752 1400 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:32:32.0784 1400 \Device\Harddisk1\DR1:
10:32:32.0784 1400 MBR used
10:32:32.0784 1400 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1B89D800
10:32:32.0784 1400 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1B89E000, BlocksNum 0x1927000
10:32:32.0784 1400 \Device\Harddisk0\DR0:
10:32:32.0827 1400 MBR used
10:32:32.0827 1400 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
10:32:34.0326 1400 Initialize success
10:32:34.0326 1400 ============================================================
10:33:04.0160 4504 ============================================================
10:33:04.0160 4504 Scan started
10:33:04.0160 4504 Mode: Manual; SigCheck; TDLFS;
10:33:04.0161 4504 ============================================================
10:33:04.0884 4504 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:33:05.0192 4504 1394ohci - ok
10:33:05.0395 4504 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:33:05.0496 4504 Accelerometer - ok
10:33:05.0556 4504 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:33:05.0602 4504 ACPI - ok
10:33:05.0642 4504 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:33:05.0680 4504 AcpiPmi - ok
10:33:05.0770 4504 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:33:05.0796 4504 adp94xx - ok
10:33:05.0840 4504 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:33:05.0861 4504 adpahci - ok
10:33:05.0891 4504 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:33:05.0909 4504 adpu320 - ok
10:33:05.0987 4504 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:33:06.0060 4504 AFD - ok
10:33:06.0161 4504 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
10:33:06.0259 4504 AgereSoftModem - ok
10:33:06.0365 4504 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:33:06.0380 4504 agp440 - ok
10:33:06.0448 4504 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:33:06.0463 4504 aliide - ok
10:33:06.0500 4504 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:33:06.0514 4504 amdide - ok
10:33:06.0558 4504 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:33:06.0601 4504 AmdK8 - ok
10:33:06.0886 4504 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
10:33:07.0249 4504 amdkmdag - ok
10:33:07.0351 4504 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
10:33:07.0424 4504 amdkmdap - ok
10:33:07.0504 4504 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:33:07.0547 4504 AmdPPM - ok
10:33:07.0613 4504 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:33:07.0630 4504 amdsata - ok
10:33:07.0661 4504 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:33:07.0679 4504 amdsbs - ok
10:33:07.0697 4504 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:33:07.0712 4504 amdxata - ok
10:33:07.0758 4504 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:33:07.0832 4504 AppID - ok
10:33:07.0986 4504 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:33:08.0002 4504 arc - ok
10:33:08.0064 4504 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:33:08.0081 4504 arcsas - ok
10:33:08.0180 4504 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
10:33:08.0194 4504 aswFsBlk - ok
10:33:08.0243 4504 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
10:33:08.0257 4504 aswMonFlt - ok
10:33:08.0328 4504 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
10:33:08.0342 4504 aswRdr - ok
10:33:08.0387 4504 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
10:33:08.0422 4504 aswSnx - ok
10:33:08.0467 4504 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
10:33:08.0487 4504 aswSP - ok
10:33:08.0570 4504 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
10:33:08.0583 4504 aswTdi - ok
10:33:08.0616 4504 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:33:08.0691 4504 AsyncMac - ok
10:33:08.0782 4504 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:33:08.0796 4504 atapi - ok
10:33:08.0899 4504 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
10:33:08.0914 4504 AtiHDAudioService - ok
10:33:09.0174 4504 atikmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
10:33:09.0323 4504 atikmdag - ok
10:33:09.0427 4504 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:33:09.0473 4504 b06bdrv - ok
10:33:09.0526 4504 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:33:09.0578 4504 b57nd60a - ok
10:33:09.0698 4504 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:33:09.0805 4504 BCM43XX - ok
10:33:09.0852 4504 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:33:09.0956 4504 Beep - ok
10:33:10.0043 4504 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:33:10.0083 4504 blbdrive - ok
10:33:10.0166 4504 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:33:10.0240 4504 bowser - ok
10:33:10.0304 4504 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:33:10.0353 4504 BrFiltLo - ok
10:33:10.0399 4504 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:33:10.0420 4504 BrFiltUp - ok
10:33:10.0478 4504 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:33:10.0539 4504 BridgeMP - ok
10:33:10.0585 4504 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:33:10.0656 4504 Brserid - ok
10:33:10.0680 4504 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:33:10.0721 4504 BrSerWdm - ok
10:33:10.0777 4504 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:33:10.0817 4504 BrUsbMdm - ok
10:33:10.0826 4504 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:33:10.0855 4504 BrUsbSer - ok
10:33:10.0908 4504 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:33:10.0945 4504 BthEnum - ok
10:33:10.0977 4504 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:33:11.0021 4504 BTHMODEM - ok
10:33:11.0058 4504 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:33:11.0081 4504 BthPan - ok
10:33:11.0169 4504 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:33:11.0218 4504 BTHPORT - ok
10:33:11.0271 4504 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:33:11.0304 4504 BTHUSB - ok
10:33:11.0358 4504 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
10:33:11.0374 4504 btusbflt - ok
10:33:11.0388 4504 catchme - ok
10:33:11.0420 4504 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:33:11.0488 4504 cdfs - ok
10:33:11.0555 4504 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:33:11.0597 4504 cdrom - ok
10:33:11.0661 4504 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:33:11.0684 4504 circlass - ok
10:33:11.0730 4504 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:33:11.0753 4504 CLFS - ok
10:33:11.0809 4504 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:33:11.0847 4504 CmBatt - ok
10:33:11.0913 4504 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:33:11.0928 4504 cmdide - ok
10:33:11.0967 4504 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:33:12.0029 4504 CNG - ok
10:33:12.0062 4504 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:33:12.0077 4504 Compbatt - ok
10:33:12.0122 4504 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:33:12.0157 4504 CompositeBus - ok
10:33:12.0266 4504 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys
10:33:12.0280 4504 cpuz133 - ok
10:33:12.0313 4504 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:33:12.0327 4504 crcdisk - ok
10:33:12.0393 4504 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:33:12.0476 4504 CSC - ok
10:33:12.0541 4504 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:33:12.0634 4504 DfsC - ok
10:33:12.0691 4504 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:33:12.0798 4504 discache - ok
10:33:12.0849 4504 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:33:12.0865 4504 Disk - ok
10:33:12.0942 4504 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:33:12.0996 4504 Dot4 - ok
10:33:13.0044 4504 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:33:13.0088 4504 Dot4Print - ok
10:33:13.0121 4504 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:33:13.0159 4504 dot4usb - ok
10:33:13.0214 4504 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:33:13.0285 4504 drmkaud - ok
10:33:13.0347 4504 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:33:13.0365 4504 dtsoftbus01 - ok
10:33:13.0461 4504 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:33:13.0507 4504 DXGKrnl - ok
10:33:13.0620 4504 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:33:13.0746 4504 ebdrv - ok
10:33:13.0812 4504 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:33:13.0837 4504 elxstor - ok
10:33:13.0922 4504 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:33:13.0961 4504 ErrDev - ok
10:33:14.0040 4504 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:33:14.0151 4504 exfat - ok
10:33:14.0194 4504 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:33:14.0265 4504 fastfat - ok
10:33:14.0306 4504 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:33:14.0346 4504 fdc - ok
10:33:14.0400 4504 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:33:14.0418 4504 FileInfo - ok
10:33:14.0441 4504 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:33:14.0504 4504 Filetrace - ok
10:33:14.0572 4504 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:33:14.0592 4504 flpydisk - ok
10:33:14.0646 4504 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:33:14.0668 4504 FltMgr - ok
10:33:14.0722 4504 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:33:14.0738 4504 FsDepends - ok
10:33:14.0747 4504 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:33:14.0762 4504 Fs_Rec - ok
10:33:14.0812 4504 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:33:14.0836 4504 fvevol - ok
10:33:14.0875 4504 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:33:14.0891 4504 gagp30kx - ok
10:33:14.0938 4504 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:33:14.0950 4504 GEARAspiWDM - ok
10:33:15.0018 4504 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:33:15.0038 4504 hcw85cir - ok
10:33:15.0090 4504 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:33:15.0144 4504 HdAudAddService - ok
10:33:15.0200 4504 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:33:15.0241 4504 HDAudBus - ok
10:33:15.0277 4504 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:33:15.0297 4504 HidBatt - ok
10:33:15.0308 4504 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:33:15.0352 4504 HidBth - ok
10:33:15.0383 4504 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:33:15.0452 4504 HidIr - ok
10:33:15.0503 4504 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:33:15.0538 4504 HidUsb - ok
10:33:15.0774 4504 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:33:15.0788 4504 hpdskflt - ok
10:33:15.0919 4504 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:33:15.0935 4504 HpSAMD - ok
10:33:16.0013 4504 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:33:16.0092 4504 HTTP - ok
10:33:16.0160 4504 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:33:16.0175 4504 hwpolicy - ok
10:33:16.0248 4504 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:33:16.0267 4504 i8042prt - ok
10:33:16.0319 4504 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:33:16.0398 4504 iaStorV - ok
10:33:16.0444 4504 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:33:16.0459 4504 iirsp - ok
10:33:16.0518 4504 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:33:16.0535 4504 intelide - ok
10:33:16.0573 4504 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:33:16.0613 4504 intelppm - ok
10:33:16.0752 4504 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:33:16.0850 4504 IpFilterDriver - ok
10:33:16.0922 4504 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:33:16.0961 4504 IPMIDRV - ok
10:33:16.0991 4504 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:33:17.0072 4504 IPNAT - ok
10:33:17.0130 4504 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:33:17.0171 4504 IRENUM - ok
10:33:17.0227 4504 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:33:17.0242 4504 isapnp - ok
10:33:17.0273 4504 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:33:17.0308 4504 iScsiPrt - ok
10:33:17.0345 4504 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:33:17.0361 4504 kbdclass - ok
10:33:17.0409 4504 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:33:17.0443 4504 kbdhid - ok
10:33:17.0496 4504 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:33:17.0512 4504 KSecDD - ok
10:33:17.0541 4504 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:33:17.0559 4504 KSecPkg - ok
10:33:17.0606 4504 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:33:17.0670 4504 ksthunk - ok
10:33:17.0754 4504 LEqdUsb (abfd2b5726f4cce49297ae48806cc594) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
10:33:17.0769 4504 LEqdUsb - ok
10:33:17.0820 4504 LHidEqd (933f69cf9acd2498693bfcd7ed68e8d4) C:\Windows\system32\DRIVERS\LHidEqd.Sys
10:33:17.0834 4504 LHidEqd - ok
10:33:17.0943 4504 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:33:17.0957 4504 LHidFilt - ok
10:33:18.0026 4504 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:33:18.0087 4504 lltdio - ok
10:33:18.0163 4504 LMIInfo - ok
10:33:18.0229 4504 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
10:33:18.0244 4504 lmimirr - ok
10:33:18.0309 4504 LMIRfsClientNP - ok
10:33:18.0345 4504 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
10:33:18.0358 4504 LMIRfsDriver - ok
10:33:18.0415 4504 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:33:18.0429 4504 LMouFilt - ok
10:33:18.0480 4504 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:33:18.0498 4504 LSI_FC - ok
10:33:18.0517 4504 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:33:18.0534 4504 LSI_SAS - ok
10:33:18.0560 4504 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:33:18.0576 4504 LSI_SAS2 - ok
10:33:18.0588 4504 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:33:18.0605 4504 LSI_SCSI - ok
10:33:18.0641 4504 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:33:18.0707 4504 luafv - ok
10:33:18.0742 4504 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:33:18.0757 4504 megasas - ok
10:33:18.0778 4504 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:33:18.0799 4504 MegaSR - ok
10:33:18.0857 4504 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:33:18.0927 4504 Modem - ok
10:33:18.0966 4504 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:33:19.0006 4504 monitor - ok
10:33:19.0059 4504 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:33:19.0075 4504 mouclass - ok
10:33:19.0108 4504 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:33:19.0145 4504 mouhid - ok
10:33:19.0189 4504 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:33:19.0205 4504 mountmgr - ok
10:33:19.0248 4504 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:33:19.0266 4504 mpio - ok
10:33:19.0297 4504 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:33:19.0342 4504 mpsdrv - ok
10:33:19.0397 4504 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:33:19.0438 4504 MRxDAV - ok
10:33:19.0484 4504 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:33:19.0519 4504 mrxsmb - ok
10:33:19.0555 4504 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:33:19.0593 4504 mrxsmb10 - ok
10:33:19.0627 4504 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:33:19.0647 4504 mrxsmb20 - ok
10:33:19.0684 4504 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:33:19.0699 4504 msahci - ok
10:33:19.0730 4504 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:33:19.0747 4504 msdsm - ok
10:33:19.0817 4504 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:33:19.0860 4504 Msfs - ok
10:33:19.0918 4504 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:33:20.0001 4504 mshidkmdf - ok
10:33:20.0036 4504 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:33:20.0051 4504 msisadrv - ok
10:33:20.0103 4504 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:33:20.0162 4504 MSKSSRV - ok
10:33:20.0185 4504 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:33:20.0247 4504 MSPCLOCK - ok
10:33:20.0281 4504 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:33:20.0351 4504 MSPQM - ok
10:33:20.0393 4504 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:33:20.0416 4504 MsRPC - ok
10:33:20.0458 4504 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:33:20.0473 4504 mssmbios - ok
10:33:20.0545 4504 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:33:20.0601 4504 MSTEE - ok
10:33:20.0638 4504 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:33:20.0703 4504 MTConfig - ok
10:33:20.0745 4504 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:33:20.0760 4504 Mup - ok
10:33:20.0834 4504 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:33:20.0877 4504 NativeWifiP - ok
10:33:20.0946 4504 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:33:21.0013 4504 NDIS - ok
10:33:21.0054 4504 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:33:21.0114 4504 NdisCap - ok
10:33:21.0150 4504 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:33:21.0212 4504 NdisTapi - ok
10:33:21.0260 4504 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:33:21.0324 4504 Ndisuio - ok
10:33:21.0380 4504 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:33:21.0440 4504 NdisWan - ok
10:33:21.0485 4504 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:33:21.0548 4504 NDProxy - ok
10:33:21.0624 4504 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:33:21.0669 4504 NetBIOS - ok
10:33:21.0729 4504 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:33:21.0807 4504 NetBT - ok
10:33:21.0928 4504 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:33:21.0943 4504 nfrd960 - ok
10:33:21.0980 4504 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:33:22.0044 4504 Npfs - ok
10:33:22.0074 4504 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:33:22.0140 4504 nsiproxy - ok
10:33:22.0363 4504 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:33:22.0450 4504 Ntfs - ok
10:33:22.0623 4504 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:33:22.0703 4504 Null - ok
10:33:22.0768 4504 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:33:22.0787 4504 nvraid - ok
10:33:22.0811 4504 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:33:22.0829 4504 nvstor - ok
10:33:22.0944 4504 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:33:22.0961 4504 nv_agp - ok
10:33:23.0003 4504 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:33:23.0054 4504 ohci1394 - ok
10:33:23.0128 4504 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:33:23.0148 4504 Parport - ok
10:33:23.0187 4504 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:33:23.0204 4504 partmgr - ok
10:33:23.0240 4504 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:33:23.0259 4504 pci - ok
10:33:23.0283 4504 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:33:23.0300 4504 pciide - ok
10:33:23.0345 4504 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:33:23.0364 4504 pcmcia - ok
10:33:23.0382 4504 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:33:23.0398 4504 pcw - ok
10:33:23.0429 4504 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:33:23.0513 4504 PEAUTH - ok
10:33:23.0695 4504 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:33:23.0759 4504 PptpMiniport - ok
10:33:23.0824 4504 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:33:23.0861 4504 Processor - ok
10:33:23.0981 4504 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:33:24.0038 4504 Psched - ok
10:33:24.0284 4504 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:33:24.0347 4504 ql2300 - ok
10:33:24.0636 4504 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:33:24.0652 4504 ql40xx - ok
10:33:24.0817 4504 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:33:24.0869 4504 QWAVEdrv - ok
10:33:24.0991 4504 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:33:25.0068 4504 RasAcd - ok
10:33:25.0147 4504 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:33:25.0192 4504 RasAgileVpn - ok
10:33:25.0236 4504 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:33:25.0292 4504 Rasl2tp - ok
10:33:25.0330 4504 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:33:25.0393 4504 RasPppoe - ok
10:33:25.0431 4504 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:33:25.0490 4504 RasSstp - ok
10:33:25.0531 4504 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:33:25.0602 4504 rdbss - ok
10:33:25.0630 4504 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:33:25.0666 4504 rdpbus - ok
10:33:25.0691 4504 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:33:25.0755 4504 RDPCDD - ok
10:33:25.0801 4504 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:33:25.0851 4504 RDPDR - ok
10:33:25.0893 4504 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:33:25.0950 4504 RDPENCDD - ok
10:33:25.0984 4504 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:33:26.0028 4504 RDPREFMP - ok
10:33:26.0735 4504 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:33:26.0780 4504 RDPWD - ok
10:33:26.0903 4504 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:33:26.0923 4504 rdyboost - ok
10:33:27.0008 4504 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:33:27.0054 4504 RFCOMM - ok
10:33:27.0139 4504 RsFx0151 (c606c5f712a3761896ceffa4af6b1268) C:\Windows\system32\DRIVERS\RsFx0151.sys
10:33:27.0159 4504 RsFx0151 - ok
10:33:27.0214 4504 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:33:27.0297 4504 rspndr - ok
10:33:27.0337 4504 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:33:27.0370 4504 RTL8167 - ok
10:33:27.0406 4504 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:33:27.0440 4504 s3cap - ok
10:33:27.0469 4504 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:33:27.0486 4504 sbp2port - ok
10:33:27.0563 4504 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:33:27.0619 4504 scfilter - ok
10:33:27.0709 4504 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
10:33:27.0750 4504 sdbus - ok
10:33:27.0827 4504 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:33:27.0893 4504 secdrv - ok
10:33:27.0957 4504 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:33:27.0976 4504 Serenum - ok
10:33:28.0009 4504 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:33:28.0029 4504 Serial - ok
10:33:28.0062 4504 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:33:28.0115 4504 sermouse - ok
10:33:28.0250 4504 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
10:33:28.0302 4504 sffdisk - ok
10:33:28.0326 4504 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:33:28.0380 4504 sffp_mmc - ok
10:33:28.0412 4504 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:33:28.0449 4504 sffp_sd - ok
10:33:28.0482 4504 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:33:28.0532 4504 sfloppy - ok
10:33:28.0578 4504 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:33:28.0594 4504 SiSRaid2 - ok
10:33:28.0617 4504 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:33:28.0633 4504 SiSRaid4 - ok
10:33:28.0690 4504 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:33:28.0735 4504 Smb - ok
10:33:28.0766 4504 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:33:28.0782 4504 spldr - ok
10:33:28.0850 4504 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
10:33:28.0850 4504 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
10:33:28.0852 4504 sptd ( LockedFile.Multi.Generic ) - warning
10:33:28.0853 4504 sptd - detected LockedFile.Multi.Generic (1)
10:33:28.0939 4504 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:33:29.0002 4504 srv - ok
10:33:29.0045 4504 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:33:29.0089 4504 srv2 - ok
10:33:29.0122 4504 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:33:29.0176 4504 srvnet - ok
10:33:29.0258 4504 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:33:29.0273 4504 stexstor - ok
10:33:29.0317 4504 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
10:33:29.0373 4504 STHDA - ok
10:33:29.0423 4504 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:33:29.0439 4504 storflt - ok
10:33:29.0467 4504 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:33:29.0483 4504 storvsc - ok
10:33:29.0511 4504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:33:29.0526 4504 swenum - ok
10:33:29.0580 4504 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
10:33:29.0601 4504 SynTP - ok
10:33:29.0815 4504 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:33:29.0956 4504 Tcpip - ok
10:33:30.0120 4504 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:33:30.0165 4504 TCPIP6 - ok
10:33:30.0316 4504 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:33:30.0380 4504 tcpipreg - ok
10:33:30.0619 4504 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:33:30.0689 4504 TDPIPE - ok
10:33:30.0715 4504 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:33:30.0758 4504 TDTCP - ok
10:33:30.0803 4504 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:33:30.0846 4504 tdx - ok
10:33:30.0907 4504 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:33:30.0923 4504 TermDD - ok
10:33:30.0982 4504 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:33:31.0041 4504 tssecsrv - ok
10:33:31.0087 4504 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:33:31.0106 4504 TsUsbFlt - ok
10:33:31.0146 4504 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:33:31.0210 4504 tunnel - ok
10:33:31.0291 4504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:33:31.0308 4504 uagp35 - ok
10:33:31.0345 4504 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:33:31.0392 4504 udfs - ok
10:33:31.0463 4504 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:33:31.0479 4504 uliagpkx - ok
10:33:31.0511 4504 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:33:31.0548 4504 umbus - ok
10:33:31.0609 4504 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:33:31.0659 4504 UmPass - ok
10:33:31.0728 4504 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:33:31.0764 4504 USBAAPL64 - ok
10:33:31.0814 4504 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:33:31.0834 4504 usbccgp - ok
10:33:31.0916 4504 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:33:31.0976 4504 usbcir - ok
10:33:32.0013 4504 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:33:32.0065 4504 usbehci - ok
10:33:32.0132 4504 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:33:32.0190 4504 usbhub - ok
10:33:32.0229 4504 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
10:33:32.0249 4504 usbohci - ok
10:33:32.0290 4504 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:33:32.0329 4504 usbprint - ok
10:33:32.0363 4504 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:33:32.0397 4504 usbscan - ok
10:33:32.0468 4504 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:33:32.0519 4504 USBSTOR - ok
10:33:32.0572 4504 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
10:33:32.0623 4504 usbuhci - ok
10:33:32.0675 4504 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:33:32.0700 4504 usbvideo - ok
10:33:32.0747 4504 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:33:32.0762 4504 vdrvroot - ok
10:33:32.0795 4504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:33:32.0816 4504 vga - ok
10:33:32.0852 4504 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:33:32.0915 4504 VgaSave - ok
10:33:32.0962 4504 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:33:32.0982 4504 vhdmp - ok
10:33:33.0023 4504 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:33:33.0038 4504 viaide - ok
10:33:33.0068 4504 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:33:33.0088 4504 vmbus - ok
10:33:33.0106 4504 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:33:33.0139 4504 VMBusHID - ok
10:33:33.0174 4504 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:33:33.0191 4504 volmgr - ok
10:33:33.0231 4504 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:33:33.0255 4504 volmgrx - ok
10:33:33.0283 4504 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:33:33.0304 4504 volsnap - ok
10:33:33.0351 4504 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:33:33.0369 4504 vsmraid - ok
10:33:33.0400 4504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:33:33.0444 4504 vwifibus - ok
10:33:33.0485 4504 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:33:33.0529 4504 vwififlt - ok
10:33:33.0552 4504 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:33:33.0575 4504 vwifimp - ok
10:33:33.0626 4504 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:33:33.0692 4504 WacomPen - ok
10:33:33.0739 4504 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:33:33.0794 4504 WANARP - ok
10:33:33.0820 4504 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:33:33.0865 4504 Wanarpv6 - ok
10:33:33.0937 4504 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:33:33.0953 4504 Wd - ok
10:33:33.0991 4504 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:33:34.0039 4504 Wdf01000 - ok
10:33:34.0103 4504 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:33:34.0146 4504 WfpLwf - ok
10:33:34.0156 4504 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:33:34.0173 4504 WIMMount - ok
10:33:34.0267 4504 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:33:34.0308 4504 WinUsb - ok
10:33:34.0361 4504 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:33:34.0381 4504 WmiAcpi - ok
10:33:34.0435 4504 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:33:34.0503 4504 ws2ifsl - ok
10:33:34.0687 4504 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:33:34.0772 4504 WudfPf - ok
10:33:34.0910 4504 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:33:34.0989 4504 WUDFRd - ok
10:33:35.0031 4504 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
10:33:35.0117 4504 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
10:33:35.0117 4504 \Device\Harddisk1\DR1 - detected TDSS File System (1)
10:33:35.0121 4504 MBR (0x1B8) (aef77fdf8f06bc54c8041253e8697c8b) \Device\Harddisk0\DR0
10:33:35.0121 4504 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
10:33:35.0121 4504 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
10:33:35.0528 4504 Boot (0x1200) (6429d61e2bd621e495bd0ad135716036) \Device\Harddisk1\DR1\Partition0
10:33:35.0529 4504 \Device\Harddisk1\DR1\Partition0 - ok
10:33:35.0910 4504 Boot (0x1200) (21aa69a6aad05eb347b8847a52a538fa) \Device\Harddisk1\DR1\Partition1
10:33:35.0911 4504 \Device\Harddisk1\DR1\Partition1 - ok
10:33:35.0915 4504 Boot (0x1200) (031f00f14948ac9f90940e4c558620e8) \Device\Harddisk0\DR0\Partition0
10:33:35.0916 4504 \Device\Harddisk0\DR0\Partition0 - ok
10:33:35.0917 4504 ============================================================
10:33:35.0917 4504 Scan finished
10:33:35.0917 4504 ============================================================
10:33:35.0931 1300 Detected object count: 3
10:33:35.0931 1300 Actual detected object count: 3
10:34:58.0125 1300 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:34:58.0126 1300 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:34:58.0127 1300 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
10:34:58.0128 1300 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip
10:34:58.0651 1300 \Device\Harddisk0\DR0\# - copied to quarantine
10:34:58.0652 1300 \Device\Harddisk0\DR0 - copied to quarantine
10:34:58.0655 1300 \Device\Harddisk0\DR0 - processing error
14:20:40.0258 1300 \Device\Harddisk0\DR0 - will be restored on reboot
14:20:40.0258 1300 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure Restore
14:20:57.0796 4784 Deinitialize success

Edited by DZSlasher, 10 March 2012 - 02:28 PM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the main miscreant is out of the way we will get the remainder.

First re-run aswMBR again this time it should run properly
Save and then post the log

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

Advertisements


#11
DZSlasher

DZSlasher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I am currently running the aswMBR scan again. As I said in my first post, I have run ComboFix once before. I never uninstalled it from my computer. Should I still run it again? Thanks for your help.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes but allow it to update, a good sign is that aswMBR is now running.. This will do a full virus scan as you have Avast installed
  • 0

#13
DZSlasher

DZSlasher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
aswMBR keeps crashing. It crashes when it reaches my downloads folder. Should I just delete the folder? Since I can't get aswMBR to work right now, should I continue with ComboFix?
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes go direct to combofix.. Is it a specific file that aswMBR crashes on ?
  • 0

#15
DZSlasher

DZSlasher

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Unfortunately, I cant see what file it is search as the location is too long. Everything in my downloads folder can be deleted as it is not essential.

Here is the log from ComboFix.

ComboFix 12-03-10.02 - Arjun 03/11/2012 10:14:57.4.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4063.2773 [GMT -5:00]
Running from: c:\users\Arjun\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 15:26 . 2012-03-11 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 16:34 . 2012-03-10 16:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-09 17:07 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65FDD95B-7A5A-4099-A37A-F838CF441633}\mpengine.dll
2012-03-09 04:04 . 2012-03-09 05:27 -------- d-----w- c:\programdata\EA Logs
2012-03-08 18:07 . 2012-03-08 18:07 -------- d-----w- c:\program files\iPod
2012-03-08 18:06 . 2012-03-08 18:07 -------- d-----w- c:\program files\iTunes
2012-03-08 01:23 . 2012-03-08 01:23 -------- d-----w- c:\users\Arjun\AppData\Roaming\StreamTorrent
2012-03-08 01:23 . 2012-03-08 01:23 -------- d-----w- c:\program files (x86)\StreamTorrent 1.0
2012-03-05 23:56 . 2012-03-05 23:56 -------- d-----w- c:\programdata\Oracle
2012-03-05 23:55 . 2012-03-05 23:55 -------- d-----w- c:\users\Arjun\AppData\Roaming\Oracle
2012-03-05 23:54 . 2012-03-05 23:54 -------- d-----w- c:\program files\Oracle
2012-03-05 23:54 . 2012-03-05 23:54 -------- d-----w- c:\users\Arjun\AppData\Local\ApplicationHistory
2012-03-05 23:51 . 2012-03-05 23:51 -------- d-----w- c:\users\Arjun\AppData\Local\Downloaded Installations
2012-02-29 07:24 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-29 07:24 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-29 07:24 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-29 07:24 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-29 07:24 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-29 07:24 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-29 07:24 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-29 07:24 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-29 07:24 . 2012-02-29 07:24 -------- d-----w- c:\programdata\AVAST Software
2012-02-29 07:24 . 2012-02-29 07:24 -------- d-----w- c:\program files\AVAST Software
2012-02-24 01:25 . 2012-03-09 03:06 -------- d-----w- c:\users\Arjun\AppData\Roaming\Becker Professional Education
2012-02-23 22:33 . 2012-02-23 22:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-15 21:38 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 21:38 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 21:37 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 21:37 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 21:37 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 21:37 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 21:37 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 21:37 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 17:01 . 2012-02-15 17:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 17:01 . 2012-02-15 17:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-13 19:25 . 2012-02-13 19:25 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-02-13 17:44 . 2012-02-13 17:44 -------- d-----w- c:\programdata\ATI
2012-02-13 17:44 . 2012-02-13 17:44 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 05:28 . 2010-11-13 21:38 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-09 05:28 . 2010-11-14 01:37 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-09 05:28 . 2010-11-13 21:38 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-09 05:27 . 2010-11-13 21:38 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-23 19:34 . 2011-05-13 22:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 15:18 . 2010-10-23 00:34 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-11 02:50 . 2011-05-24 20:26 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-01-29 20:54 . 2012-01-29 20:54 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-22 17:22 . 2011-03-29 00:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[-] 2011-01-09 . BBF138DCC68AA2500868E277880B5FFE . 2387456 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[-] 2011-01-09 . BBF138DCC68AA2500868E277880B5FFE . 2387456 . . [6.1.7600.16385] .. c:\windows\W7SOC\explorer.exe
[-] 2011-01-09 . 7046BBFB8627A12E556F27FEEC3B74BE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[-] 2011-01-09 . 7046BBFB8627A12E556F27FEEC3B74BE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( [email protected]_08.11.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-11 15:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-27 05:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-27 05:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-11 15:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-27 05:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-11 15:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-23 01:14 . 2012-03-10 22:57 57310 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-11 15:14 42958 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-23 01:09 . 2012-03-11 15:14 22914 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4249213004-2586139575-3597199197-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-03-08 18:04 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-02-13 17:40 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-02-15 17:01 . 2012-02-15 17:01 52736 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_c111aaecb61e9a2b\usbaapl64.sys
+ 2010-10-23 00:38 . 2012-03-09 16:28 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-23 00:38 . 2012-02-25 01:54 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-23 00:38 . 2012-02-25 01:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-23 00:38 . 2012-03-09 16:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-09 16:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-25 01:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-03 02:26 . 2010-11-05 01:53 42856 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache_dumb.exe
+ 2012-03-11 14:59 . 2012-03-11 15:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-27 01:28 . 2012-02-27 01:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-11 14:59 . 2012-03-11 15:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-27 01:28 . 2012-02-27 01:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-28 19:42 . 2012-02-29 07:32 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-01-28 19:42 . 2012-02-27 01:30 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-10-29 17:03 . 2012-03-11 03:28 686286 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-10-23 01:03 . 2012-03-08 00:24 538856 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-03-11 15:17 738110 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-11 15:17 150686 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-03-08 18:04 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-13 17:40 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-08 18:04 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-02-13 17:40 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:12 . 2012-03-09 16:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-02-22 02:36 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-01-28 20:34 . 2011-11-28 18:01 256960 c:\windows\system32\aswBoot.exe
+ 2009-07-14 04:46 . 2012-03-08 04:24 108496 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-28 21:38 . 2012-03-11 03:56 472380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-26 18:52 472380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-05 23:55 . 2012-03-05 23:55 181552 c:\windows\Installer\{DCCAB2CD-3E76-4B47-A8DB-35BAF7B600A3}\NewShortcut8_77DE8483AD5B40328BFB64373B13C644.exe
+ 2012-03-05 23:55 . 2012-03-05 23:55 181552 c:\windows\Installer\{DCCAB2CD-3E76-4B47-A8DB-35BAF7B600A3}\NewShortcut7_4EA9AA8F225A4015877AD600ABE5522D.exe
+ 2012-03-05 23:55 . 2012-03-05 23:55 116016 c:\windows\Installer\{DCCAB2CD-3E76-4B47-A8DB-35BAF7B600A3}\NewShortcut5_032D5CE4C324433DA68CC0309CC21A78.exe
+ 2012-03-05 23:55 . 2012-03-05 23:55 181552 c:\windows\Installer\{DCCAB2CD-3E76-4B47-A8DB-35BAF7B600A3}\ARPPRODUCTICON.exe
+ 2012-03-08 18:07 . 2012-03-08 18:07 380928 c:\windows\Installer\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}\iTunesIco.exe
+ 2012-02-15 17:02 . 2012-02-15 17:02 236904 c:\windows\Installer\$PatchCache$\Managed\A977DA8BAD2856347A0DDAD3FC5CC5FF\5.1.1\OutlookChangeNotifierAddIn_x64.dll
+ 2012-02-15 17:02 . 2012-02-15 17:02 227176 c:\windows\Installer\$PatchCache$\Managed\A977DA8BAD2856347A0DDAD3FC5CC5FF\5.1.1\OutlookChangeNotifierAddIn.dll
+ 2012-02-15 17:01 . 2012-02-15 17:01 4547944 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_c111aaecb61e9a2b\usbaaplrc.dll
+ 2009-07-14 04:45 . 2012-03-06 19:43 7401034 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-02-16 17:41 7401034 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-11-04 16:00 . 2012-02-26 18:53 1708312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-28 21:38 . 2012-02-29 02:01 1708312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-05 20:46 . 2012-03-05 20:46 7978496 c:\windows\Installer\c152ec.msi
+ 2012-02-28 21:38 . 2012-03-11 03:56 58199408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4249213004-2586139575-3597199197-1000-12288.dat
+ 2012-03-05 23:51 . 2012-03-05 23:51 43736064 c:\windows\Installer\6d24bf5.msi
+ 2012-03-08 18:08 . 2012-03-08 18:08 11631616 c:\windows\Installer\482de8.msi
+ 2012-03-08 18:04 . 2012-03-08 18:04 48986624 c:\windows\Installer\482d50.msi
+ 2012-03-08 18:03 . 2012-03-08 18:03 11105280 c:\windows\Installer\482164.msi
+ 2012-03-08 18:02 . 2012-03-08 18:02 20396032 c:\windows\Installer\4820f8.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Arjun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Arjun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Arjun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Arjun\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\Arjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
procexp.exe - Shortcut.lnk - c:\users\Arjun\Downloads\ProcessExplorer\procexp.exe [2011-6-9 3412856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 59744]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [x]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP141
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 03:44]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 03:44]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249213004-2586139575-3597199197-1000Core.job
- c:\users\Arjun\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 22:49]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249213004-2586139575-3597199197-1000UA.job
- c:\users\Arjun\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 22:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Arjun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Arjun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Arjun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Arjun\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.11.1
FF - ProfilePath - c:\users\Arjun\AppData\Roaming\Mozilla\Firefox\Profiles\rgtjei8m.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - about:blank
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-11 10:29:28
ComboFix-quarantined-files.txt 2012-03-11 15:29
ComboFix2.txt 2012-02-29 15:47
ComboFix3.txt 2012-02-27 08:15
.
Pre-Run: 53,351,690,240 bytes free
Post-Run: 53,372,997,632 bytes free
.
- - End Of File - - 3A3A43D9E584A27EC0AE5D886FA5068B
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP