Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

*** atapi.sys Blue Screen


  • Please log in to reply

#1
Frank2012

Frank2012

    New Member

  • Member
  • Pip
  • 8 posts
I am getting a blue screen with the following error
STOP: 0x0000008E (0xC0000005,0xF797971D,0xF78F1A10,0X00000000)
*** atapi.sys - Address F797971D base at F796F000, DateStamp 4802539d
I can only boot up in safe mode with networking
XP Professional

Ran Malwarebytes Anti-Malware, VIPRE Rescue and now able to boot up normally sometimes. But when I try to run OTL,exe.OTL.com,OTL.scr I get the blue screen.
  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.




Please download DDS and save it to your desktop.
  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.
  • 0

#3
Frank2012

Frank2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Gammo thank you for your help. The following is the dds file as requested
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Run by Frank at 11:14:59 on 2012-04-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1221 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Pro Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Secure Online Account Numbers\SOAN.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: DeskshopBrowserHelper Class: {8db3d69d-da5e-4165-b781-72a761790672} - c:\windows\system32\BhoDshop.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SecureOnlineAccountNumbers] c:\program files\secure online account numbers\SOAN.exe /dontopenmycards
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [Motive SmartBridge] c:\progra~1\sbclig~1\smartb~1\MotiveSB.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - c:\program files\secure online account numbers\SOAN.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8436C91E-451F-42FE-88ED-8B71F42C4C1A} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\frank\application data\mozilla\firefox\profiles\7augm2h2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be62c6475-c58b-4215-b662-8e7ffa370426%7D&mid=3ebf833f5b44a923c3c4909d0e7e434c-18fd0cd6f712e7d410094866657335247f3bd4a7&ds=AVG&v=10.0.0.7&lang=us&pr=fr&d=2011-12-14%2014%3A36%3A38&sap=ku&q=
FF - component: c:\documents and settings\all users\application data\avg secure search\9.0.0.18\components\toolbarhomewmp.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-29 64512]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-22 130936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-11-15 98392]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-10-14 486280]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-9 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-9 476528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2152152]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-24 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-22 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-3 167264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-22 136176]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-2-2 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-2-2 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-2-2 81288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-23 20464]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2006-6-20 11520]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-2-13 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-2-13 1095560]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-23 652360]
.
=============== Created Last 30 ================
.
2012-04-04 15:17:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-04 14:44:00 -------- d-----w- c:\documents and settings\frank\application data\SUPERAntiSpyware.com
2012-04-04 14:43:23 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-04-02 13:35:21 -------- d--h--w- C:\$AVG
2012-03-30 16:15:22 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-30 16:15:22 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-26 14:38:07 27984 ----a-w- c:\windows\system32\sbbd.exe
2012-03-26 14:37:30 -------- d-----w- C:\VIPRERESCUE
2012-03-26 00:36:18 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-03-26 00:36:17 646072 ----a-w- c:\program files\mozilla firefox\nss3.dll
2012-03-26 00:36:17 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-03-26 00:36:17 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-03-26 00:36:17 371640 ----a-w- c:\program files\mozilla firefox\nssckbi.dll
2012-03-26 00:36:17 187320 ----a-w- c:\program files\mozilla firefox\nspr4.dll
2012-03-26 00:36:17 109496 ----a-w- c:\program files\mozilla firefox\nssdbm3.dll
2012-03-26 00:36:17 105400 ----a-w- c:\program files\mozilla firefox\nssutil3.dll
2012-03-26 00:36:13 19896 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2012-03-24 15:23:59 -------- d-sh--w- C:\found.000
2012-03-23 16:12:57 -------- d-----w- c:\documents and settings\frank\application data\Malwarebytes
2012-03-23 16:12:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-23 16:12:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 16:12:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-13 23:17:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-13 23:17:27 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3120026AS rev.8.05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A85749F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a85e740]; MOV EAX, [0x8a85e8b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A9C6AB8]
3 CLASSPNP[0xF7667FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A8285B8]
\Driver\atapi[0x8A9C8F38] -> IRP_MJ_CREATE -> 0x8A85749F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A8572C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:21:07.77 ===============
  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Frank2012

Frank2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
No change to issue, I going by the fact that I am unable to load ADOBE Reader from there website


ComboFix 12-04-07.03 - Frank 04/07/2012 18:50:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1295 [GMT -5:00]
Running from: c:\documents and settings\Frank\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Pro Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Frank\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\10d3ab1c742b2b84.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6962c8b00d245e06.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\SET183.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET18A.tmp
c:\windows\system32\SET18B.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET192.tmp
c:\windows\system32\SET194.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET1D0.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET64.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\SETF7.tmp
.
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 00:02 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-04-08 00:02 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-04-07 23:17 . 2012-04-07 23:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 15:17 . 2012-04-04 15:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-04 14:44 . 2012-04-04 14:44 -------- d-----w- c:\documents and settings\Frank\Application Data\SUPERAntiSpyware.com
2012-04-04 14:43 . 2012-04-04 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-02 13:35 . 2012-04-02 13:35 -------- d-----w- C:\$AVG
2012-03-30 16:15 . 2012-03-30 16:15 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-24 15:23 . 2012-03-24 15:23 -------- d-----w- C:\found.000
2012-03-23 16:12 . 2012-03-23 16:12 -------- d-----w- c:\documents and settings\Frank\Application Data\Malwarebytes
2012-03-23 16:12 . 2012-03-23 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-23 16:12 . 2012-03-23 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-23 16:12 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 23:17 . 2012-03-13 23:17 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2003-07-16 16:45 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-26 20:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-30 16:15 . 2011-12-22 22:47 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-08-10 13:48 . 2008-02-02 14:17 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-24 18:15 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-24 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-17 4800512]
"CTHelper"="CTHELPER.EXE" [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" [2003-02-20 110592]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"SecureOnlineAccountNumbers"="c:\program files\Secure Online Account Numbers\SOAN.exe" [2005-08-02 196608]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-24 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-25 928096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Album Fast Start.lnk]
backup=c:\windows\pss\Album Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PageKeeper Jobs.lnk]
backup=c:\windows\pss\PageKeeper Jobs.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scanner Detector.lnk]
backup=c:\windows\pss\Scanner Detector.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2011-08-15 13:49 1191216 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 04:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2011-03-22 18:53 2403024 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-10-01 18:57 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-01-18 02:03 2339168 ----a-w- c:\program files\AVG\AVG10\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
2002-11-25 16:38 126976 ----a-w- c:\program files\Creative\MediaSource\Go\CTCMSGo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 14:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileFort]
2011-08-07 02:10 989188 ----a-w- c:\program files\NCH Software\FileFort\filefort.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
2000-01-19 21:43 49152 ----a-w- c:\program files\TextBridge Pro Millennium\Bin\InstantAccess.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2009-10-09 12:23 730480 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12 169984 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
2009-09-17 09:30 1933381 ----a-w- c:\program files\Software Informer\softinfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-02-02 14:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-12-23 18:55 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"USSShReg"=c:\progra~1\ULEADS~1\ULEADP~1.2\SSaver\Ussshreg.exe /r
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\NCH Software\\ScreenStream\\screenstream.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/29/2009 11:08 AM 64512]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/22/2009 7:08 PM 130936]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/27/2009 8:45 PM 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/15/2009 10:21 PM 101720]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 4:02 PM 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/9/2009 7:23 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/9/2009 7:23 AM 476528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 4:05 AM 2152152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 5:17 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 4:05 AM 15232]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [8/11/2008 7:31 PM 33376]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2011 1:37 PM 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/3/2011 10:32 AM 167264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2011 1:37 PM 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/23/2012 11:12 AM 20464]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [6/20/2006 8:19 PM 11520]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/23/2012 11:12 AM 652360]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-03-23 c:\windows\Tasks\filefortShakeIcon.job
- c:\program files\NCH Software\FileFort\filefort.exe [2011-08-07 02:10]
.
2011-10-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-15 18:09]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 18:36]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 18:36]
.
2011-11-19 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-11-19 16:05]
.
2012-02-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1343024091-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02]
.
2012-03-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1343024091-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\7augm2h2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be62c6475-c58b-4215-b662-8e7ffa370426%7D&mid=3ebf833f5b44a923c3c4909d0e7e434c-18fd0cd6f712e7d410094866657335247f3bd4a7&ds=AVG&v=10.0.0.7&lang=us&pr=fr&d=2011-12-14%2014%3A36%3A38&sap=ku&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-07 19:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(840)
c:\windows\system32\WININET.dll
c:\progra~1\SBCLIG~1\SMARTB~1\SBHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\BCMSMMSG.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\program files\AVG\AVG10\avgscanx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2012-04-07 20:10:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-08 01:10
.
Pre-Run: 23,163,117,568 bytes free
Post-Run: 24,195,399,680 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - AEA16D3F384BCB8BE0C1900825D6973A



===================================================================








18:13:51.0481 1872 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
18:13:51.0888 1872 ============================================================
18:13:51.0888 1872 Current date / time: 2012/04/07 18:13:51.0888
18:13:51.0888 1872 SystemInfo:
18:13:51.0888 1872
18:13:51.0888 1872 OS Version: 5.1.2600 ServicePack: 3.0
18:13:51.0888 1872 Product type: Workstation
18:13:51.0997 1872 ComputerName: FRANK-8W9SK39KS
18:13:51.0997 1872 UserName: Frank
18:13:51.0997 1872 Windows directory: C:\WINDOWS
18:13:51.0997 1872 System windows directory: C:\WINDOWS
18:13:51.0997 1872 Processor architecture: Intel x86
18:13:51.0997 1872 Number of processors: 2
18:13:51.0997 1872 Page size: 0x1000
18:13:51.0997 1872 Boot type: Normal boot
18:13:51.0997 1872 ============================================================
18:13:56.0888 1872 Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:13:56.0981 1872 \Device\Harddisk0\DR0:
18:13:56.0981 1872 MBR used
18:13:56.0981 1872 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF7FDBD
18:13:57.0185 1872 Initialize success
18:13:57.0185 1872 ============================================================
18:14:48.0138 4028 ============================================================
18:14:48.0138 4028 Scan started
18:14:48.0138 4028 Mode: Manual; SigCheck; TDLFS;
18:14:48.0138 4028 ============================================================
18:14:48.0388 4028 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:14:48.0575 4028 !SASCORE - ok
18:14:48.0669 4028 Abiosdsk - ok
18:14:48.0700 4028 abp480n5 - ok
18:14:48.0763 4028 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:14:48.0903 4028 ACPI ( UnsignedFile.Multi.Generic ) - warning
18:14:48.0903 4028 ACPI - detected UnsignedFile.Multi.Generic (1)
18:14:48.0966 4028 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:14:48.0997 4028 ACPIEC ( UnsignedFile.Multi.Generic ) - warning
18:14:48.0997 4028 ACPIEC - detected UnsignedFile.Multi.Generic (1)
18:14:49.0044 4028 adpu160m - ok
18:14:49.0091 4028 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:14:49.0122 4028 aec ( UnsignedFile.Multi.Generic ) - warning
18:14:49.0122 4028 aec - detected UnsignedFile.Multi.Generic (1)
18:14:49.0185 4028 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:14:49.0263 4028 AFD ( UnsignedFile.Multi.Generic ) - warning
18:14:49.0263 4028 AFD - detected UnsignedFile.Multi.Generic (1)
18:14:49.0325 4028 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:14:49.0356 4028 agp440 ( UnsignedFile.Multi.Generic ) - warning
18:14:49.0356 4028 agp440 - detected UnsignedFile.Multi.Generic (1)
18:14:49.0372 4028 Aha154x - ok
18:14:49.0403 4028 aic78u2 - ok
18:14:49.0435 4028 aic78xx - ok
18:14:49.0513 4028 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:14:49.0528 4028 Alerter ( UnsignedFile.Multi.Generic ) - warning
18:14:49.0528 4028 Alerter - detected UnsignedFile.Multi.Generic (1)
18:14:49.0575 4028 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:14:49.0606 4028 ALG ( UnsignedFile.Multi.Generic ) - warning
18:14:49.0606 4028 ALG - detected UnsignedFile.Multi.Generic (1)
18:14:49.0622 4028 AliIde - ok
18:14:49.0653 4028 amsint - ok
18:14:49.0747 4028 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:14:49.0778 4028 Apple Mobile Device - ok
18:14:49.0825 4028 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:14:49.0872 4028 AppMgmt ( UnsignedFile.Multi.Generic ) - warning
18:14:49.0872 4028 AppMgmt - detected UnsignedFile.Multi.Generic (1)
18:14:49.0950 4028 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:14:49.0981 4028 Arp1394 ( UnsignedFile.Multi.Generic ) - warning
18:14:49.0981 4028 Arp1394 - detected UnsignedFile.Multi.Generic (1)
18:14:49.0997 4028 asc - ok
18:14:50.0028 4028 asc3350p - ok
18:14:50.0060 4028 asc3550 - ok
18:14:50.0122 4028 ASPI32 (31ed89badd47130ad57cce8c8dfb5b27) C:\WINDOWS\system32\drivers\ASPI32.sys
18:14:50.0185 4028 ASPI32 ( UnsignedFile.Multi.Generic ) - warning
18:14:50.0185 4028 ASPI32 - detected UnsignedFile.Multi.Generic (1)
18:14:50.0294 4028 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:14:50.0403 4028 aspnet_state - ok
18:14:50.0466 4028 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:14:50.0497 4028 AsyncMac ( UnsignedFile.Multi.Generic ) - warning
18:14:50.0497 4028 AsyncMac - detected UnsignedFile.Multi.Generic (1)
18:14:50.0544 4028 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:14:50.0560 4028 atapi ( UnsignedFile.Multi.Generic ) - warning
18:14:50.0560 4028 atapi - detected UnsignedFile.Multi.Generic (1)
18:14:50.0606 4028 Atdisk - ok
18:14:50.0669 4028 AtlsAud (fca867151d76aae38c49a923462646b9) C:\WINDOWS\system32\drivers\AtlsAud.sys
18:14:50.0716 4028 AtlsAud ( UnsignedFile.Multi.Generic ) - warning
18:14:50.0716 4028 AtlsAud - detected UnsignedFile.Multi.Generic (1)
18:14:50.0763 4028 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:14:50.0794 4028 Atmarpc ( UnsignedFile.Multi.Generic ) - warning
18:14:50.0794 4028 Atmarpc - detected UnsignedFile.Multi.Generic (1)
18:14:50.0856 4028 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:14:50.0888 4028 AudioSrv ( UnsignedFile.Multi.Generic ) - warning
18:14:50.0888 4028 AudioSrv - detected UnsignedFile.Multi.Generic (1)
18:14:50.0950 4028 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:14:51.0075 4028 audstub ( UnsignedFile.Multi.Generic ) - warning
18:14:51.0075 4028 audstub - detected UnsignedFile.Multi.Generic (1)
18:14:51.0231 4028 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
18:14:51.0247 4028 AVG Security Toolbar Service - ok
18:14:51.0560 4028 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
18:14:52.0075 4028 AVGIDSAgent - ok
18:14:52.0185 4028 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:14:52.0278 4028 AVGIDSDriver - ok
18:14:52.0325 4028 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:14:52.0356 4028 AVGIDSEH - ok
18:14:52.0419 4028 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:14:52.0435 4028 AVGIDSFilter - ok
18:14:52.0481 4028 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:14:52.0497 4028 AVGIDSShim - ok
18:14:52.0591 4028 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:14:52.0606 4028 Avgldx86 - ok
18:14:52.0669 4028 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:14:52.0685 4028 Avgmfx86 - ok
18:14:52.0731 4028 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:14:52.0763 4028 Avgrkx86 - ok
18:14:52.0825 4028 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:14:52.0856 4028 Avgtdix - ok
18:14:53.0028 4028 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
18:14:53.0044 4028 avgwd - ok
18:14:53.0153 4028 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
18:14:53.0247 4028 BCMModem ( UnsignedFile.Multi.Generic ) - warning
18:14:53.0247 4028 BCMModem - detected UnsignedFile.Multi.Generic (1)
18:14:53.0325 4028 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:14:53.0372 4028 Beep ( UnsignedFile.Multi.Generic ) - warning
18:14:53.0372 4028 Beep - detected UnsignedFile.Multi.Generic (1)
18:14:53.0435 4028 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\SYSTEM32\qmgr.dll
18:14:53.0575 4028 BITS ( UnsignedFile.Multi.Generic ) - warning
18:14:53.0575 4028 BITS - detected UnsignedFile.Multi.Generic (1)
18:14:53.0685 4028 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
18:14:53.0716 4028 Bonjour Service - ok
18:14:53.0794 4028 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:14:53.0935 4028 Browser ( UnsignedFile.Multi.Generic ) - warning
18:14:53.0935 4028 Browser - detected UnsignedFile.Multi.Generic (1)
18:14:53.0997 4028 bvrp_pci (c915a416f265149471d74e0815c928b2) C:\WINDOWS\System32\drivers\bvrp_pci.sys
18:14:54.0138 4028 bvrp_pci ( UnsignedFile.Multi.Generic ) - warning
18:14:54.0138 4028 bvrp_pci - detected UnsignedFile.Multi.Generic (1)
18:14:54.0200 4028 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:14:54.0247 4028 cbidf2k ( UnsignedFile.Multi.Generic ) - warning
18:14:54.0247 4028 cbidf2k - detected UnsignedFile.Multi.Generic (1)
18:14:54.0294 4028 cd20xrnt - ok
18:14:54.0356 4028 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:14:54.0388 4028 Cdaudio ( UnsignedFile.Multi.Generic ) - warning
18:14:54.0388 4028 Cdaudio - detected UnsignedFile.Multi.Generic (1)
18:14:54.0435 4028 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:14:54.0450 4028 Cdfs ( UnsignedFile.Multi.Generic ) - warning
18:14:54.0450 4028 Cdfs - detected UnsignedFile.Multi.Generic (1)
18:14:54.0513 4028 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:14:54.0528 4028 Cdrom ( UnsignedFile.Multi.Generic ) - warning
18:14:54.0528 4028 Cdrom - detected UnsignedFile.Multi.Generic (1)
18:14:54.0638 4028 CDRPDACC (f4dd5641576334e4eeabfe50b065e572) C:\Program Files\321Studios\Shared\CDRPDACC.SYS
18:14:54.0685 4028 CDRPDACC ( UnsignedFile.Multi.Generic ) - warning
18:14:54.0685 4028 CDRPDACC - detected UnsignedFile.Multi.Generic (1)
18:14:54.0731 4028 Changer - ok
18:14:54.0778 4028 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:14:54.0810 4028 CiSvc ( UnsignedFile.Multi.Generic ) - warning
18:14:54.0810 4028 CiSvc - detected UnsignedFile.Multi.Generic (1)
18:14:54.0856 4028 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:14:54.0919 4028 ClipSrv ( UnsignedFile.Multi.Generic ) - warning
18:14:54.0919 4028 ClipSrv - detected UnsignedFile.Multi.Generic (1)
18:14:54.0997 4028 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:14:55.0247 4028 clr_optimization_v2.0.50727_32 - ok
18:14:55.0310 4028 CmdIde - ok
18:14:55.0341 4028 COMSysApp - ok
18:14:55.0372 4028 Cpqarray - ok
18:14:55.0450 4028 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\System32\CTsvcCDA.exe
18:14:55.0560 4028 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
18:14:55.0560 4028 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
18:14:55.0622 4028 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:14:55.0653 4028 CryptSvc ( UnsignedFile.Multi.Generic ) - warning
18:14:55.0653 4028 CryptSvc - detected UnsignedFile.Multi.Generic (1)
18:14:55.0747 4028 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys
18:14:55.0778 4028 ctac32k ( UnsignedFile.Multi.Generic ) - warning
18:14:55.0778 4028 ctac32k - detected UnsignedFile.Multi.Generic (1)
18:14:55.0825 4028 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys
18:14:55.0888 4028 ctaud2k ( UnsignedFile.Multi.Generic ) - warning
18:14:55.0888 4028 ctaud2k - detected UnsignedFile.Multi.Generic (1)
18:14:55.0950 4028 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
18:14:55.0981 4028 ctdvda2k ( UnsignedFile.Multi.Generic ) - warning
18:14:55.0981 4028 ctdvda2k - detected UnsignedFile.Multi.Generic (1)
18:14:56.0060 4028 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys
18:14:56.0185 4028 ctprxy2k ( UnsignedFile.Multi.Generic ) - warning
18:14:56.0185 4028 ctprxy2k - detected UnsignedFile.Multi.Generic (1)
18:14:56.0231 4028 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys
18:14:56.0263 4028 ctsfm2k ( UnsignedFile.Multi.Generic ) - warning
18:14:56.0263 4028 ctsfm2k - detected UnsignedFile.Multi.Generic (1)
18:14:56.0294 4028 dac2w2k - ok
18:14:56.0310 4028 dac960nt - ok
18:14:56.0372 4028 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:14:56.0419 4028 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
18:14:56.0419 4028 DcomLaunch - detected UnsignedFile.Multi.Generic (1)
18:14:56.0513 4028 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:14:56.0528 4028 Dhcp ( UnsignedFile.Multi.Generic ) - warning
18:14:56.0528 4028 Dhcp - detected UnsignedFile.Multi.Generic (1)
18:14:56.0591 4028 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:14:56.0638 4028 Disk ( UnsignedFile.Multi.Generic ) - warning
18:14:56.0638 4028 Disk - detected UnsignedFile.Multi.Generic (1)
18:14:56.0685 4028 dmadmin - ok
18:14:56.0747 4028 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:14:56.0794 4028 dmboot ( UnsignedFile.Multi.Generic ) - warning
18:14:56.0794 4028 dmboot - detected UnsignedFile.Multi.Generic (1)
18:14:56.0856 4028 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:14:56.0888 4028 dmio ( UnsignedFile.Multi.Generic ) - warning
18:14:56.0888 4028 dmio - detected UnsignedFile.Multi.Generic (1)
18:14:56.0935 4028 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:14:56.0981 4028 dmload ( UnsignedFile.Multi.Generic ) - warning
18:14:56.0997 4028 dmload - detected UnsignedFile.Multi.Generic (1)
18:14:57.0060 4028 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:14:57.0091 4028 dmserver ( UnsignedFile.Multi.Generic ) - warning
18:14:57.0091 4028 dmserver - detected UnsignedFile.Multi.Generic (1)
18:14:57.0122 4028 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:14:57.0263 4028 DMusic ( UnsignedFile.Multi.Generic ) - warning
18:14:57.0263 4028 DMusic - detected UnsignedFile.Multi.Generic (1)
18:14:57.0310 4028 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:14:57.0341 4028 Dnscache ( UnsignedFile.Multi.Generic ) - warning
18:14:57.0341 4028 Dnscache - detected UnsignedFile.Multi.Generic (1)
18:14:57.0435 4028 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:14:57.0466 4028 Dot3svc ( UnsignedFile.Multi.Generic ) - warning
18:14:57.0466 4028 Dot3svc - detected UnsignedFile.Multi.Generic (1)
18:14:57.0497 4028 dpti2o - ok
18:14:57.0560 4028 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:14:57.0669 4028 drmkaud ( UnsignedFile.Multi.Generic ) - warning
18:14:57.0669 4028 drmkaud - detected UnsignedFile.Multi.Generic (1)
18:14:57.0747 4028 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
18:14:57.0810 4028 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
18:14:57.0810 4028 drvmcdb - detected UnsignedFile.Multi.Generic (1)
18:14:57.0841 4028 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
18:14:57.0888 4028 drvnddm ( UnsignedFile.Multi.Generic ) - warning
18:14:57.0888 4028 drvnddm - detected UnsignedFile.Multi.Generic (1)
18:14:57.0950 4028 E1000 (a8b3ec8ee13cbe14f067c72110155a1b) C:\WINDOWS\system32\DRIVERS\e1000325.sys
18:14:57.0981 4028 E1000 ( UnsignedFile.Multi.Generic ) - warning
18:14:57.0981 4028 E1000 - detected UnsignedFile.Multi.Generic (1)
18:14:58.0028 4028 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:14:58.0060 4028 EapHost ( UnsignedFile.Multi.Generic ) - warning
18:14:58.0060 4028 EapHost - detected UnsignedFile.Multi.Generic (1)
18:14:58.0122 4028 EMATCORE (9a6b8e2e14c6ff572bccd92cc432ba5d) C:\WINDOWS\system32\Drivers\AtlsVid.sys
18:14:58.0169 4028 EMATCORE ( UnsignedFile.Multi.Generic ) - warning
18:14:58.0169 4028 EMATCORE - detected UnsignedFile.Multi.Generic (1)
18:14:58.0247 4028 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys
18:14:58.0278 4028 emupia ( UnsignedFile.Multi.Generic ) - warning
18:14:58.0278 4028 emupia - detected UnsignedFile.Multi.Generic (1)
18:14:58.0325 4028 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:14:58.0450 4028 ERSvc ( UnsignedFile.Multi.Generic ) - warning
18:14:58.0450 4028 ERSvc - detected UnsignedFile.Multi.Generic (1)
18:14:58.0513 4028 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:14:58.0544 4028 Eventlog ( UnsignedFile.Multi.Generic ) - warning
18:14:58.0544 4028 Eventlog - detected UnsignedFile.Multi.Generic (1)
18:14:58.0622 4028 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
18:14:58.0653 4028 EventSystem ( UnsignedFile.Multi.Generic ) - warning
18:14:58.0653 4028 EventSystem - detected UnsignedFile.Multi.Generic (1)
18:14:58.0716 4028 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:14:58.0856 4028 Fastfat ( UnsignedFile.Multi.Generic ) - warning
18:14:58.0856 4028 Fastfat - detected UnsignedFile.Multi.Generic (1)
18:14:58.0935 4028 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:14:58.0966 4028 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
18:14:58.0966 4028 FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
18:14:59.0028 4028 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:14:59.0060 4028 Fdc ( UnsignedFile.Multi.Generic ) - warning
18:14:59.0060 4028 Fdc - detected UnsignedFile.Multi.Generic (1)
18:14:59.0091 4028 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:14:59.0138 4028 Fips ( UnsignedFile.Multi.Generic ) - warning
18:14:59.0138 4028 Fips - detected UnsignedFile.Multi.Generic (1)
18:14:59.0169 4028 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:14:59.0200 4028 Flpydisk ( UnsignedFile.Multi.Generic ) - warning
18:14:59.0200 4028 Flpydisk - detected UnsignedFile.Multi.Generic (1)
18:14:59.0263 4028 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:14:59.0294 4028 FltMgr ( UnsignedFile.Multi.Generic ) - warning
18:14:59.0294 4028 FltMgr - detected UnsignedFile.Multi.Generic (1)
18:14:59.0403 4028 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:14:59.0435 4028 FontCache3.0.0.0 - ok
18:14:59.0481 4028 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:14:59.0513 4028 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
18:14:59.0513 4028 Fs_Rec - detected UnsignedFile.Multi.Generic (1)
18:14:59.0560 4028 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:14:59.0606 4028 Ftdisk ( UnsignedFile.Multi.Generic ) - warning
18:14:59.0606 4028 Ftdisk - detected UnsignedFile.Multi.Generic (1)
18:14:59.0669 4028 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:14:59.0700 4028 GEARAspiWDM - ok
18:14:59.0747 4028 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:14:59.0778 4028 Gpc ( UnsignedFile.Multi.Generic ) - warning
18:14:59.0778 4028 Gpc - detected UnsignedFile.Multi.Generic (1)
18:14:59.0872 4028 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:14:59.0903 4028 gupdate - ok
18:14:59.0903 4028 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:14:59.0935 4028 gupdatem - ok
18:14:59.0981 4028 gusvc (5467f1ff0af264566740f67e8b810735) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:15:00.0013 4028 gusvc - ok
18:15:00.0106 4028 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys
18:15:00.0185 4028 ha10kx2k ( UnsignedFile.Multi.Generic ) - warning
18:15:00.0185 4028 ha10kx2k - detected UnsignedFile.Multi.Generic (1)
18:15:00.0231 4028 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys
18:15:00.0263 4028 hap16v2k ( UnsignedFile.Multi.Generic ) - warning
18:15:00.0263 4028 hap16v2k - detected UnsignedFile.Multi.Generic (1)
18:15:00.0325 4028 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:15:00.0341 4028 helpsvc ( UnsignedFile.Multi.Generic ) - warning
18:15:00.0341 4028 helpsvc - detected UnsignedFile.Multi.Generic (1)
18:15:00.0403 4028 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:15:00.0450 4028 HidServ ( UnsignedFile.Multi.Generic ) - warning
18:15:00.0450 4028 HidServ - detected UnsignedFile.Multi.Generic (1)
18:15:00.0528 4028 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:15:00.0575 4028 hidusb ( UnsignedFile.Multi.Generic ) - warning
18:15:00.0575 4028 hidusb - detected UnsignedFile.Multi.Generic (1)
18:15:00.0638 4028 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:15:00.0669 4028 hkmsvc ( UnsignedFile.Multi.Generic ) - warning
18:15:00.0669 4028 hkmsvc - detected UnsignedFile.Multi.Generic (1)
18:15:00.0700 4028 hpn - ok
18:15:00.0778 4028 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:15:00.0856 4028 HTTP ( UnsignedFile.Multi.Generic ) - warning
18:15:00.0856 4028 HTTP - detected UnsignedFile.Multi.Generic (1)
18:15:00.0903 4028 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:15:00.0966 4028 HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
18:15:00.0966 4028 HTTPFilter - detected UnsignedFile.Multi.Generic (1)
18:15:00.0997 4028 i2omgmt - ok
18:15:01.0028 4028 i2omp - ok
18:15:01.0185 4028 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:15:01.0278 4028 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:15:01.0278 4028 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:15:01.0419 4028 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:15:01.0513 4028 idsvc - ok
18:15:01.0575 4028 IKFileSec (ff9f262494fc23d77a6148d49d87d2de) C:\WINDOWS\system32\drivers\ikfilesec.sys
18:15:01.0622 4028 IKFileSec - ok
18:15:01.0685 4028 IKSysFlt (7e359671fd9595ecb1b0a33fb4184b19) C:\WINDOWS\system32\drivers\iksysflt.sys
18:15:01.0700 4028 IKSysFlt - ok
18:15:01.0763 4028 IKSysSec (a44cb3cf3af266665261a6e6c9cac27c) C:\WINDOWS\system32\drivers\iksyssec.sys
18:15:01.0778 4028 IKSysSec - ok
18:15:01.0825 4028 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:15:01.0856 4028 Imapi ( UnsignedFile.Multi.Generic ) - warning
18:15:01.0856 4028 Imapi - detected UnsignedFile.Multi.Generic (1)
18:15:01.0919 4028 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
18:15:01.0950 4028 ImapiService ( UnsignedFile.Multi.Generic ) - warning
18:15:01.0950 4028 ImapiService - detected UnsignedFile.Multi.Generic (1)
18:15:01.0981 4028 ini910u - ok
18:15:02.0013 4028 IntelIde - ok
18:15:02.0075 4028 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:15:02.0138 4028 intelppm ( UnsignedFile.Multi.Generic ) - warning
18:15:02.0138 4028 intelppm - detected UnsignedFile.Multi.Generic (1)
18:15:02.0185 4028 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:15:02.0216 4028 ip6fw ( UnsignedFile.Multi.Generic ) - warning
18:15:02.0216 4028 ip6fw - detected UnsignedFile.Multi.Generic (1)
18:15:02.0294 4028 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:15:02.0341 4028 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
18:15:02.0341 4028 IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
18:15:02.0388 4028 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:15:02.0419 4028 IpInIp ( UnsignedFile.Multi.Generic ) - warning
18:15:02.0419 4028 IpInIp - detected UnsignedFile.Multi.Generic (1)
18:15:02.0466 4028 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:15:02.0497 4028 IpNat ( UnsignedFile.Multi.Generic ) - warning
18:15:02.0497 4028 IpNat - detected UnsignedFile.Multi.Generic (1)
18:15:02.0606 4028 iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe
18:15:02.0685 4028 iPod Service - ok
18:15:02.0731 4028 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:15:02.0763 4028 IPSec ( UnsignedFile.Multi.Generic ) - warning
18:15:02.0763 4028 IPSec - detected UnsignedFile.Multi.Generic (1)
18:15:02.0810 4028 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:15:02.0841 4028 IRENUM ( UnsignedFile.Multi.Generic ) - warning
18:15:02.0841 4028 IRENUM - detected UnsignedFile.Multi.Generic (1)
18:15:02.0888 4028 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:15:02.0919 4028 isapnp ( UnsignedFile.Multi.Generic ) - warning
18:15:02.0919 4028 isapnp - detected UnsignedFile.Multi.Generic (1)
18:15:02.0966 4028 ISWKL (7d3614650853b8976833729017bbfe7c) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
18:15:02.0997 4028 ISWKL - ok
18:15:03.0013 4028 IswSvc (6c4cd9a73d4522aaa49aad042287ed1e) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
18:15:03.0060 4028 IswSvc - ok
18:15:03.0200 4028 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
18:15:03.0231 4028 JavaQuickStarterService - ok
18:15:03.0294 4028 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:15:03.0325 4028 Kbdclass ( UnsignedFile.Multi.Generic ) - warning
18:15:03.0325 4028 Kbdclass - detected UnsignedFile.Multi.Generic (1)
18:15:03.0356 4028 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:15:03.0388 4028 kbdhid ( UnsignedFile.Multi.Generic ) - warning
18:15:03.0388 4028 kbdhid - detected UnsignedFile.Multi.Generic (1)
18:15:03.0450 4028 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:15:03.0481 4028 kmixer ( UnsignedFile.Multi.Generic ) - warning
18:15:03.0481 4028 kmixer - detected UnsignedFile.Multi.Generic (1)
18:15:03.0544 4028 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:15:03.0591 4028 KSecDD ( UnsignedFile.Multi.Generic ) - warning
18:15:03.0591 4028 KSecDD - detected UnsignedFile.Multi.Generic (1)
18:15:03.0638 4028 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:15:03.0669 4028 lanmanserver ( UnsignedFile.Multi.Generic ) - warning
18:15:03.0669 4028 lanmanserver - detected UnsignedFile.Multi.Generic (1)
18:15:03.0731 4028 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:15:03.0778 4028 lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning
18:15:03.0778 4028 lanmanworkstation - detected UnsignedFile.Multi.Generic (1)
18:15:03.0950 4028 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
18:15:04.0091 4028 Lavasoft Ad-Aware Service - ok
18:15:04.0153 4028 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
18:15:04.0169 4028 Lavasoft Kernexplorer - ok
18:15:04.0247 4028 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
18:15:04.0278 4028 Lbd - ok
18:15:04.0310 4028 lbrtfdc - ok
18:15:04.0372 4028 LexBceS (bfadbb0b68e566f6f46b856557a68ec1) C:\WINDOWS\system32\LEXBCES.EXE
18:15:04.0403 4028 LexBceS ( UnsignedFile.Multi.Generic ) - warning
18:15:04.0403 4028 LexBceS - detected UnsignedFile.Multi.Generic (1)
18:15:04.0481 4028 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:15:04.0497 4028 LmHosts ( UnsignedFile.Multi.Generic ) - warning
18:15:04.0497 4028 LmHosts - detected UnsignedFile.Multi.Generic (1)
18:15:04.0544 4028 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:15:04.0575 4028 MBAMProtector - ok
18:15:04.0638 4028 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:15:04.0716 4028 MBAMService - ok
18:15:04.0794 4028 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
18:15:04.0841 4028 McComponentHostService - ok
18:15:04.0935 4028 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:15:04.0966 4028 Messenger ( UnsignedFile.Multi.Generic ) - warning
18:15:04.0966 4028 Messenger - detected UnsignedFile.Multi.Generic (1)
18:15:05.0028 4028 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:15:05.0060 4028 mnmdd ( UnsignedFile.Multi.Generic ) - warning
18:15:05.0060 4028 mnmdd - detected UnsignedFile.Multi.Generic (1)
18:15:05.0122 4028 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
18:15:05.0169 4028 mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
18:15:05.0169 4028 mnmsrvc - detected UnsignedFile.Multi.Generic (1)
18:15:05.0216 4028 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:15:05.0263 4028 Modem ( UnsignedFile.Multi.Generic ) - warning
18:15:05.0263 4028 Modem - detected UnsignedFile.Multi.Generic (1)
18:15:05.0325 4028 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:15:05.0356 4028 MODEMCSA ( UnsignedFile.Multi.Generic ) - warning
18:15:05.0356 4028 MODEMCSA - detected UnsignedFile.Multi.Generic (1)
18:15:05.0419 4028 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:15:05.0450 4028 Mouclass ( UnsignedFile.Multi.Generic ) - warning
18:15:05.0450 4028 Mouclass - detected UnsignedFile.Multi.Generic (1)
18:15:05.0513 4028 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:15:05.0528 4028 mouhid ( UnsignedFile.Multi.Generic ) - warning
18:15:05.0528 4028 mouhid - detected UnsignedFile.Multi.Generic (1)
18:15:05.0560 4028 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:15:05.0591 4028 MountMgr ( UnsignedFile.Multi.Generic ) - warning
18:15:05.0591 4028 MountMgr - detected UnsignedFile.Multi.Generic (1)
18:15:05.0622 4028 mraid35x - ok
18:15:05.0669 4028 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:15:05.0700 4028 MRxDAV ( UnsignedFile.Multi.Generic ) - warning
18:15:05.0700 4028 MRxDAV - detected UnsignedFile.Multi.Generic (1)
18:15:05.0778 4028 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:15:05.0966 4028 MRxSmb ( UnsignedFile.Multi.Generic ) - warning
18:15:05.0966 4028 MRxSmb - detected UnsignedFile.Multi.Generic (1)
18:15:06.0013 4028 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
18:15:06.0044 4028 MSDTC ( UnsignedFile.Multi.Generic ) - warning
18:15:06.0044 4028 MSDTC - detected UnsignedFile.Multi.Generic (1)
18:15:06.0106 4028 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:15:06.0122 4028 Msfs ( UnsignedFile.Multi.Generic ) - warning
18:15:06.0122 4028 Msfs - detected UnsignedFile.Multi.Generic (1)
18:15:06.0169 4028 MSIServer - ok
18:15:06.0231 4028 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:15:06.0263 4028 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
18:15:06.0263 4028 MSKSSRV - detected UnsignedFile.Multi.Generic (1)
18:15:06.0310 4028 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:15:06.0341 4028 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
18:15:06.0341 4028 MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
18:15:06.0403 4028 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:15:06.0435 4028 MSPQM ( UnsignedFile.Multi.Generic ) - warning
18:15:06.0435 4028 MSPQM - detected UnsignedFile.Multi.Generic (1)
18:15:06.0481 4028 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:15:06.0513 4028 mssmbios ( UnsignedFile.Multi.Generic ) - warning
18:15:06.0513 4028 mssmbios - detected UnsignedFile.Multi.Generic (1)
18:15:06.0622 4028 MSSQL$SQLEXPRESS - ok
18:15:06.0700 4028 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:15:06.0747 4028 MSSQLServerADHelper - ok
18:15:06.0825 4028 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:15:06.0856 4028 MSTEE ( UnsignedFile.Multi.Generic ) - warning
18:15:06.0856 4028 MSTEE - detected UnsignedFile.Multi.Generic (1)
18:15:06.0903 4028 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:15:06.0935 4028 Mup ( UnsignedFile.Multi.Generic ) - warning
18:15:06.0950 4028 Mup - detected UnsignedFile.Multi.Generic (1)
18:15:06.0981 4028 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:15:07.0013 4028 NABTSFEC ( UnsignedFile.Multi.Generic ) - warning
18:15:07.0013 4028 NABTSFEC - detected UnsignedFile.Multi.Generic (1)
18:15:07.0075 4028 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:15:07.0106 4028 napagent ( UnsignedFile.Multi.Generic ) - warning
18:15:07.0122 4028 napagent - detected UnsignedFile.Multi.Generic (1)
18:15:07.0169 4028 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:15:07.0200 4028 NDIS ( UnsignedFile.Multi.Generic ) - warning
18:15:07.0200 4028 NDIS - detected UnsignedFile.Multi.Generic (1)
18:15:07.0247 4028 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:15:07.0278 4028 NdisIP ( UnsignedFile.Multi.Generic ) - warning
18:15:07.0278 4028 NdisIP - detected UnsignedFile.Multi.Generic (1)
18:15:07.0356 4028 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:15:07.0435 4028 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
18:15:07.0435 4028 NdisTapi - detected UnsignedFile.Multi.Generic (1)
18:15:07.0513 4028 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:15:07.0544 4028 Ndisuio ( UnsignedFile.Multi.Generic ) - warning
18:15:07.0544 4028 Ndisuio - detected UnsignedFile.Multi.Generic (1)
18:15:07.0591 4028 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:15:07.0638 4028 NdisWan ( UnsignedFile.Multi.Generic ) - warning
18:15:07.0638 4028 NdisWan - detected UnsignedFile.Multi.Generic (1)
18:15:07.0685 4028 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:15:07.0716 4028 NDProxy ( UnsignedFile.Multi.Generic ) - warning
18:15:07.0716 4028 NDProxy - detected UnsignedFile.Multi.Generic (1)
18:15:07.0888 4028 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:15:07.0966 4028 Nero BackItUp Scheduler 4.0 - ok
18:15:08.0028 4028 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:15:08.0060 4028 NetBIOS ( UnsignedFile.Multi.Generic ) - warning
18:15:08.0060 4028 NetBIOS - detected UnsignedFile.Multi.Generic (1)
18:15:08.0091 4028 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:15:08.0122 4028 NetBT ( UnsignedFile.Multi.Generic ) - warning
18:15:08.0122 4028 NetBT - detected UnsignedFile.Multi.Generic (1)
18:15:08.0200 4028 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:15:08.0247 4028 NetDDE ( UnsignedFile.Multi.Generic ) - warning
18:15:08.0247 4028 NetDDE - detected UnsignedFile.Multi.Generic (1)
18:15:08.0247 4028 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:15:08.0294 4028 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
18:15:08.0294 4028 NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
18:15:08.0341 4028 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
18:15:08.0388 4028 Netlogon ( UnsignedFile.Multi.Generic ) - warning
18:15:08.0388 4028 Netlogon - detected UnsignedFile.Multi.Generic (1)
18:15:08.0435 4028 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:15:08.0466 4028 Netman ( UnsignedFile.Multi.Generic ) - warning
18:15:08.0466 4028 Netman - detected UnsignedFile.Multi.Generic (1)
18:15:08.0560 4028 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:15:08.0575 4028 NetTcpPortSharing - ok
18:15:08.0638 4028 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:15:08.0669 4028 NIC1394 ( UnsignedFile.Multi.Generic ) - warning
18:15:08.0669 4028 NIC1394 - detected UnsignedFile.Multi.Generic (1)
18:15:08.0716 4028 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:15:08.0747 4028 Nla ( UnsignedFile.Multi.Generic ) - warning
18:15:08.0747 4028 Nla - detected UnsignedFile.Multi.Generic (1)
18:15:08.0856 4028 NMSAccessU (b400ed9fa710f2e5fc3c1cb14d7947b0) C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
18:15:08.0888 4028 NMSAccessU - ok
18:15:08.0935 4028 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:15:08.0966 4028 Npfs ( UnsignedFile.Multi.Generic ) - warning
18:15:08.0966 4028 Npfs - detected UnsignedFile.Multi.Generic (1)
18:15:09.0013 4028 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:15:09.0075 4028 Ntfs ( UnsignedFile.Multi.Generic ) - warning
18:15:09.0075 4028 Ntfs - detected UnsignedFile.Multi.Generic (1)
18:15:09.0122 4028 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
18:15:09.0185 4028 NtLmSsp ( UnsignedFile.Multi.Generic ) - warning
18:15:09.0185 4028 NtLmSsp - detected UnsignedFile.Multi.Generic (1)
18:15:09.0263 4028 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:15:09.0325 4028 NtmsSvc ( UnsignedFile.Multi.Generic ) - warning
18:15:09.0325 4028 NtmsSvc - detected UnsignedFile.Multi.Generic (1)
18:15:09.0419 4028 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:15:09.0450 4028 Null ( UnsignedFile.Multi.Generic ) - warning
18:15:09.0450 4028 Null - detected UnsignedFile.Multi.Generic (1)
18:15:09.0560 4028 nv (1aa2270491a46e90e454e143ea8ac775) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:15:09.0685 4028 nv ( UnsignedFile.Multi.Generic ) - warning
18:15:09.0685 4028 nv - detected UnsignedFile.Multi.Generic (1)
18:15:09.0731 4028 NVSvc (85a2a4ad01b86098317f8140b22c58b7) C:\WINDOWS\System32\nvsvc32.exe
18:15:09.0778 4028 NVSvc ( UnsignedFile.Multi.Generic ) - warning
18:15:09.0778 4028 NVSvc - detected UnsignedFile.Multi.Generic (1)
18:15:09.0841 4028 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:15:09.0888 4028 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
18:15:09.0888 4028 NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
18:15:09.0935 4028 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:15:09.0966 4028 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
18:15:09.0966 4028 NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
18:15:10.0013 4028 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:15:10.0060 4028 ohci1394 ( UnsignedFile.Multi.Generic ) - warning
18:15:10.0060 4028 ohci1394 - detected UnsignedFile.Multi.Generic (1)
18:15:10.0122 4028 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
18:15:10.0169 4028 OMCI ( UnsignedFile.Multi.Generic ) - warning
18:15:10.0169 4028 OMCI - detected UnsignedFile.Multi.Generic (1)
18:15:10.0247 4028 ONSIO (788f97dfc016ded8fe910e1f34e6462c) C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS
18:15:10.0341 4028 ONSIO ( UnsignedFile.Multi.Generic ) - warning
18:15:10.0341 4028 ONSIO - detected UnsignedFile.Multi.Generic (1)
18:15:10.0450 4028 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:15:10.0481 4028 ose - ok
18:15:10.0560 4028 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys
18:15:10.0591 4028 ossrv ( UnsignedFile.Multi.Generic ) - warning
18:15:10.0591 4028 ossrv - detected UnsignedFile.Multi.Generic (1)
18:15:10.0653 4028 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:15:10.0716 4028 Parport ( UnsignedFile.Multi.Generic ) - warning
18:15:10.0716 4028 Parport - detected UnsignedFile.Multi.Generic (1)
18:15:10.0763 4028 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:15:10.0794 4028 PartMgr ( UnsignedFile.Multi.Generic ) - warning
18:15:10.0794 4028 PartMgr - detected UnsignedFile.Multi.Generic (1)
18:15:10.0841 4028 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:15:10.0872 4028 ParVdm ( UnsignedFile.Multi.Generic ) - warning
18:15:10.0872 4028 ParVdm - detected UnsignedFile.Multi.Generic (1)
18:15:10.0903 4028 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:15:10.0935 4028 PCI ( UnsignedFile.Multi.Generic ) - warning
18:15:10.0935 4028 PCI - detected UnsignedFile.Multi.Generic (1)
18:15:10.0966 4028 PCIDump - ok
18:15:10.0997 4028 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:15:11.0028 4028 PCIIde ( UnsignedFile.Multi.Generic ) - warning
18:15:11.0028 4028 PCIIde - detected UnsignedFile.Multi.Generic (1)
18:15:11.0091 4028 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:15:11.0122 4028 Pcmcia ( UnsignedFile.Multi.Generic ) - warning
18:15:11.0122 4028 Pcmcia - detected UnsignedFile.Multi.Generic (1)
18:15:11.0231 4028 Pcouffin (62c72e912a04aa927d9eaf9a0b157aaf) C:\WINDOWS\system32\Drivers\Pcouffin.sys
18:15:11.0263 4028 Pcouffin ( UnsignedFile.Multi.Generic ) - warning
18:15:11.0263 4028 Pcouffin - detected UnsignedFile.Multi.Generic (1)
18:15:11.0325 4028 PCTCore (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
18:15:11.0356 4028 PCTCore - ok
18:15:11.0388 4028 PDCOMP - ok
18:15:11.0435 4028 PDFRAME - ok
18:15:11.0466 4028 PDRELI - ok
18:15:11.0497 4028 PDRFRAME - ok
18:15:11.0528 4028 perc2 - ok
18:15:11.0560 4028 perc2hib - ok
18:15:11.0669 4028 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys
18:15:11.0685 4028 PfModNT ( UnsignedFile.Multi.Generic ) - warning
18:15:11.0685 4028 PfModNT - detected UnsignedFile.Multi.Generic (1)
18:15:11.0731 4028 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:15:11.0778 4028 PlugPlay ( UnsignedFile.Multi.Generic ) - warning
18:15:11.0778 4028 PlugPlay - detected UnsignedFile.Multi.Generic (1)
18:15:11.0856 4028 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
18:15:11.0872 4028 PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
18:15:11.0872 4028 PolicyAgent - detected UnsignedFile.Multi.Generic (1)
18:15:11.0935 4028 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:15:11.0966 4028 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
18:15:11.0966 4028 PptpMiniport - detected UnsignedFile.Multi.Generic (1)
18:15:11.0997 4028 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:15:12.0028 4028 Processor ( UnsignedFile.Multi.Generic ) - warning
18:15:12.0028 4028 Processor - detected UnsignedFile.Multi.Generic (1)
18:15:12.0091 4028 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:15:12.0122 4028 ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
18:15:12.0122 4028 ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
18:15:12.0153 4028 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:15:12.0185 4028 PSched ( UnsignedFile.Multi.Generic ) - warning
18:15:12.0185 4028 PSched - detected UnsignedFile.Multi.Generic (1)
18:15:12.0231 4028 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:15:12.0263 4028 Ptilink ( UnsignedFile.Multi.Generic ) - warning
18:15:12.0263 4028 Ptilink - detected UnsignedFile.Multi.Generic (1)
18:15:12.0310 4028 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:15:12.0341 4028 PxHelp20 - ok
18:15:12.0466 4028 ql1080 - ok
18:15:12.0622 4028 Ql10wnt - ok
18:15:12.0731 4028 ql12160 - ok
18:15:12.0888 4028 ql1240 - ok
18:15:13.0044 4028 ql1280 - ok
18:15:13.0263 4028 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:15:13.0294 4028 RasAcd ( UnsignedFile.Multi.Generic ) - warning
18:15:13.0294 4028 RasAcd - detected UnsignedFile.Multi.Generic (1)
18:15:13.0481 4028 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:15:13.0528 4028 RasAuto ( UnsignedFile.Multi.Generic ) - warning
18:15:13.0528 4028 RasAuto - detected UnsignedFile.Multi.Generic (1)
18:15:13.0794 4028 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:15:13.0825 4028 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
18:15:13.0825 4028 Rasl2tp - detected UnsignedFile.Multi.Generic (1)
18:15:14.0060 4028 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:15:14.0138 4028 RasMan ( UnsignedFile.Multi.Generic ) - warning
18:15:14.0138 4028 RasMan - detected UnsignedFile.Multi.Generic (1)
18:15:14.0466 4028 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:15:14.0497 4028 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
18:15:14.0497 4028 RasPppoe - detected UnsignedFile.Multi.Generic (1)
18:15:14.0731 4028 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:15:14.0763 4028 Raspti ( UnsignedFile.Multi.Generic ) - warning
18:15:14.0763 4028 Raspti - detected UnsignedFile.Multi.Generic (1)
18:15:15.0028 4028 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:15:15.0106 4028 Rdbss ( UnsignedFile.Multi.Generic ) - warning
18:15:15.0106 4028 Rdbss - detected UnsignedFile.Multi.Generic (1)
18:15:15.0356 4028 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:15:15.0388 4028 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
18:15:15.0388 4028 RDPCDD - detected UnsignedFile.Multi.Generic (1)
18:15:15.0669 4028 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:15:15.0716 4028 rdpdr ( UnsignedFile.Multi.Generic ) - warning
18:15:15.0716 4028 rdpdr - detected UnsignedFile.Multi.Generic (1)
18:15:15.0997 4028 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:15:16.0200 4028 RDPWD ( UnsignedFile.Multi.Generic ) - warning
18:15:16.0200 4028 RDPWD - detected UnsignedFile.Multi.Generic (1)
18:15:16.0560 4028 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:15:16.0685 4028 RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
18:15:16.0685 4028 RDSessMgr - detected UnsignedFile.Multi.Generic (1)
18:15:16.0935 4028 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:15:16.0966 4028 redbook ( UnsignedFile.Multi.Generic ) - warning
18:15:16.0966 4028 redbook - detected UnsignedFile.Multi.Generic (1)
18:15:17.0169 4028 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:15:17.0231 4028 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
18:15:17.0231 4028 RemoteAccess - detected UnsignedFile.Multi.Generic (1)
18:15:17.0513 4028 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:15:17.0560 4028 RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
18:15:17.0560 4028 RemoteRegistry - detected UnsignedFile.Multi.Generic (1)
18:15:17.0825 4028 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
18:15:17.0888 4028 RimUsb ( UnsignedFile.Multi.Generic ) - warning
18:15:17.0888 4028 RimUsb - detected UnsignedFile.Multi.Generic (1)
18:15:18.0106 4028 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
18:15:18.0153 4028 RpcLocator ( UnsignedFile.Multi.Generic ) - warning
18:15:18.0153 4028 RpcLocator - detected UnsignedFile.Multi.Generic (1)
18:15:18.0528 4028 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:15:18.0622 4028 RpcSs ( UnsignedFile.Multi.Generic ) - warning
18:15:18.0622 4028 RpcSs - detected UnsignedFile.Multi.Generic (1)
18:15:18.0919 4028 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
18:15:18.0981 4028 RSVP ( UnsignedFile.Multi.Generic ) - warning
18:15:18.0981 4028 RSVP - detected UnsignedFile.Multi.Generic (1)
18:15:19.0200 4028 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:15:19.0231 4028 SamSs ( UnsignedFile.Multi.Generic ) - warning
18:15:19.0231 4028 SamSs - detected UnsignedFile.Multi.Generic (1)
18:15:19.0403 4028 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:15:19.0419 4028 SASDIFSV - ok
18:15:19.0560 4028 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:15:19.0591 4028 SASKUTIL - ok
18:15:19.0856 4028 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
18:15:19.0903 4028 SBRE - ok
18:15:20.0106 4028 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:15:20.0169 4028 SCardSvr ( UnsignedFile.Multi.Generic ) - warning
18:15:20.0169 4028 SCardSvr - detected UnsignedFile.Multi.Generic (1)
18:15:20.0528 4028 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:15:20.0575 4028 Schedule ( UnsignedFile.Multi.Generic ) - warning
18:15:20.0575 4028 Schedule - detected UnsignedFile.Multi.Generic (1)
18:15:20.0856 4028 scsiscan (089870dab7aa277585c475ae09ee4c63) C:\WINDOWS\system32\DRIVERS\scsiscan.sys
18:15:20.0903 4028 scsiscan ( UnsignedFile.Multi.Generic ) - warning
18:15:20.0903 4028 scsiscan - detected UnsignedFile.Multi.Generic (1)
18:15:21.0138 4028 sdAuxService (2881d5c135d076bcf52b0f5ad3d8dc0b) C:\Program Files\Spyware Doctor\pctsAuxs.exe
18:15:21.0560 4028 sdAuxService - ok
18:15:21.0950 4028 sdCoreService (9caca3fad05c4b0d7967592e65b338f1) C:\Program Files\Spyware Doctor\pctsSvc.exe
18:15:22.0638 4028 sdCoreService - ok
18:15:22.0919 4028 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:15:23.0138 4028 Secdrv ( UnsignedFile.Multi.Generic ) - warning
18:15:23.0138 4028 Secdrv - detected UnsignedFile.Multi.Generic (1)
18:15:23.0481 4028 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:15:23.0606 4028 seclogon ( UnsignedFile.Multi.Generic ) - warning
18:15:23.0606 4028 seclogon - detected UnsignedFile.Multi.Generic (1)
18:15:23.0841 4028 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:15:23.0872 4028 SENS ( UnsignedFile.Multi.Generic ) - warning
18:15:23.0872 4028 SENS - detected UnsignedFile.Multi.Generic (1)
18:15:24.0060 4028 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:15:24.0091 4028 serenum ( UnsignedFile.Multi.Generic ) - warning
18:15:24.0091 4028 serenum - detected UnsignedFile.Multi.Generic (1)
18:15:24.0372 4028 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:15:24.0403 4028 Serial ( UnsignedFile.Multi.Generic ) - warning
18:15:24.0403 4028 Serial - detected UnsignedFile.Multi.Generic (1)
18:15:24.0731 4028 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:15:24.0763 4028 Sfloppy ( UnsignedFile.Multi.Generic ) - warning
18:15:24.0763 4028 Sfloppy - detected UnsignedFile.Multi.Generic (1)
18:15:25.0091 4028 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:15:25.0278 4028 SharedAccess ( UnsignedFile.Multi.Generic ) - warning
18:15:25.0278 4028 SharedAccess - detected UnsignedFile.Multi.Generic (1)
18:15:25.0591 4028 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:15:25.0606 4028 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
18:15:25.0606 4028 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
18:15:25.0810 4028 Simbad - ok
18:15:26.0044 4028 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:15:26.0091 4028 SLIP ( UnsignedFile.Multi.Generic ) - warning
18:15:26.0091 4028 SLIP - detected UnsignedFile.Multi.Generic (1)
18:15:26.0310 4028 SMPLSCSI (405efa5a9748155af1f90aa1a26b6503) C:\WINDOWS\system32\drivers\SMPLSCSI.SYS
18:15:26.0372 4028 SMPLSCSI ( UnsignedFile.Multi.Generic ) - warning
18:15:26.0372 4028 SMPLSCSI - detected UnsignedFile.Multi.Generic (1)
18:15:26.0763 4028 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:15:26.0919 4028 SONYPVU1 ( UnsignedFile.Multi.Generic ) - warning
18:15:26.0919 4028 SONYPVU1 - detected UnsignedFile.Multi.Generic (1)
18:15:27.0122 4028 Sparrow - ok
18:15:27.0372 4028 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:15:27.0419 4028 splitter ( UnsignedFile.Multi.Generic ) - warning
18:15:27.0419 4028 splitter - detected UnsignedFile.Multi.Generic (1)
18:15:27.0669 4028 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:15:27.0700 4028 Spooler ( UnsignedFile.Multi.Generic ) - warning
18:15:27.0700 4028 Spooler - detected UnsignedFile.Multi.Generic (1)
18:15:28.0060 4028 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
18:15:28.0341 4028 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
18:15:28.0341 4028 sptd ( LockedFile.Multi.Generic ) - warning
18:15:28.0341 4028 sptd - detected LockedFile.Multi.Generic (1)
18:15:28.0935 4028 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:15:29.0028 4028 SQLBrowser - ok
18:15:29.0231 4028 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:15:29.0278 4028 SQLWriter - ok
18:15:29.0560 4028 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:15:29.0606 4028 sr ( UnsignedFile.Multi.Generic ) - warning
18:15:29.0606 4028 sr - detected UnsignedFile.Multi.Generic (1)
18:15:29.0685 4028 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
18:15:29.0747 4028 srservice ( UnsignedFile.Multi.Generic ) - warning
18:15:29.0747 4028 srservice - detected UnsignedFile.Multi.Generic (1)
18:15:29.0825 4028 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:15:29.0997 4028 Srv ( UnsignedFile.Multi.Generic ) - warning
18:15:29.0997 4028 Srv - detected UnsignedFile.Multi.Generic (1)
18:15:30.0060 4028 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
18:15:30.0231 4028 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
18:15:30.0231 4028 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
18:15:30.0294 4028 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:15:30.0341 4028 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
18:15:30.0341 4028 SSDPSRV - detected UnsignedFile.Multi.Generic (1)
18:15:30.0388 4028 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
18:15:30.0466 4028 ssrtln ( UnsignedFile.Multi.Generic ) - warning
18:15:30.0466 4028 ssrtln - detected UnsignedFile.Multi.Generic (1)
18:15:30.0669 4028 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:15:30.0747 4028 stisvc ( UnsignedFile.Multi.Generic ) - warning
18:15:30.0747 4028 stisvc - detected UnsignedFile.Multi.Generic (1)
18:15:30.0919 4028 StMp3Rec (e3356a679491ad7b8ff4d51c1fdb0287) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
18:15:31.0216 4028 StMp3Rec ( UnsignedFile.Multi.Generic ) - warning
18:15:31.0216 4028 StMp3Rec - detected UnsignedFile.Multi.Generic (1)
18:15:31.0263 4028 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:15:31.0294 4028 streamip ( UnsignedFile.Multi.Generic ) - warning
18:15:31.0294 4028 streamip - detected UnsignedFile.Multi.Generic (1)
18:15:31.0372 4028 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:15:31.0403 4028 swenum ( UnsignedFile.Multi.Generic ) - warning
18:15:31.0403 4028 swenum - detected UnsignedFile.Multi.Generic (1)
18:15:31.0450 4028 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:15:31.0544 4028 swmidi ( UnsignedFile.Multi.Generic ) - warning
18:15:31.0544 4028 swmidi - detected UnsignedFile.Multi.Generic (1)
18:15:31.0669 4028 SwPrv - ok
18:15:31.0950 4028 symc810 - ok
18:15:31.0997 4028 symc8xx - ok
18:15:32.0028 4028 sym_hi - ok
18:15:32.0091 4028 sym_u3 - ok
18:15:32.0278 4028 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:15:32.0310 4028 sysaudio ( UnsignedFile.Multi.Generic ) - warning
18:15:32.0310 4028 sysaudio - detected UnsignedFile.Multi.Generic (1)
18:15:32.0388 4028 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:15:32.0450 4028 SysmonLog ( UnsignedFile.Multi.Generic ) - warning
18:15:32.0450 4028 SysmonLog - detected UnsignedFile.Multi.Generic (1)
18:15:32.0669 4028 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:15:32.0731 4028 TapiSrv ( UnsignedFile.Multi.Generic ) - warning
18:15:32.0731 4028 TapiSrv - detected UnsignedFile.Multi.Generic (1)
18:15:32.0919 4028 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:15:33.0060 4028 Tcpip ( UnsignedFile.Multi.Generic ) - warning
18:15:33.0060 4028 Tcpip - detected UnsignedFile.Multi.Generic (1)
18:15:33.0278 4028 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:15:33.0294 4028 TDPIPE ( UnsignedFile.Multi.Generic ) - warning
18:15:33.0294 4028 TDPIPE - detected UnsignedFile.Multi.Generic (1)
18:15:33.0356 4028 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:15:33.0388 4028 TDTCP ( UnsignedFile.Multi.Generic ) - warning
18:15:33.0388 4028 TDTCP - detected UnsignedFile.Multi.Generic (1)
18:15:33.0481 4028 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:15:33.0528 4028 TermDD ( UnsignedFile.Multi.Generic ) - warning
18:15:33.0528 4028 TermDD - detected UnsignedFile.Multi.Generic (1)
18:15:33.0685 4028 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:15:33.0763 4028 TermService ( UnsignedFile.Multi.Generic ) - warning
18:15:33.0763 4028 TermService - detected UnsignedFile.Multi.Generic (1)
18:15:33.0856 4028 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
18:15:33.0903 4028 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
18:15:33.0903 4028 tfsnboio - detected UnsignedFile.Multi.Generic (1)
18:15:33.0950 4028 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
18:15:33.0997 4028 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
18:15:33.0997 4028 tfsncofs - detected UnsignedFile.Multi.Generic (1)
18:15:34.0028 4028 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
18:15:34.0075 4028 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
18:15:34.0075 4028 tfsndrct - detected UnsignedFile.Multi.Generic (1)
18:15:34.0122 4028 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
18:15:34.0169 4028 tfsndres ( UnsignedFile.Multi.Generic ) - warning
18:15:34.0169 4028 tfsndres - detected UnsignedFile.Multi.Generic (1)
18:15:34.0231 4028 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
18:15:34.0278 4028 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
18:15:34.0278 4028 tfsnifs - detected UnsignedFile.Multi.Generic (1)
18:15:34.0310 4028 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
18:15:34.0356 4028 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
18:15:34.0356 4028 tfsnopio - detected UnsignedFile.Multi.Generic (1)
18:15:34.0388 4028 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
18:15:34.0435 4028 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
18:15:34.0435 4028 tfsnpool - detected UnsignedFile.Multi.Generic (1)
18:15:34.0481 4028 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
18:15:34.0528 4028 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
18:15:34.0528 4028 tfsnudf - detected UnsignedFile.Multi.Generic (1)
18:15:34.0575 4028 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
18:15:34.0638 4028 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
18:15:34.0638 4028 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
18:15:34.0700 4028 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:15:34.0731 4028 Themes ( UnsignedFile.Multi.Generic ) - warning
18:15:34.0731 4028 Themes - detected UnsignedFile.Multi.Generic (1)
18:15:34.0778 4028 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
18:15:34.0810 4028 TlntSvr ( UnsignedFile.Multi.Generic ) - warning
18:15:34.0810 4028 TlntSvr - detected UnsignedFile.Multi.Generic (1)
18:15:34.0856 4028 TosIde - ok
18:15:34.0888 4028 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:15:34.0950 4028 TrkWks ( UnsignedFile.Multi.Generic ) - warning
18:15:34.0950 4028 TrkWks - detected UnsignedFile.Multi.Generic (1)
18:15:34.0997 4028 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:15:35.0028 4028 Udfs ( UnsignedFile.Multi.Generic ) - warning
18:15:35.0028 4028 Udfs - detected UnsignedFile.Multi.Generic (1)
18:15:35.0060 4028 ultra - ok
18:15:35.0122 4028 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:15:35.0169 4028 Update ( UnsignedFile.Multi.Generic ) - warning
18:15:35.0169 4028 Update - detected UnsignedFile.Multi.Generic (1)
18:15:35.0247 4028 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:15:35.0278 4028 upnphost ( UnsignedFile.Multi.Generic ) - warning
18:15:35.0278 4028 upnphost - detected UnsignedFile.Multi.Generic (1)
18:15:35.0325 4028 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:15:35.0372 4028 UPS ( UnsignedFile.Multi.Generic ) - warning
18:15:35.0372 4028 UPS - detected UnsignedFile.Multi.Generic (1)
18:15:35.0435 4028 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:15:35.0481 4028 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
18:15:35.0481 4028 USBAAPL - detected UnsignedFile.Multi.Generic (1)
18:15:35.0653 4028 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:15:35.0700 4028 usbaudio ( UnsignedFile.Multi.Generic ) - warning
18:15:35.0700 4028 usbaudio - detected UnsignedFile.Multi.Generic (1)
18:15:35.0825 4028 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:15:35.0856 4028 usbccgp ( UnsignedFile.Multi.Generic ) - warning
18:15:35.0856 4028 usbccgp - detected UnsignedFile.Multi.Generic (1)
18:15:35.0919 4028 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:15:35.0950 4028 usbehci ( UnsignedFile.Multi.Generic ) - warning
18:15:35.0950 4028 usbehci - detected UnsignedFile.Multi.Generic (1)
18:15:36.0013 4028 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:15:36.0044 4028 usbhub ( UnsignedFile.Multi.Generic ) - warning
18:15:36.0044 4028 usbhub - detected UnsignedFile.Multi.Generic (1)
18:15:36.0075 4028 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:15:36.0106 4028 usbprint ( UnsignedFile.Multi.Generic ) - warning
18:15:36.0106 4028 usbprint - detected UnsignedFile.Multi.Generic (1)
18:15:36.0185 4028 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:15:36.0216 4028 usbscan ( UnsignedFile.Multi.Generic ) - warning
18:15:36.0216 4028 usbscan - detected UnsignedFile.Multi.Generic (1)
18:15:36.0263 4028 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:15:36.0294 4028 usbstor ( UnsignedFile.Multi.Generic ) - warning
18:15:36.0294 4028 usbstor - detected UnsignedFile.Multi.Generic (1)
18:15:36.0341 4028 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:15:36.0372 4028 usbuhci ( UnsignedFile.Multi.Generic ) - warning
18:15:36.0372 4028 usbuhci - detected UnsignedFile.Multi.Generic (1)
18:15:36.0403 4028 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:15:36.0450 4028 VgaSave ( UnsignedFile.Multi.Generic ) - warning
18:15:36.0450 4028 VgaSave - detected UnsignedFile.Multi.Generic (1)
18:15:36.0560 4028 ViaIde - ok
18:15:36.0763 4028 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:15:36.0810 4028 VolSnap ( UnsignedFile.Multi.Generic ) - warning
18:15:36.0810 4028 VolSnap - detected UnsignedFile.Multi.Generic (1)
18:15:37.0013 4028 vsdatant (e6b492b4c3c5566e932f975f2e8345c9) C:\WINDOWS\system32\vsdatant.sys
18:15:37.0075 4028 vsdatant - ok
18:15:37.0153 4028 vsmon - ok
18:15:37.0231 4028 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:15:37.0263 4028 VSS ( UnsignedFile.Multi.Generic ) - warning
18:15:37.0263 4028 VSS - detected UnsignedFile.Multi.Generic (1)
18:15:37.0419 4028 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
18:15:37.0794 4028 vToolbarUpdater10.2.0 - ok
18:15:37.0856 4028 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
18:15:37.0888 4028 W32Time ( UnsignedFile.Multi.Generic ) - warning
18:15:37.0888 4028 W32Time - detected UnsignedFile.Multi.Generic (1)
18:15:38.0231 4028 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:15:38.0278 4028 Wanarp ( UnsignedFile.Multi.Generic ) - warning
18:15:38.0278 4028 Wanarp - detected UnsignedFile.Multi.Generic (1)
18:15:38.0388 4028 WDICA - ok
18:15:38.0419 4028 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:15:38.0450 4028 wdmaud ( UnsignedFile.Multi.Generic ) - warning
18:15:38.0450 4028 wdmaud - detected UnsignedFile.Multi.Generic (1)
18:15:38.0497 4028 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:15:38.0513 4028 WebClient ( UnsignedFile.Multi.Generic ) - warning
18:15:38.0513 4028 WebClient - detected UnsignedFile.Multi.Generic (1)
18:15:38.0591 4028 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:15:38.0622 4028 winmgmt ( UnsignedFile.Multi.Generic ) - warning
18:15:38.0622 4028 winmgmt - detected UnsignedFile.Multi.Generic (1)
18:15:38.0700 4028 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\System32\MsPMSPSv.exe
18:15:38.0731 4028 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning
18:15:38.0731 4028 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)
18:15:38.0810 4028 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:15:38.0841 4028 WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning
18:15:38.0841 4028 WmdmPmSN - detected UnsignedFile.Multi.Generic (1)
18:15:38.0903 4028 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:15:38.0950 4028 Wmi ( UnsignedFile.Multi.Generic ) - warning
18:15:38.0950 4028 Wmi - detected UnsignedFile.Multi.Generic (1)
18:15:39.0013 4028 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:15:39.0075 4028 WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
18:15:39.0075 4028 WmiApSrv - detected UnsignedFile.Multi.Generic (1)
18:15:39.0200 4028 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:15:39.0294 4028 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
18:15:39.0294 4028 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
18:15:39.0372 4028 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:15:39.0388 4028 WpdUsb ( UnsignedFile.Multi.Generic ) - warning
18:15:39.0388 4028 WpdUsb - detected UnsignedFile.Multi.Generic (1)
18:15:39.0466 4028 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:15:39.0513 4028 wscsvc ( UnsignedFile.Multi.Generic ) - warning
18:15:39.0513 4028 wscsvc - detected UnsignedFile.Multi.Generic (1)
18:15:39.0575 4028 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:15:39.0606 4028 WSTCODEC ( UnsignedFile.Multi.Generic ) - warning
18:15:39.0606 4028 WSTCODEC - detected UnsignedFile.Multi.Generic (1)
18:15:39.0638 4028 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:15:39.0685 4028 wuauserv ( UnsignedFile.Multi.Generic ) - warning
18:15:39.0685 4028 wuauserv - detected UnsignedFile.Multi.Generic (1)
18:15:39.0763 4028 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:15:39.0778 4028 WudfPf ( UnsignedFile.Multi.Generic ) - warning
18:15:39.0778 4028 WudfPf - detected UnsignedFile.Multi.Generic (1)
18:15:39.0825 4028 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:15:39.0856 4028 WudfRd ( UnsignedFile.Multi.Generic ) - warning
18:15:39.0856 4028 WudfRd - detected UnsignedFile.Multi.Generic (1)
18:15:39.0950 4028 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:15:39.0966 4028 WudfSvc ( UnsignedFile.Multi.Generic ) - warning
18:15:39.0966 4028 WudfSvc - detected UnsignedFile.Multi.Generic (1)
18:15:40.0028 4028 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:15:40.0091 4028 WZCSVC ( UnsignedFile.Multi.Generic ) - warning
18:15:40.0091 4028 WZCSVC - detected UnsignedFile.Multi.Generic (1)
18:15:40.0153 4028 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:15:40.0185 4028 xmlprov ( UnsignedFile.Multi.Generic ) - warning
18:15:40.0185 4028 xmlprov - detected UnsignedFile.Multi.Generic (1)
18:15:40.0278 4028 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:15:40.0341 4028 YahooAUService - ok
18:15:40.0372 4028 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
18:15:40.0403 4028 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:15:40.0403 4028 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:15:40.0481 4028 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:15:40.0481 4028 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:15:40.0497 4028 Boot (0x1200) (de6c4a0aa7c3fe84a6d38b23fa50c8c7) \Device\Harddisk0\DR0\Partition0
18:15:40.0497 4028 \Device\Harddisk0\DR0\Partition0 - ok
18:15:40.0497 4028 ============================================================
18:15:40.0497 4028 Scan finished
18:15:40.0497 4028 ============================================================
18:15:40.0606 4960 Detected object count: 257
18:15:40.0606 4960 Actual detected object count: 257
18:17:10.0325 4960 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0325 4960 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0325 4960 ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0325 4960 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0325 4960 aec ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0325 4960 aec ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0325 4960 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0325 4960 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0341 4960 agp440 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0341 4960 agp440 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0341 4960 Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0341 4960 Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0341 4960 ALG ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0341 4960 ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0341 4960 AppMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0341 4960 AppMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0341 4960 Arp1394 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0341 4960 Arp1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0341 4960 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0341 4960 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0341 4960 AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0341 4960 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0356 4960 atapi ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0356 4960 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0356 4960 AtlsAud ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0356 4960 AtlsAud ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0356 4960 Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0356 4960 Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0356 4960 AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0356 4960 AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0356 4960 audstub ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0356 4960 audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0356 4960 BCMModem ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0356 4960 BCMModem ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0356 4960 Beep ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0356 4960 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0356 4960 BITS ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0356 4960 BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0356 4960 Browser ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0356 4960 Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0372 4960 bvrp_pci ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0372 4960 bvrp_pci ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0372 4960 cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0372 4960 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0372 4960 Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0372 4960 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0372 4960 Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0372 4960 Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0388 4960 Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0388 4960 Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0388 4960 CDRPDACC ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0388 4960 CDRPDACC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0388 4960 CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0388 4960 CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0388 4960 ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0388 4960 ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0388 4960 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0388 4960 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0388 4960 CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0388 4960 CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0403 4960 ctac32k ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0403 4960 ctac32k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0403 4960 ctaud2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0403 4960 ctaud2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0403 4960 ctdvda2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0403 4960 ctdvda2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0403 4960 ctprxy2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0403 4960 ctprxy2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0403 4960 ctsfm2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0403 4960 ctsfm2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0403 4960 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0403 4960 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0419 4960 Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0419 4960 Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0419 4960 Disk ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0419 4960 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0419 4960 dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0419 4960 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0419 4960 dmio ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0419 4960 dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0419 4960 dmload ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0419 4960 dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0419 4960 dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0419 4960 dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0435 4960 DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0435 4960 DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0435 4960 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0435 4960 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0435 4960 Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0435 4960 Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0435 4960 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0435 4960 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0435 4960 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0435 4960 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0435 4960 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0435 4960 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0450 4960 E1000 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0450 4960 E1000 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0450 4960 EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0450 4960 EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0450 4960 EMATCORE ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0450 4960 EMATCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0450 4960 emupia ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0450 4960 emupia ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0450 4960 ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0450 4960 ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0450 4960 Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0450 4960 Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0466 4960 EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0466 4960 EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0466 4960 Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0466 4960 Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0466 4960 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0466 4960 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0466 4960 Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0466 4960 Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0466 4960 Fips ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0466 4960 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0466 4960 Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0466 4960 Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0481 4960 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0481 4960 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0481 4960 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0481 4960 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0481 4960 Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0481 4960 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0481 4960 Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0481 4960 Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0481 4960 ha10kx2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0481 4960 ha10kx2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0481 4960 hap16v2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0481 4960 hap16v2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0497 4960 helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0497 4960 helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0497 4960 HidServ ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0497 4960 HidServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0497 4960 hidusb ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0497 4960 hidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0497 4960 hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0497 4960 hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0497 4960 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0497 4960 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0497 4960 HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0497 4960 HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0513 4960 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0513 4960 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0513 4960 Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0513 4960 Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0513 4960 ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0513 4960 ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0513 4960 intelppm ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0513 4960 intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0513 4960 ip6fw ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0513 4960 ip6fw ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0513 4960 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0513 4960 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0528 4960 IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0528 4960 IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0528 4960 IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0528 4960 IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0528 4960 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0528 4960 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0528 4960 IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0528 4960 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0528 4960 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0528 4960 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0528 4960 Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0528 4960 Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0544 4960 kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0544 4960 kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0544 4960 kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0544 4960 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0544 4960 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0544 4960 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0544 4960 lanmanserver ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0544 4960 lanmanserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0544 4960 lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0544 4960 lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0544 4960 LexBceS ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0544 4960 LexBceS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0560 4960 LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0560 4960 LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0560 4960 Messenger ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0560 4960 Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0560 4960 mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0560 4960 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0560 4960 mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0560 4960 mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0560 4960 Modem ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0560 4960 Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0560 4960 MODEMCSA ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0560 4960 MODEMCSA ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0575 4960 Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0575 4960 Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0575 4960 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0575 4960 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0575 4960 MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0575 4960 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0575 4960 MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0575 4960 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0575 4960 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0575 4960 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0575 4960 MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0575 4960 MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0591 4960 Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0591 4960 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0591 4960 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0591 4960 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0591 4960 MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0591 4960 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0591 4960 MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0591 4960 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0591 4960 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0591 4960 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0591 4960 MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0606 4960 MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0606 4960 Mup ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0606 4960 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0606 4960 NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0606 4960 NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0606 4960 napagent ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0606 4960 napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0606 4960 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0606 4960 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0606 4960 NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0606 4960 NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0622 4960 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0622 4960 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0622 4960 Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0622 4960 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0622 4960 NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0622 4960 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0622 4960 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0622 4960 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0622 4960 NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0622 4960 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0622 4960 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0622 4960 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0638 4960 NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0638 4960 NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0638 4960 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0638 4960 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0638 4960 Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0638 4960 Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0638 4960 Netman ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0638 4960 Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0638 4960 NIC1394 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0638 4960 NIC1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0638 4960 Nla ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0638 4960 Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0653 4960 Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0653 4960 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0653 4960 Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0653 4960 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0653 4960 NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0653 4960 NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0653 4960 NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0653 4960 NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0653 4960 Null ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0653 4960 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0653 4960 nv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0653 4960 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0669 4960 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0669 4960 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0669 4960 NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0669 4960 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0669 4960 NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0669 4960 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0669 4960 ohci1394 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0669 4960 ohci1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0669 4960 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0669 4960 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0669 4960 ONSIO ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0669 4960 ONSIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0685 4960 ossrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0685 4960 ossrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0685 4960 Parport ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0685 4960 Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0685 4960 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0685 4960 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0685 4960 ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0685 4960 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0685 4960 PCI ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0685 4960 PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0685 4960 PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0685 4960 PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0700 4960 Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0700 4960 Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0700 4960 Pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0700 4960 Pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0700 4960 PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0700 4960 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0700 4960 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0700 4960 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0700 4960 PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0700 4960 PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0700 4960 PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0700 4960 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0716 4960 Processor ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0716 4960 Processor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0716 4960 ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0716 4960 ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0716 4960 PSched ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0716 4960 PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0716 4960 Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0716 4960 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0716 4960 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0716 4960 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0731 4960 RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0731 4960 RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0731 4960 Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0731 4960 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0731 4960 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0731 4960 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0731 4960 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0731 4960 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0731 4960 Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0731 4960 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0731 4960 Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0731 4960 Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0747 4960 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0747 4960 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0747 4960 rdpdr ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0747 4960 rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0747 4960 RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0747 4960 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0747 4960 RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0747 4960 RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0747 4960 redbook ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0747 4960 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0747 4960 RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0747 4960 RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0747 4960 RemoteRegistry ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0747 4960 RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0763 4960 RimUsb ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0763 4960 RimUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0763 4960 RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0763 4960 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0763 4960 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0763 4960 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0763 4960 RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0763 4960 RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0763 4960 SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0763 4960 SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0763 4960 SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0763 4960 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0778 4960 Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0778 4960 Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0778 4960 scsiscan ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0778 4960 scsiscan ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0778 4960 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0778 4960 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0778 4960 seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0778 4960 seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0778 4960 SENS ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0778 4960 SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0778 4960 serenum ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0778 4960 serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0794 4960 Serial ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0794 4960 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0794 4960 Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0794 4960 Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0794 4960 SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0794 4960 SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0794 4960 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0794 4960 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0794 4960 SLIP ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0794 4960 SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0794 4960 SMPLSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0794 4960 SMPLSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0810 4960 SONYPVU1 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0810 4960 SONYPVU1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0810 4960 splitter ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0810 4960 splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0810 4960 Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0810 4960 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0810 4960 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:17:10.0810 4960 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:17:10.0810 4960 sr ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0810 4960 sr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0810 4960 srservice ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0810 4960 srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0825 4960 Srv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0825 4960 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0825 4960 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0825 4960 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0825 4960 SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0825 4960 SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0825 4960 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0825 4960 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0825 4960 stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0825 4960 stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0825 4960 StMp3Rec ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0825 4960 StMp3Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0841 4960 streamip ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0841 4960 streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0841 4960 swenum ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0841 4960 swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0841 4960 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0841 4960 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0841 4960 sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0841 4960 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0841 4960 SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0841 4960 SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0841 4960 TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0841 4960 TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0856 4960 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0856 4960 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0856 4960 TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0856 4960 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0856 4960 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0856 4960 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0856 4960 TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0856 4960 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0856 4960 TermService ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0856 4960 TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0856 4960 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0856 4960 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0872 4960 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0872 4960 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0872 4960 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0872 4960 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0872 4960 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0872 4960 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0872 4960 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0872 4960 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0872 4960 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0872 4960 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0872 4960 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0872 4960 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0888 4960 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0888 4960 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0888 4960 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0888 4960 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0888 4960 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0888 4960 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0888 4960 TlntSvr ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0888 4960 TlntSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0888 4960 TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0888 4960 TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0888 4960 Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0888 4960 Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0903 4960 Update ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0903 4960 Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0903 4960 upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0903 4960 upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0903 4960 UPS ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0903 4960 UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0903 4960 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0903 4960 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0903 4960 usbaudio ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0903 4960 usbaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0903 4960 usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0903 4960 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0919 4960 usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0919 4960 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0919 4960 usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0919 4960 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0919 4960 usbprint ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0919 4960 usbprint ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0919 4960 usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0919 4960 usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0919 4960 usbstor ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0919 4960 usbstor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0919 4960 usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0919 4960 usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0935 4960 VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0935 4960 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0935 4960 VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0935 4960 VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0935 4960 VSS ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0935 4960 VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0935 4960 W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0935 4960 W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0935 4960 Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0935 4960 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0935 4960 wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0935 4960 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0950 4960 WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0950 4960 WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0950 4960 winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0950 4960 winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0950 4960 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0950 4960 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0950 4960 WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0950 4960 WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0950 4960 Wmi ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0950 4960 Wmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0950 4960 WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0966 4960 WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0966 4960 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0966 4960 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0966 4960 WpdUsb ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0966 4960 WpdUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0966 4960 wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0966 4960 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0966 4960 WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0966 4960 WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0966 4960 wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0966 4960 wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0981 4960 WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0981 4960 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0981 4960 WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0981 4960 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0981 4960 WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0981 4960 WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0981 4960 WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0981 4960 WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:10.0981 4960 xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:10.0981 4960 xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:11.0794 4960 \Device\Harddisk0\DR0\# - copied to quarantine
18:17:11.0794 4960 \Device\Harddisk0\DR0 - copied to quarantine
18:17:11.0841 4960 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:17:11.0856 4960 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:17:11.0872 4960 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:17:11.0872 4960 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:17:11.0888 4960 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:17:11.0903 4960 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:17:11.0919 4960 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:17:11.0981 4960 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:17:11.0981 4960 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:17:11.0997 4960 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:17:11.0997 4960 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:17:12.0013 4960 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:17:12.0028 4960 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:17:12.0028 4960 \Device\Harddisk0\DR0 - ok
18:17:13.0075 4960 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:17:13.0075 4960 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:17:13.0075 4960 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:17:15.0872 5512 Deinitialize success
  • 0

#6
Frank2012

Frank2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Gammo my mistake, I just ran OTL. After running OTL I was able to access adobe. Everthing seems to be fine. Thanks for all your help. Can you advise what can be done so I don't get a virus like this again. Here is the OTL File.

OTL logfile created on: 4/7/2012 9:52:00 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Frank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.20% Memory free
3.85 Gb Paging File | 2.94 Gb Available in Paging File | 76.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 22.56 Gb Free Space | 20.19% Space Free | Partition Type: NTFS

Computer Name: FRANK-8W9SK39KS | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/30 11:15:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/24 13:15:52 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/24 13:15:41 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/23 19:11:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\desktop\OTL.exe
PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/15 08:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/10/09 07:23:28 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/02 15:49:22 | 000,196,608 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\Secure Online Account Numbers\SOAN.exe
PRC - [2005/03/31 09:26:50 | 000,229,376 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2003/12/10 04:52:40 | 000,380,928 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC LightSpeed Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2003/12/09 14:02:04 | 000,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/07 19:53:15 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/07 19:53:15 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/04 09:44:20 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/04 09:44:20 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/03/30 11:15:21 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/24 13:15:52 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/24 13:15:41 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/06/28 06:19:50 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/06/28 06:19:49 | 000,589,184 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/06/16 10:32:06 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/06/07 04:44:50 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
MOD - [2008/02/16 21:22:08 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2005/01/20 22:18:18 | 000,009,728 | ---- | M] () -- C:\Program Files\Yahoo!\browser\YCommonPS.dll
MOD - [2003/07/29 04:36:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBLPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - [2012/03/24 13:15:52 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/10 22:47:34 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/09 07:23:28 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/01/21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe -- (NMSAccessU)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Frank\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/28 09:32:26 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/14 09:22:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/02/14 09:18:53 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/10/10 22:42:30 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/09 07:23:04 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/08/27 20:45:13 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/04/03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/10/30 21:07:38 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/10/30 21:07:38 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/10/30 21:07:36 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/04/13 13:45:33 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2005/09/23 14:38:54 | 000,068,260 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/08/28 18:58:40 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/03/27 11:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/26 16:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 16:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 16:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 16:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/06 10:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 17:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/02/20 17:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/20 17:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/20 17:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/12/04 13:08:00 | 000,134,304 | R--- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtlsVid.sys -- (EMATCORE)
DRV - [2002/12/03 12:48:00 | 000,021,504 | R--- | M] (Dell Computer Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtlsAud.sys -- (AtlsAud)
DRV - [2002/07/25 12:33:58 | 000,004,633 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [1998/09/14 09:41:14 | 000,285,216 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\onsio.sys -- (ONSIO)
DRV - [1998/08/01 13:00:44 | 000,060,928 | ---- | M] (OnSpec Electronic, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\SMPLSCSI.SYS -- (SMPLSCSI)
DRV - [1996/07/12 20:31:10 | 000,014,528 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {124D0D1B-51C2-48E0-80DD-E71D3F79E56F}
IE - HKCU\..\SearchScopes\{124D0D1B-51C2-48E0-80DD-E71D3F79E56F}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLA_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-14 14:36:38&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80643&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...6:38&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 12:28:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/03/04 10:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/24 13:16:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/23 13:58:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/30 11:15:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/30 11:01:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57E72829-C158-4341-BBED-58F0AD1740FD}: C:\Program Files\Google\Google Photos Screensaver\FF_ext [2008/02/02 09:20:34 | 000,000,000 | ---D | M]

[2008/12/27 13:35:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Extensions
[2012/03/30 16:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7augm2h2.default\extensions
[2010/10/30 14:07:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7augm2h2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/02 19:33:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7augm2h2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/15 17:40:49 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7augm2h2.default\extensions\[email protected]
[2011/12/22 17:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7augm2h2.default\extensions\nostmp
[2011/04/17 11:57:53 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7augm2h2.default\extensions\[email protected]
[2012/03/30 16:00:45 | 000,000,000 | ---D | M] (pdf.js) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7augm2h2.default\extensions\[email protected]
[2011/12/22 17:47:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/24 09:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/17 11:57:53 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/03/24 13:16:21 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.2.0.3
() (No name found) -- C:\DOCUMENTS AND SETTINGS\FRANK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7AUGM2H2.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\FRANK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7AUGM2H2.DEFAULT\EXTENSIONS\[email protected]
[2008/12/19 22:29:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/30 11:15:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2006/12/25 16:57:11 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2008/08/23 09:43:59 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2012/03/24 13:15:36 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/04/17 11:42:01 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/03/25 19:36:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/25 19:36:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/07 19:52:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (DeskshopBrowserHelper Class) - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC LightSpeed Self Support Tool\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SecureOnlineAccountNumbers] C:\Program Files\Secure Online Account Numbers\SOAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe (Orbiscom Ltd. All rights reserved.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8436C91E-451F-42FE-88ED-8B71F42C4C1A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/08 20:30:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 20:29:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/07 18:46:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/07 18:41:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/07 18:41:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/07 18:41:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/07 18:41:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/07 18:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/07 18:32:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/07 18:17:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/04 10:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/04 10:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/04 09:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\SUPERAntiSpyware.com
[2012/04/04 09:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/02 08:35:21 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/03/30 10:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\Condensed
[2012/03/26 15:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/03/26 09:38:07 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/03/26 09:37:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/03/24 10:23:59 | 000,000,000 | ---D | C] -- C:\found.000
[2012/03/23 11:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\Malwarebytes
[2012/03/23 11:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/23 11:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/23 11:12:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/23 11:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/22 19:16:59 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
[2012/03/13 20:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/13 17:55:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/03/09 10:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/09 10:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2026/09/04 04:30:19 | 000,003,120 | ---- | M] () -- C:\WINDOWS\BQSHYJ2R.ocx
[2026/09/02 10:01:58 | 000,003,120 | ---- | M] () -- C:\WINDOWS\F9B5D4PH.ocx
[2026/08/31 15:33:37 | 000,003,120 | ---- | M] () -- C:\WINDOWS\VO63QJ2E.ocx
[2026/08/29 21:05:17 | 000,003,120 | ---- | M] () -- C:\WINDOWS\NWQNADHB.ocx
[2026/08/28 02:36:56 | 000,003,120 | ---- | M] () -- C:\WINDOWS\O83PPKBG.ocx
[2026/08/26 08:08:35 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\GHP6JVUB.ocx
[2026/08/24 13:40:14 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\2KG2D6GN.ocx
[2026/08/22 19:11:53 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\E2DGHAFK.ocx
[2026/08/21 00:43:32 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\KJIXEDQK.ocx
[2026/08/19 06:15:12 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\S239DIEF.ocx
[2012/04/07 21:00:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/07 21:00:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/07 19:52:42 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
[2012/04/07 19:52:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/07 19:51:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/07 19:49:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/07 19:48:30 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/04/07 19:48:30 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/04/07 19:48:30 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/04/07 19:48:30 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2012/04/07 19:48:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/04/07 19:48:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/04/07 19:48:30 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2012/04/07 19:48:30 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2012/04/07 18:46:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/07 18:36:31 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/04/07 18:36:31 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/04/07 17:24:53 | 094,123,293 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/07 17:24:16 | 000,023,348 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/05 19:26:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/04 10:17:59 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/30 10:17:43 | 000,062,106 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\2010 0330Return.T10
[2012/03/26 15:04:35 | 000,004,404 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2012/03/25 19:47:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1343024091-839522115-1003.job
[2012/03/25 13:53:34 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2012/03/23 19:11:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
[2012/03/23 12:59:17 | 000,513,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/23 12:59:17 | 000,099,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/23 12:54:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\filefortShakeIcon.job
[2012/03/23 11:12:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/13 20:30:43 | 000,001,122 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\cc_20120313_203038.reg
[2012/03/13 20:09:21 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2026/09/04 04:30:19 | 000,003,120 | ---- | C] () -- C:\WINDOWS\BQSHYJ2R.ocx
[2026/09/02 10:01:58 | 000,003,120 | ---- | C] () -- C:\WINDOWS\F9B5D4PH.ocx
[2026/08/31 15:33:37 | 000,003,120 | ---- | C] () -- C:\WINDOWS\VO63QJ2E.ocx
[2026/08/29 21:05:17 | 000,003,120 | ---- | C] () -- C:\WINDOWS\NWQNADHB.ocx
[2026/08/28 02:36:56 | 000,003,120 | ---- | C] () -- C:\WINDOWS\O83PPKBG.ocx
[2026/08/26 08:08:35 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\GHP6JVUB.ocx
[2026/08/24 13:40:14 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\2KG2D6GN.ocx
[2026/08/22 19:11:53 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\E2DGHAFK.ocx
[2026/08/21 00:43:32 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\KJIXEDQK.ocx
[2026/08/19 06:15:12 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\S239DIEF.ocx
[2012/04/07 18:46:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/07 18:46:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/07 18:41:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/07 18:41:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/07 18:41:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/07 18:41:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/07 18:41:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/04 10:17:59 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/30 10:01:23 | 000,062,106 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\2010 0330Return.T10
[2012/03/23 11:12:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/13 20:30:41 | 000,001,122 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\cc_20120313_203038.reg
[2012/03/13 08:18:28 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\filefortShakeIcon.job
[2012/03/09 10:52:23 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/26 15:06:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/19 10:57:56 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2011/05/13 10:11:50 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2011/04/24 21:31:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/24 21:31:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

========== LOP Check ==========

[2006/06/25 20:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2012/03/13 18:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/05/06 08:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012/01/25 09:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/03 10:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/04/17 11:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/03/27 17:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/03/14 09:53:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/04/14 08:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/05/03 15:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/28 15:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/03/30 10:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/01/09 21:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012/02/26 15:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2007/10/25 22:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TextBridge
[2011/02/14 08:59:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/02/03 10:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/03 15:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\AVG10
[2011/04/17 11:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Babylon
[2010/03/27 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Canneverbe Limited
[2009/10/14 15:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\CheckPoint
[2011/05/26 21:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Digiarty
[2011/09/10 09:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Garmin
[2010/01/14 22:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\GlarySoft
[2011/02/14 08:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\IObit
[2006/06/14 19:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Leadertech
[2008/03/27 18:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\NCH Swift Sound
[2008/02/17 13:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\pdf995
[2009/01/09 21:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Publish Providers
[2012/03/09 09:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Software Informer
[2009/01/09 21:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Sony
[2012/03/30 10:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\TaxCut
[2007/07/10 19:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\V-Safe
[2011/04/17 11:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\WinPump
[2012/03/23 12:54:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\filefortShakeIcon.job
[2011/10/26 15:38:07 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/11/19 18:25:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job

========== Purity Check ==========



< End of report >
  • 0

#7
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
I'd like you to perform two more set of instructions before I'm calling it clean and I'll give you some prevention tips.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/02/15 17:40:49 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7augm2h2.default\extensions\[email protected]
    [2011/04/17 11:57:53 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\7augm2h2.default\extensions\[email protected]
    [2011/04/17 11:57:53 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
    [2011/04/17 11:42:01 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2011/04/17 11:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2011/04/17 11:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Babylon
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#8
Frank2012

Frank2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Gammo here it is


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.08.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Frank :: FRANK-8W9SK39KS [administrator]

4/8/2012 8:24:05 AM
mbam-log-2012-04-08 (08-24-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217738
Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#9
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP