Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Data recovery" virus.


  • Please log in to reply

#1
NFRCR

NFRCR

    Member

  • Member
  • PipPip
  • 13 posts
My computer has the "data recovery" virus? It claims that my "c" disk is in critical failure, and it wants me to run a "S.M.A.R.T." check. Most of my icons are hidden and have 15-20 popups every 10 minutes saying "a write command during the test has failed to complete. This may be due to a media or read/write error" Any help would be appreciated.

Here is my OTL log:


OTL logfile created on: 4/30/2012 3:49:13 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 34.85% Memory free
3.81 Gb Paging File | 2.48 Gb Available in Paging File | 65.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 73.59 Gb Free Space | 49.40% Space Free | Partition Type: NTFS

Computer Name: BONNIEHALL | User Name: Lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 13:43:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2012/04/30 13:33:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E00ZQG6O\HijackThis[1].exe
PRC - [2012/04/30 13:16:20 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GNjGwt76UAgbLL.exe
PRC - [2012/04/30 12:58:51 | 000,299,008 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\UCTLmONMNDgUV.exe
PRC - [2012/04/28 13:55:31 | 000,180,648 | -H-- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/04/12 02:37:36 | 001,224,176 | -H-- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/02/27 08:44:18 | 001,304,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
PRC - [2012/02/27 08:44:06 | 001,006,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2012/02/27 08:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2011/12/06 13:17:53 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2011/12/06 13:17:53 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2010/01/07 16:09:23 | 000,598,696 | -H-- | M] ( ) -- C:\WINDOWS\system32\dleacoms.exe
PRC - [2009/11/09 21:57:54 | 000,099,896 | RH-- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009/06/24 11:57:04 | 000,136,704 | -H-- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/02/11 16:38:40 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/01 11:34:48 | 002,326,528 | -H-- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/25 11:38:12 | 000,595,184 | -H-- | M] ( ) -- C:\WINDOWS\system32\dldtcoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/30 13:16:20 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GNjGwt76UAgbLL.exe
MOD - [2012/04/30 12:58:51 | 000,299,008 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\UCTLmONMNDgUV.exe
MOD - [2012/04/12 02:37:34 | 000,444,400 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 02:37:33 | 003,915,248 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 02:36:08 | 000,122,880 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 02:36:06 | 000,220,672 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 02:36:05 | 001,747,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/02/27 08:44:20 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll
MOD - [2012/02/27 08:44:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll
MOD - [2011/12/06 13:18:04 | 000,174,624 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
MOD - [2011/12/06 13:17:57 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll
MOD - [2011/12/06 13:17:54 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
MOD - [2011/12/06 13:17:53 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2011/12/06 13:17:53 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2011/12/06 13:17:53 | 000,012,288 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_36.dll
MOD - [2011/10/14 15:13:25 | 000,212,992 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 15:13:16 | 011,800,576 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/14 15:13:10 | 000,771,584 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/14 15:12:42 | 000,311,296 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2011/10/13 21:55:37 | 005,450,752 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 21:55:33 | 000,971,264 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 21:55:31 | 007,950,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 21:55:20 | 011,490,816 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/03 06:06:05 | 000,108,320 | -H-- | M] () -- C:\Program Files\Java\jre6\bin\jp2iexp.dll
MOD - [2011/10/03 06:05:36 | 000,008,192 | -H-- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/26 03:49:41 | 000,086,180 | -H-- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLEAcfg.dll
MOD - [2009/11/04 08:14:19 | 000,157,696 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dleadrpp.dll
MOD - [2009/10/26 10:01:40 | 000,081,920 | RH-- | M] () -- C:\WINDOWS\system32\mvusbews.dll
MOD - [2009/10/23 12:18:38 | 000,151,552 | -H-- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2009/10/23 12:18:14 | 000,069,632 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2008/07/01 11:34:48 | 002,326,528 | -H-- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
MOD - [2008/06/13 16:17:30 | 000,049,152 | -H-- | M] () -- C:\Program Files\NETGEAR\WG111v3\WlanDll.dll
MOD - [2008/02/13 06:49:17 | 000,115,200 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dldtdrpp.dll
MOD - [2008/01/21 21:05:12 | 000,077,906 | -H-- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLDTcfg.dll
MOD - [2007/09/14 11:27:14 | 000,024,576 | -H-- | M] () -- C:\Program Files\NETGEAR\WG111v3\CheckSessions.dll
MOD - [2006/12/15 12:30:38 | 000,966,765 | -H-- | M] () -- C:\Program Files\NETGEAR\WG111v3\acAuth.dll
MOD - [2005/06/21 15:22:06 | 000,483,328 | -H-- | M] () -- C:\WINDOWS\system32\dlcclmpm.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) Google Update Service (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate) Google Update Service (gupdate)
SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2010/01/07 16:09:23 | 000,598,696 | -H-- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dleacoms.exe -- (dlea_device)
SRV - [2010/01/07 16:09:17 | 000,098,984 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV - [2009/11/09 21:57:54 | 000,099,896 | RH-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/10/23 21:24:38 | 000,651,720 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/24 11:57:04 | 000,136,704 | -H-- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/02/11 16:38:40 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/02/25 11:38:16 | 000,099,568 | -H-- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 11:38:12 | 000,595,184 | -H-- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dldtcoms.exe -- (dldt_device)
SRV - [2005/06/21 15:19:38 | 000,491,520 | -H-- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.afd)
DRV - [2011/12/06 13:17:58 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/12/06 13:17:58 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmnciesc.sys -- (tmnciesc)
DRV - [2011/12/06 13:17:58 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/12/06 13:17:58 | 000,084,752 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmeext.sys -- (tmeext)
DRV - [2011/12/06 13:17:58 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/12/06 13:17:58 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/03/09 21:29:18 | 000,006,656 | -H-- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2009/10/26 10:01:40 | 000,017,408 | RH-- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009/06/05 10:16:32 | 000,142,336 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/16 13:35:06 | 000,017,536 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2009/02/16 09:59:06 | 000,028,800 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2008/08/18 17:21:20 | 000,110,080 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/18 17:20:06 | 004,752,896 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/09 09:11:34 | 000,022,016 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2008/07/01 17:13:26 | 000,985,472 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/07/01 17:13:26 | 000,731,264 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/07/01 17:13:24 | 000,267,520 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/12/28 16:02:12 | 000,287,232 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 30 1B BB 51 25 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/27 05:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/27 05:59:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/18 22:53:07 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/03 07:48:10 | 000,000,000 | -H-D | M]

[2011/10/03 06:06:04 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files\Common Files\doubleTwist\NPPodcast.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Assassin's Creed III = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\geadmffjboclimmeiaimcafapjaefnfn\1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/30 10:08:54 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll File not found
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dplaysvr] C:\Documents and Settings\Administrator\Application Data\dplaysvr.exe ()
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [dplaysvr] C:\Documents and Settings\Administrator\Application Data\dplaysvr.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Seagate Product Registration.lnk = C:\Documents and Settings\Administrator\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://support.inter...c/kaxRemote.dll (kasRmtHlp Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = branstad.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77DBFAB0-3B0E-44A8-99C6-7C00D88665B1}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A020E4ED-657F-41AB-AF8F-B633A34DFC49}: DhcpNameServer = 192.168.1.10
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2b9c8367-2299-11e1-8557-00223ff55ea0}\Shell - "" = AutoRun
O33 - MountPoints2\{2b9c8367-2299-11e1-8557-00223ff55ea0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b9c8367-2299-11e1-8557-00223ff55ea0}\Shell\AutoRun\command - "" = K:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 15:45:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/04/30 13:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Data Recovery
[2012/04/28 13:57:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2012/04/28 12:47:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/04/28 10:17:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2012/04/27 13:48:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 15:35:00 | 000,000,884 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 15:06:00 | 000,000,830 | -H-- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/30 15:00:01 | 000,000,994 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2600797828-1153330612-1501312127-500UA.job
[2012/04/30 14:01:51 | 000,233,623 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/04/30 14:00:58 | 000,193,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/04/30 14:00:04 | 000,000,942 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2600797828-1153330612-1501312127-500Core.job
[2012/04/30 13:47:36 | 000,000,036 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2012/04/30 13:16:27 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/04/30 13:16:23 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GNjGwt76UAgbLL
[2012/04/30 13:16:20 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GNjGwt76UAgbLL.exe
[2012/04/30 12:58:51 | 000,299,008 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\UCTLmONMNDgUV.exe
[2012/04/30 11:59:28 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 11:59:26 | 000,000,880 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 11:59:26 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\WinMaximizer-Lucas-Startup.job
[2012/04/30 11:54:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 11:54:25 | 2110,767,104 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 10:08:54 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/29 18:09:01 | 000,056,416 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\dplaysvr.exe
[2012/04/29 18:08:57 | 000,046,176 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\dplayx.dll
[2012/04/28 15:40:34 | 000,004,566 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/28 13:58:02 | 000,002,346 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/04/28 13:53:41 | 000,001,537 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\remove.reg
[2012/04/28 12:54:35 | 000,000,684 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/04/27 13:48:43 | 000,001,206 | -H-- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Seagate Product Registration.lnk
[2012/04/25 20:09:12 | 000,108,048 | -H-- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012/04/24 20:28:14 | 000,022,032 | -H-- | M] () -- C:\WINDOWS\DCEBoot.exe
[2012/04/21 17:01:16 | 000,002,515 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2012/04/18 22:56:52 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\eacbafdeeeebdct.exe
[2012/04/15 14:06:17 | 000,418,464 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/15 14:06:17 | 000,070,304 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/15 14:06:15 | 004,139,680 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/30 14:01:51 | 000,233,623 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012/04/30 14:00:58 | 000,193,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012/04/30 13:16:27 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/04/30 13:16:21 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\GNjGwt76UAgbLL
[2012/04/30 13:16:20 | 000,220,672 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\GNjGwt76UAgbLL.exe
[2012/04/30 13:08:31 | 000,299,008 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\UCTLmONMNDgUV.exe
[2012/04/29 20:41:03 | 000,056,416 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\dplaysvr.exe
[2012/04/29 20:41:03 | 000,046,176 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\dplayx.dll
[2012/04/28 15:41:31 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/04/28 13:58:02 | 000,002,346 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/04/28 13:55:33 | 000,000,994 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2600797828-1153330612-1501312127-500UA.job
[2012/04/28 13:55:33 | 000,000,942 | -H-- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2600797828-1153330612-1501312127-500Core.job
[2012/04/28 13:49:10 | 000,001,537 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\remove.reg
[2012/04/28 12:58:30 | 000,004,566 | -H-- | C] () -- C:\WINDOWS\imsins.BAK
[2012/04/27 13:48:43 | 000,001,206 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Seagate Product Registration.lnk
[2012/04/25 20:09:12 | 000,108,048 | -H-- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/04/24 20:28:14 | 000,022,032 | -H-- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012/04/18 07:23:24 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\eacbafdeeeebdct.exe
[2011/12/31 02:25:37 | 000,021,840 | -H-- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/12/31 02:25:37 | 000,017,212 | -H-- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/12/31 02:25:37 | 000,012,067 | -H-- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/12/31 02:22:55 | 000,000,218 | -H-- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/12/09 14:22:08 | 001,486,848 | -H-- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011/12/09 14:22:08 | 000,046,592 | RH-- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011/12/09 14:22:07 | 000,151,552 | -H-- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011/12/09 14:21:51 | 000,081,920 | RH-- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2011/12/09 14:05:56 | 000,284,160 | RH-- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2011/12/06 13:19:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat
[2011/12/03 14:23:54 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dleavs.dll
[2011/12/03 14:23:53 | 000,438,272 | -H-- | C] ( ) -- C:\WINDOWS\System32\dleacoin.dll
[2011/12/03 14:23:42 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\dleacuir.dll
[2011/12/03 14:23:42 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\dleagcfg.dll
[2011/12/03 14:23:41 | 000,294,912 | -H-- | C] () -- C:\WINDOWS\System32\dleacui.dll
[2011/12/03 14:23:12 | 000,372,736 | -H-- | C] () -- C:\WINDOWS\System32\DLEAwupd.dll
[2011/12/03 14:23:12 | 000,213,672 | -H-- | C] () -- C:\WINDOWS\System32\DLEAwupd.exe
[2011/12/03 14:21:29 | 000,847,872 | -H-- | C] ( ) -- C:\WINDOWS\System32\dleausb1.dll
[2011/12/03 14:21:29 | 000,364,544 | -H-- | C] ( ) -- C:\WINDOWS\System32\dleainpa.dll
[2011/12/03 14:21:29 | 000,356,352 | -H-- | C] ( ) -- C:\WINDOWS\System32\DLEAhcp.dll
[2011/12/03 14:21:29 | 000,344,064 | -H-- | C] ( ) -- C:\WINDOWS\System32\dleaiesc.dll
[2011/12/03 14:21:29 | 000,331,776 | -H-- | C] () -- C:\WINDOWS\System32\DLEAinst.dll
[2011/12/03 14:21:28 | 001,048,576 | -H-- | C] ( ) -- C:\WINDOWS\System32\dleaserv.dll
[2011/12/03 14:21:28 | 000,643,072 | -H-- | C] ( ) -- C:\WINDOWS\System32\dleapmui.dll
[2011/12/03 14:21:28 | 000,577,536 | -H-- | C] ( ) -- C:\WINDOWS\System32\dlealmpm.dll
[2011/12/03 14:21:27 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\dleajswr.dll
[2011/12/03 14:21:26 | 000,688,128 | -H-- | C] ( ) -- C:\WINDOWS\System32\dleahbn3.dll
[2011/12/03 14:21:26 | 000,324,264 | -H-- | C] ( ) -- C:\WINDOWS\System32\dleaih.exe
[2011/12/03 14:21:26 | 000,323,584 | -H-- | C] () -- C:\WINDOWS\System32\dleains.dll
[2011/12/03 14:21:26 | 000,262,144 | -H-- | C] () -- C:\WINDOWS\System32\dleainsb.dll
[2011/12/03 14:21:26 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\dleagrd.dll
[2011/12/03 14:21:26 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\dleainsr.dll
[2011/12/03 14:21:25 | 000,802,816 | -H-- | C] ( ) -- C:\WINDOWS\System32\dleacomc.dll
[2011/12/03 14:21:25 | 000,598,696 | -H-- | C] ( ) -- C:\WINDOWS\System32\dleacoms.exe
[2011/12/03 14:21:25 | 000,372,736 | -H-- | C] ( ) -- C:\WINDOWS\System32\dleacomm.dll
[2011/12/03 14:21:25 | 000,253,952 | -H-- | C] () -- C:\WINDOWS\System32\dleacu.dll
[2011/12/03 14:21:25 | 000,090,112 | -H-- | C] () -- C:\WINDOWS\System32\dleacub.dll
[2011/12/03 14:21:25 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\dleacur.dll
[2011/12/03 14:21:24 | 000,373,416 | -H-- | C] ( ) -- C:\WINDOWS\System32\dleacfg.exe
[2011/12/03 14:21:24 | 000,086,180 | -H-- | C] () -- C:\WINDOWS\System32\DLEAcfg.dll
[2011/12/03 14:21:01 | 000,299,008 | -H-- | C] () -- C:\WINDOWS\System32\DLEAsm.dll
[2011/12/03 14:21:01 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\DLEAsmr.dll
[2011/11/22 16:56:32 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011/11/21 23:03:26 | 000,694,656 | -H-- | C] () -- C:\WINDOWS\System32\msavcore.exe.dmp
[2011/11/21 21:36:06 | 000,012,665 | -H-- | C] () -- C:\WINDOWS\System32\events.dat
[2011/11/21 17:42:28 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~Xda9yVK9hvlmtY
[2011/11/21 17:42:28 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~Xda9yVK9hvlmtYr
[2011/11/21 17:42:19 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Xda9yVK9hvlmtY
[2011/10/19 22:25:37 | 000,356,239 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2600797828-1153330612-1501312127-500-0.dat
[2011/10/19 22:25:36 | 000,184,674 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/05 21:34:00 | 000,186,760 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/21 18:21:52 | 000,354,816 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/04/09 18:55:28 | 000,179,261 | -H-- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/04/04 14:50:03 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/28 17:18:29 | 000,032,932 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/22 11:12:17 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dldtvs.dll
[2011/01/22 11:12:16 | 000,360,448 | -H-- | C] () -- C:\WINDOWS\System32\dldtcoin.dll
[2011/01/22 11:12:05 | 000,782,336 | -H-- | C] () -- C:\WINDOWS\System32\dldtdrs.dll
[2011/01/22 11:12:05 | 000,081,920 | -H-- | C] () -- C:\WINDOWS\System32\dldtcaps.dll
[2011/01/22 11:12:05 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\dldtcnv4.dll
[2011/01/22 11:11:22 | 000,102,400 | -H-- | C] () -- C:\WINDOWS\System32\dldtwupd.dll
[2011/01/22 11:11:22 | 000,017,648 | -H-- | C] () -- C:\WINDOWS\System32\dldtwupd.exe
[2011/01/22 11:11:10 | 000,348,160 | -H-- | C] () -- C:\WINDOWS\System32\DLDTinst.dll
[2011/01/22 11:11:09 | 001,105,920 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldtserv.dll
[2011/01/22 11:11:09 | 000,843,776 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldtusb1.dll
[2011/01/22 11:11:09 | 000,647,168 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldtpmui.dll
[2011/01/22 11:11:09 | 000,569,344 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldtlmpm.dll
[2011/01/22 11:11:09 | 000,520,192 | -H-- | C] () -- C:\WINDOWS\System32\dldtutil.dll
[2011/01/22 11:11:09 | 000,438,272 | -H-- | C] ( ) -- C:\WINDOWS\System32\DLDThcp.dll
[2011/01/22 11:11:09 | 000,364,544 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldtinpa.dll
[2011/01/22 11:11:09 | 000,339,968 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldtiesc.dll
[2011/01/22 11:11:09 | 000,143,360 | -H-- | C] () -- C:\WINDOWS\System32\dldtjswr.dll
[2011/01/22 11:11:09 | 000,053,248 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldtprox.dll
[2011/01/22 11:11:08 | 000,663,552 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldthbn3.dll
[2011/01/22 11:11:08 | 000,595,184 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldtcoms.exe
[2011/01/22 11:11:08 | 000,376,832 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldtcomm.dll
[2011/01/22 11:11:08 | 000,320,752 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldtih.exe
[2011/01/22 11:11:08 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\dldtgrd.dll
[2011/01/22 11:11:08 | 000,180,224 | -H-- | C] () -- C:\WINDOWS\System32\dldtinsb.dll
[2011/01/22 11:11:08 | 000,176,128 | -H-- | C] () -- C:\WINDOWS\System32\dldtins.dll
[2011/01/22 11:11:08 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\dldtinsr.dll
[2011/01/22 11:11:08 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\dldtcub.dll
[2011/01/22 11:11:08 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\dldtcu.dll
[2011/01/22 11:11:08 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\dldtcur.dll
[2011/01/22 11:11:07 | 000,851,968 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldtcomc.dll
[2011/01/22 11:11:07 | 000,365,808 | -H-- | C] ( ) -- C:\WINDOWS\System32\dldtcfg.exe
[2011/01/22 11:11:07 | 000,077,906 | -H-- | C] () -- C:\WINDOWS\System32\DLDTcfg.dll
[2011/01/22 10:36:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/05 12:25:03 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\ODBC.INI

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB7189$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O4 - HKLM..\Run: [dplaysvr] C:\Documents and Settings\Administrator\Application Data\dplaysvr.exe ()
O4 - HKCU..\Run: [dplaysvr] C:\Documents and Settings\Administrator\Application Data\dplaysvr.exe ()
O33 - MountPoints2\{2b9c8367-2299-11e1-8557-00223ff55ea0}\Shell - "" = AutoRun
O33 - MountPoints2\{2b9c8367-2299-11e1-8557-00223ff55ea0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b9c8367-2299-11e1-8557-00223ff55ea0}\Shell\AutoRun\command - "" = K:\SISetup.exe
[2012/04/30 13:16:23 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GNjGwt76UAgbLL
[2012/04/30 13:16:20 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GNjGwt76UAgbLL.exe
[2012/04/30 12:58:51 | 000,299,008 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\UCTLmONMNDgUV.exe
[2012/04/29 18:09:01 | 000,056,416 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\dplaysvr.exe
[2012/04/29 18:08:57 | 000,046,176 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\dplayx.dll
[2012/04/18 22:56:52 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\eacbafdeeeebdct.exe
[2012/04/30 13:16:27 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\Administrator\Local Settings\Application Data\*.exe

:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Download, Save and Run unhide.exe

http://download.blee...nler/unhide.exe

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
NFRCR

NFRCR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for the help. Here's the OTL log. I have malwarebytes downloaded and scanning.

========== PROCESSES ==========
All processes killed
========== OTL ==========
94.63.147.16 www.google.com removed from HOSTS file successfully
94.63.147.17 www.bing.com removed from HOSTS file successfully
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully.
C:\Documents and Settings\Administrator\Application Data\dplaysvr.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully.
File C:\Documents and Settings\Administrator\Application Data\dplaysvr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b9c8367-2299-11e1-8557-00223ff55ea0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b9c8367-2299-11e1-8557-00223ff55ea0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b9c8367-2299-11e1-8557-00223ff55ea0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b9c8367-2299-11e1-8557-00223ff55ea0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b9c8367-2299-11e1-8557-00223ff55ea0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b9c8367-2299-11e1-8557-00223ff55ea0}\ not found.
File K:\SISetup.exe not found.
C:\Documents and Settings\All Users\Application Data\GNjGwt76UAgbLL moved successfully.
C:\Documents and Settings\All Users\Application Data\GNjGwt76UAgbLL.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\UCTLmONMNDgUV.exe moved successfully.
File C:\Documents and Settings\Administrator\Application Data\dplaysvr.exe not found.
C:\Documents and Settings\Administrator\Application Data\dplayx.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\eacbafdeeeebdct.exe moved successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Software Manager.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Windows Catalog.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Windows Update.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Acrobat Distiller 9.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Acrobat.com.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Acrobat 9 Standard.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\MSN.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\PowerDVD DX.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Safari.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live ID.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Search.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\ABBYY FineReader 6.0 Sprint.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\ABBYY FineReader 6.0 Sprint\User's Guide.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax\desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup and Recovery Manager - Dell.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Security Center.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Bonjour Print Services\About Bonjour Print Services.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Bonjour Print Services\Bonjour Printer Wizard.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\CCleaner\CCleaner Homepage.url
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\CCleaner\CCleaner.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\CCleaner\Uninstall CCleaner.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell\Dell Backup and Recovery Manager.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\Dell Printer Home.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\Dell Photo AIO Printer 924\Dell All-In-One Center.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\Dell Photo AIO Printer 924\Dell Order Ink Cartridges.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\Dell Photo AIO Printer 924\Uninstall Dell Photo AIO Printer 924.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\Dell Photo AIO Printer 924\View Dell User's Guide.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\Dell V305\Dell Imaging Toolbox.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\Dell V305\Dell Ink Management System.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\Dell V305\Dell Service Center.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\Dell V305\Dell User's Guide.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\Dell V305\Dell Wireless Setup Utility.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\Dell V305\Uninstall Dell V305.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\V310 Series\Uninstall Dell V310 Series.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\V310 Series\View User's Guide.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Dell Printers\V310 Series\Visit Product Home Page.LNK
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\doubleTwist\doubleTwist.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\doubleTwist\Uninstall.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\doubleTwist\Website.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\EuroTalk Talk Now!\Talk Now! - Full Screen.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\EuroTalk Talk Now!\Talk Now!.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Firefly Studios\Stronghold\Stronghold.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Firefly Studios\Stronghold\View the Stronghold Manual (PDF).lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Firefly Studios\Stronghold\View the Stronghold Readme.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Firefly Studios\Stronghold Legends\Stronghold Legends Graphics Configuration.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Firefly Studios\Stronghold Legends\Stronghold Legends.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Firefly Studios\Stronghold Legends\View the Stronghold Legends Manual (PDF).lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Firefly Studios\Stronghold Legends\View the Stronghold Legends Readme.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\HP\Shop for HP Supplies.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\HP\HP LaserJet Professional P1100 Series\HP LaserJet Guide.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\HP\HP LaserJet Professional P1100 Series\Install Notes.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\HP\HP LaserJet Professional P1100 Series\Uninstall.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\HP\HP LaserJet Professional P1100 Series\Wireless Configuration.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Intelr Matrix Storage Manager\Intelr Matrix Storage Console.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires Gold\Age of Empires Expansion.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires Gold\Age of Empires Readme.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires Gold\Age of Empires.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires Gold\Rise of Rome Readme.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires Gold\Uninstall Age of Empires Gold.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires II\Age of Empires II Readme.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires II\Age of Empires II.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires II\Uninstall Age of Empires II.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires II - The Conquerors Expansion\Age of Empires II - The Conquerors Expansion Readme.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires II - The Conquerors Expansion\The Conquerors.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games\Age of Empires II - The Conquerors Expansion\Uninstall Age of Empires II - The Conquerors Expansion.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Games for Windows Marketplace\Games for Windows Marketplace.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Studios\Age of Empires Online\Age of Empires Online.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Miro\Miro.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Miro\Uninstall Miro.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Modem Diagnostic Tool\Modem Diagnostic Tool.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\NETGEAR WG111v3 Smart Wizard\NETGEAR WG111v3 Smart Wizard.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\NETGEAR WG111v3 Smart Wizard\Uninstall NETGEAR WG111v3 Software.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\NetWaiting\NetWaiting.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\Desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Base.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Calc.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Draw.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Impress.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Math.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Writer.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Realtek\Diagnostic Utility\Realtek Ethernet Diagnostic Utility.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\Advanced\Enter VNC Server License Key.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\Advanced\VNC Server (User Mode).lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Home.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Audio.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Copy.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Data.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Roxio Creator DE\Projects\Tools.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\Digital Line Detect.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Call.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Mail.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Messenger .lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Photo Gallery.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Windows PowerShell 1.0\Getting Started.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Windows PowerShell 1.0\Quick Reference.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Windows PowerShell 1.0\Release Notes.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\1\Programs\Windows PowerShell 1.0\User Guide.lnk
153 File(s) copied
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\2\Apple Safari.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\2\doubleTwist.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\2\Google Chrome.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
6 File(s) copied
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\Administrator\Local Settings\Application Data\*.exe not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: administrator.BRANSTAD

User: afreed

User: All Users

User: bhall
->Java cache emptied: 81697313 bytes

User: Bonnie

User: Default User

User: isolver

User: isolver.BRANSTAD

User: isolver.BRANSTAD.000

User: LocalService

User: NetworkService

User: TEMP

User: TEMP.BRANSTAD

Total Java Files Cleaned = 78.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 38399 bytes

User: administrator.BRANSTAD
->Flash cache emptied: 321 bytes

User: afreed
->Flash cache emptied: 456 bytes

User: All Users

User: bhall
->Flash cache emptied: 43302 bytes

User: Bonnie
->Flash cache emptied: 405 bytes

User: Default User
->Flash cache emptied: 321 bytes

User: isolver
->Flash cache emptied: 321 bytes

User: isolver.BRANSTAD
->Flash cache emptied: 321 bytes

User: isolver.BRANSTAD.000
->Flash cache emptied: 321 bytes

User: LocalService

User: NetworkService

User: TEMP

User: TEMP.BRANSTAD

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.42.2 log created on 04302012_175953

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
NFRCR

NFRCR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I tried to run malwarebytes four times. Every time It stopped around 2 minutes into the scan usually while scanning a "recycle" file. Do I need to disable my trend micro security or something?
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
Just skip MBAM for now. Run the other scans.
  • 0

#6
NFRCR

NFRCR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It took 2 hours to run Combo fix last night. Combo Fix gave me several messages about "Rootkit." I left my computer when Combo fix was on the create log screen. And after 12 hours it was still on that screen. So I shut down and then turned my computer back on. I looked through the Combo Fix file on my C drive and this is the log I found:

ComboFix 12-04-31.03 - Lucas 05/01/2012 1:15:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1391 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
* Resident AV is active



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\SET1DA.tmp
C:\WINDOWS\system32\SET1E4.tmp
C:\WINDOWS\system32\SET1E5.tmp
C:\WINDOWS\system32\SET1E8.tmp
C:\WINDOWS\system32\SET1EF.tmp
C:\WINDOWS\system32\SET26E.tmp
C:\WINDOWS\system32\SET97.tmp
C:\WINDOWS\system32\SET9B.tmp
C:\WINDOWS\system32\SETA3.tmp
C:\WINDOWS\$NtUninstallKB7189$\294607674 . . . . Failed to delete

C:\WINDOWS\system32\drivers\i8042prt.sys . . . is missing!!


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_.afd


((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))


2012-05-01 00:10:36 . 2012-05-01 00:10:36 32072 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2012-04-30 23:12:48 . 2012-05-01 00:15:18 40776 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2012-04-30 23:12:48 . 2012-04-30 23:12:48 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2012-04-30 23:12:26 . 2012-04-30 23:12:26 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-04-30 23:12:25 . 2012-04-30 23:12:34 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-30 23:12:25 . 2012-04-04 20:56:40 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-04-30 22:59:53 . 2012-04-30 22:59:53 -------- d-----w- C:\_OTL
2012-04-28 15:17:39 . 2012-04-28 18:16:27 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
2012-04-28 14:35:31 . 2012-04-28 14:35:31 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2012-04-27 18:48:27 . 2012-04-27 18:48:27 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Leadertech
2012-04-26 01:09:12 . 2012-04-26 01:09:12 108048 ----a-w- C:\WINDOWS\RegBootClean.exe
2012-04-25 01:28:14 . 2012-04-25 01:28:14 22032 ----a-w- C:\WINDOWS\DCEBoot.exe
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-15 19:06:17 . 2012-03-29 23:15:27 418464 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-04-15 19:06:17 . 2011-05-30 13:16:54 70304 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-04-15 19:06:15 . 2012-03-30 00:06:34 4139680 ----a-w- C:\WINDOWS\system32\FlashPlayerInstaller.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 18:38:10 69632]
"Trend Micro Client Framework"="C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 13:44:06 133424]
"Trend Micro Titanium"="C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 13:44:18 1304792]
"HPUsageTrackingLEDM"="C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 23:21:58 30264]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-11-29 23:38:18 421888]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 20:56:38 462408]

C:\Documents and Settings\bhall\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Seagate Product Registration.lnk - C:\Documents and Settings\Administrator\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe [2012-4-27 1731736]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2009-10-23 50688]
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 02:41:34 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-23 00:11:26 640440 ----a-w- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-09-07 20:53:57 40376 ----a-w- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37:53 843712 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58:10 37296 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-08-18 22:19:46 57344 ----a-w- C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 17:48:18 58656 ----a-w- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 13:22:28 59240 ----a-w- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00:00 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
2005-07-22 19:03:00 425984 ----a-w- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtamon]
2008-06-24 06:27:16 16624 ----a-w- C:\Program Files\Dell V305\dldtamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldtmon.exe]
2008-06-24 06:26:16 668912 ----a-w- C:\Program Files\Dell V305\dldtmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dleamon.exe]
2010-01-18 17:13:28 770728 ----a-w- C:\Program Files\Dell V310-V510 Series\dleamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-01-18 17:13:32 139944 ----a-w- C:\Program Files\Dell V310-V510 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-18 22:20:38 178712 ----a-w- C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-02-11 21:38:38 186904 ----a-w- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-18 22:20:54 150040 ----a-w- C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-10 00:06:40 421736 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 01:26:38 128232 ------w- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-18 22:20:42 150040 ----a-w- C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-08-18 22:20:06 16806912 ----a-w- C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06:06 254696 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\WINDOWS\\system32\\dldtcoms.exe"=
"C:\\Program Files\\Dell V305\\dldtmon.exe"=
"C:\\WINDOWS\\system32\\dldtcfg.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"C:\\Program Files\\Firefly Studios\\Stronghold\\Stronghold.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"C:\\Program Files\\Dell V305\\dldtlscn.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires Online\\Spartan.exe"=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dleacoms.exe"=
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port
"427:TCP"= 427:TCP:Advanced TCP/IP SLP Port
"161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port
"427:UDP"= 427:UDP:SLP

R1 tmeext;tmeext;C:\WINDOWS\system32\drivers\tmeext.sys [12/6/2011 1:20:04 PM 84752]
R1 tmevtmgr;tmevtmgr;C:\WINDOWS\system32\drivers\tmevtmgr.sys [12/6/2011 1:20:01 PM 68368]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [12/6/2011 1:19:17 PM 200632]
R2 dldt_device;dldt_device;C:\WINDOWS\system32\dldtcoms.exe -service --> C:\WINDOWS\system32\dldtcoms.exe -service [?]
R2 dlea_device;dlea_device;C:\WINDOWS\system32\dleacoms.exe -service --> C:\WINDOWS\system32\dleacoms.exe -service [?]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\drivers\EAPPkt.sys [10/9/2007 2:13:00 PM 38144]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [6/24/2009 11:57:04 AM 136704]
R2 HPSIService;HP SI Service;C:\WINDOWS\system32\HPSIsvc.exe [12/9/2011 2:08:30 PM 99896]
R2 iPodDrv;iPodDrv;C:\WINDOWS\system32\drivers\iPodDrv.sys [3/9/2011 9:29:18 PM 6656]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [4/30/2012 6:12:26 PM 654408]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;C:\WINDOWS\system32\drivers\RtNdPt5x.sys [10/23/2009 9:17:45 PM 22016]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\WINDOWS\system32\drivers\IntcHdmi.sys [10/24/2009 12:57:09 AM 110080]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [4/30/2012 6:12:25 PM 22344]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\drivers\wg111v3.sys [12/28/2007 4:02:12 PM 287232]
R3 tmnciesc;tmnciesc;C:\WINDOWS\system32\drivers\tmnciesc.sys [12/6/2011 1:20:04 PM 171280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16:28 PM 130384]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtserv.exe [1/22/2011 11:12:16 AM 99568]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\WINDOWS\system32\spool\drivers\w32x86\3\dleaserv.exe [12/3/2011 2:23:51 PM 98984]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe /svc --> C:\Program Files\Google\Update\GoogleUpdate.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc --> C:\Program Files\Google\Update\GoogleUpdate.exe [?]
S3 mbamchameleon;mbamchameleon;C:\WINDOWS\system32\drivers\mbamchameleon.sys [4/30/2012 7:10:36 PM 32072]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [4/30/2012 6:12:48 PM 40776]
S3 mvusbews;USB EWS Device;C:\WINDOWS\system32\drivers\mvusbews.sys [12/9/2011 2:21:51 PM 17408]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;C:\WINDOWS\system32\drivers\RTLTEAMING.SYS [10/23/2009 9:17:45 PM 28800]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;C:\WINDOWS\system32\drivers\RTLVLAN.SYS [10/23/2009 9:17:45 PM 17536]
S3 WinRM;Windows Remote Management (WS-Management);C:\WINDOWS\system32\svchost.exe -k WINRM [4/25/2008 11:16:26 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16:28 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

Contents of the 'Scheduled Tasks' folder

2012-05-01 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:15:27 . 2012-04-15 19:06:17]

2012-03-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50:20 . 2011-06-01 22:57:16]

2012-04-30 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2600797828-1153330612-1501312127-500Core.job
- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-28 18:55:33 . 2012-04-28 18:55:31]

2012-05-01 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2600797828-1153330612-1501312127-500UA.job
- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-28 18:55:33 . 2012-04-28 18:55:31]


------- Supplementary Scan -------

uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
AddRemove-Stratego - C:\Program Files\Hasbro Interactive\Stratego\Uninst.isu
  • 0

#7
NFRCR

NFRCR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lucas :: BONNIEHALL [administrator]

Protection: Enabled

5/1/2012 3:06:28 PM
mbam-log-2012-05-01 (15-06-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 338691
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
NFRCR

NFRCR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The same 'data recovery' thing is back. But now OLT goes 'not responding' almost immediately. And that computer is running 10 times slower as well. Is it still recoverable now? And/or is it possible to wipe the computer clean, and just reinstall all the software?
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
If you have a copy of the windows disk or backup disks that you made when you got the PC or if it has a hidden partition with the backup info then yes. You then will need to reinstall several years worth of MS updates and reinstall any software and you will lose all of your data unless you have it backed up somewhere.

Can you get TDSSKiller or aswMBR to run?
  • 0

#10
NFRCR

NFRCR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The computer is a DELL Vostro. I have a several disks for reinstalling stuff on this computer. Two are labeled operating system; one is dated 2008 and the other is dated 2009. Four disks are labeled drivers and utilities. One is labeled drivers and documentation (flat panel monitor). And the last one is labeled application. Are these all I need for reinstalling the software? Any important data is on hard copy disks or a usb drive. I don't care about the game files.

I had both TDSSKiller and aswMBR downloaded, but neither would run earlier today.

What's my process for a wipedown? And can this virus come back after a wipedown?
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
You just insert the Operating System disk and boot off it. (Make sure you have the MS key from the sticker on the computer). This is MS's instructions from
http://windows.micro...tall-windows-xp

Insert the Windows XP CD into your computer and restart your computer.

If prompted to start from the CD, press Spacebar. If you miss the prompt (it only appears for a few seconds), restart your computer to try again. (I think on a Dell you have to change the boot order so it will look at the CD before the Hard drive.)

Windows XP Setup begins. During this portion of setup, your mouse will not work, so you must use the keyboard. On the Welcome to Setup page, press Enter.

On the Windows XP Licensing Agreement page, read the licensing agreement. Press the Page Down key to scroll to the bottom of the agreement. Then press F8.

This page enables you to select the hard disk drive on which Windows XP will be installed. Once you complete this step, all data on your hard disk drive will be removed and cannot be recovered. It is extremely important that you have a recent backup copy of your files before continuing. When you have a backup copy, press D, and then press L when prompted. This deletes your existing data.

Press Enter to select Unpartitioned space, which appears by default.

Press Enter again to select Format the partition using the NTFS file system, which appears by default.

Windows XP erases your hard disk drive using a process called formatting and then copies the setup files. You can leave your computer and return in 20 to 30 minutes.

There should be some info on the Dell site for your exact model which will tell you more but usually once you have XP installed you start installing your drivers starting with the chipset utility. As soon as you get it on line you want to go directly to windows update and get all of the security updates it offers. You probably won't have an anti-virus so get the free MSSE when they offer it to you or download it from: http://windows.micro...ity-essentials. Once you are up to date at MS then go to Dell and see what drivers they have for your PC. Generally the ones on your disk will be really old and buggy so you want the latest.

Do not plug in any USB drives unless you know they are clean.
  • 0

#12
NFRCR

NFRCR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
(How do I change the boot order?) Never-mind I finally found it on dell's website.

Edited by NFRCR, 01 May 2012 - 06:35 PM.

  • 0

#13
NFRCR

NFRCR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I reinstalled Microsoft Windows XP on my infected computer. Then I Installed the Microsoft security Essentials. It scans my computer and finds "Trojan:DOS/Alureon.E" and has me restart 30 seconds after I turn the computer on. I did this several times, then I shut it off. Should I run OTL on that computer again?
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,786 posts
  • MVP
See if you can run aswMBR and TDSSKiller now.
  • 0

#15
NFRCR

NFRCR

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
10:52:39.0515 0628 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:52:40.0015 0628 ============================================================
10:52:40.0015 0628 Current date / time: 2012/05/02 10:52:40.0015
10:52:40.0015 0628 SystemInfo:
10:52:40.0015 0628
10:52:40.0015 0628 OS Version: 5.1.2600 ServicePack: 3.0
10:52:40.0015 0628 Product type: Workstation
10:52:40.0015 0628 ComputerName: LUCASHALL
10:52:40.0015 0628 UserName: Lucas
10:52:40.0015 0628 Windows directory: C:\WINDOWS
10:52:40.0015 0628 System windows directory: C:\WINDOWS
10:52:40.0015 0628 Processor architecture: Intel x86
10:52:40.0015 0628 Number of processors: 2
10:52:40.0015 0628 Page size: 0x1000
10:52:40.0015 0628 Boot type: Normal boot
10:52:40.0015 0628 ============================================================
10:52:42.0171 0628 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:52:42.0250 0628 ============================================================
10:52:42.0250 0628 \Device\Harddisk0\DR0:
10:52:42.0250 0628 MBR partitions:
10:52:42.0250 0628 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x129E9800
10:52:42.0250 0628 ============================================================
10:52:42.0296 0628 C: <-> \Device\Harddisk0\DR0\Partition0
10:52:42.0296 0628 ============================================================
10:52:42.0296 0628 Initialize success
10:52:42.0296 0628 ============================================================
10:52:54.0875 3732 ============================================================
10:52:54.0875 3732 Scan started
10:52:54.0875 3732 Mode: Manual;
10:52:54.0875 3732 ============================================================
10:52:55.0531 3732 Abiosdsk - ok
10:52:55.0531 3732 abp480n5 - ok
10:52:55.0593 3732 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:52:55.0609 3732 ACPI - ok
10:52:55.0640 3732 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:52:55.0656 3732 ACPIEC - ok
10:52:55.0656 3732 adpu160m - ok
10:52:55.0687 3732 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:52:55.0718 3732 aec - ok
10:52:55.0734 3732 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:52:55.0750 3732 AegisP - ok
10:52:55.0781 3732 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
10:52:55.0781 3732 AFD - ok
10:52:55.0796 3732 Aha154x - ok
10:52:55.0796 3732 aic78u2 - ok
10:52:55.0796 3732 aic78xx - ok
10:52:55.0828 3732 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:52:55.0843 3732 Alerter - ok
10:52:55.0843 3732 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:52:55.0875 3732 ALG - ok
10:52:55.0875 3732 AliIde - ok
10:52:55.0875 3732 amsint - ok
10:52:55.0906 3732 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:52:55.0921 3732 AppMgmt - ok
10:52:55.0921 3732 asc - ok
10:52:55.0937 3732 asc3350p - ok
10:52:55.0937 3732 asc3550 - ok
10:52:55.0953 3732 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:52:55.0968 3732 AsyncMac - ok
10:52:55.0984 3732 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
10:52:56.0015 3732 atapi - ok
10:52:56.0015 3732 Atdisk - ok
10:52:56.0031 3732 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:52:56.0046 3732 Atmarpc - ok
10:52:56.0062 3732 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:52:56.0078 3732 AudioSrv - ok
10:52:56.0109 3732 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:52:56.0109 3732 audstub - ok
10:52:56.0156 3732 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:52:56.0156 3732 Beep - ok
10:52:56.0218 3732 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:52:56.0218 3732 BITS - ok
10:52:56.0265 3732 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:52:56.0281 3732 Browser - ok
10:52:56.0296 3732 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:52:56.0296 3732 cbidf2k - ok
10:52:56.0296 3732 cd20xrnt - ok
10:52:56.0312 3732 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:52:56.0312 3732 Cdaudio - ok
10:52:56.0328 3732 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:52:56.0359 3732 Cdfs - ok
10:52:56.0375 3732 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:52:56.0406 3732 Cdrom - ok
10:52:56.0406 3732 cerc6 - ok
10:52:56.0406 3732 Changer - ok
10:52:56.0421 3732 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:52:56.0453 3732 CiSvc - ok
10:52:56.0453 3732 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:52:56.0468 3732 ClipSrv - ok
10:52:56.0484 3732 CmdIde - ok
10:52:56.0484 3732 COMSysApp - ok
10:52:56.0484 3732 Cpqarray - ok
10:52:56.0515 3732 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:52:56.0531 3732 CryptSvc - ok
10:52:56.0531 3732 dac2w2k - ok
10:52:56.0531 3732 dac960nt - ok
10:52:56.0562 3732 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
10:52:56.0562 3732 DcomLaunch - ok
10:52:56.0578 3732 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:52:56.0578 3732 Dhcp - ok
10:52:56.0593 3732 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:52:56.0609 3732 Disk - ok
10:52:56.0609 3732 dmadmin - ok
10:52:56.0687 3732 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:52:56.0703 3732 dmboot - ok
10:52:56.0734 3732 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:52:56.0750 3732 dmio - ok
10:52:56.0765 3732 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:52:56.0765 3732 dmload - ok
10:52:56.0781 3732 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:52:56.0796 3732 dmserver - ok
10:52:56.0812 3732 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:52:56.0828 3732 DMusic - ok
10:52:56.0843 3732 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
10:52:56.0843 3732 Dnscache - ok
10:52:56.0875 3732 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:52:56.0906 3732 Dot3svc - ok
10:52:56.0906 3732 dpti2o - ok
10:52:56.0906 3732 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:52:56.0921 3732 drmkaud - ok
10:52:56.0921 3732 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:52:56.0953 3732 EapHost - ok
10:52:56.0968 3732 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
10:52:57.0000 3732 EAPPkt - ok
10:52:57.0000 3732 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:52:57.0015 3732 ERSvc - ok
10:52:57.0046 3732 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
10:52:57.0062 3732 Eventlog - ok
10:52:57.0093 3732 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
10:52:57.0093 3732 EventSystem - ok
10:52:57.0109 3732 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:52:57.0125 3732 Fastfat - ok
10:52:57.0140 3732 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:52:57.0171 3732 FastUserSwitchingCompatibility - ok
10:52:57.0171 3732 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:52:57.0187 3732 Fdc - ok
10:52:57.0203 3732 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:52:57.0218 3732 Fips - ok
10:52:57.0218 3732 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:52:57.0234 3732 Flpydisk - ok
10:52:57.0250 3732 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:52:57.0265 3732 FltMgr - ok
10:52:57.0296 3732 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:52:57.0312 3732 Fs_Rec - ok
10:52:57.0328 3732 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:52:57.0343 3732 Ftdisk - ok
10:52:57.0343 3732 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:52:57.0359 3732 Gpc - ok
10:52:57.0390 3732 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:52:57.0406 3732 HDAudBus - ok
10:52:57.0453 3732 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:52:57.0468 3732 helpsvc - ok
10:52:57.0468 3732 HidServ - ok
10:52:57.0484 3732 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:52:57.0484 3732 hidusb - ok
10:52:57.0515 3732 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:52:57.0531 3732 hkmsvc - ok
10:52:57.0546 3732 hpn - ok
10:52:57.0578 3732 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
10:52:57.0593 3732 HSFHWBS2 - ok
10:52:57.0656 3732 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:52:57.0687 3732 HSF_DPV - ok
10:52:57.0718 3732 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
10:52:57.0718 3732 HTTP - ok
10:52:57.0750 3732 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:52:57.0765 3732 HTTPFilter - ok
10:52:57.0765 3732 i2omgmt - ok
10:52:57.0765 3732 i2omp - ok
10:52:57.0796 3732 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
10:52:57.0828 3732 i8042prt - ok
10:52:57.0953 3732 IAANTMON (3e42c4691aad4b1e8d0466f9cbf05cbe) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:52:58.0000 3732 IAANTMON - ok
10:52:58.0312 3732 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:52:58.0421 3732 ialm - ok
10:52:59.0109 3732 iastor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iastor.sys
10:52:59.0109 3732 iastor - ok
10:52:59.0140 3732 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:52:59.0171 3732 Imapi - ok
10:52:59.0203 3732 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:52:59.0203 3732 ImapiService - ok
10:52:59.0203 3732 ini910u - ok
10:52:59.0500 3732 IntcAzAudAddService (5c8f36cdcb489111b24003af4dfe1fdc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:52:59.0531 3732 IntcAzAudAddService - ok
10:53:00.0218 3732 IntcHdmiAddService (c9ef68bee3b1a62f34125a9fbbaac10c) C:\WINDOWS\system32\drivers\IntcHdmi.sys
10:53:00.0250 3732 IntcHdmiAddService - ok
10:53:00.0250 3732 IntelIde - ok
10:53:00.0281 3732 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:53:00.0296 3732 intelppm - ok
10:53:00.0312 3732 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:53:00.0328 3732 Ip6Fw - ok
10:53:00.0343 3732 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:53:00.0359 3732 IpFilterDriver - ok
10:53:00.0375 3732 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:53:00.0375 3732 IpInIp - ok
10:53:00.0390 3732 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:53:00.0406 3732 IpNat - ok
10:53:00.0437 3732 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:53:00.0468 3732 IPSec - ok
10:53:00.0484 3732 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:53:00.0500 3732 IRENUM - ok
10:53:00.0515 3732 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:53:00.0531 3732 isapnp - ok
10:53:00.0562 3732 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:53:00.0578 3732 Kbdclass - ok
10:53:00.0593 3732 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:53:00.0593 3732 kbdhid - ok
10:53:00.0640 3732 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:53:00.0640 3732 kmixer - ok
10:53:00.0671 3732 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
10:53:00.0703 3732 KSecDD - ok
10:53:00.0718 3732 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
10:53:00.0734 3732 LanmanServer - ok
10:53:00.0765 3732 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
10:53:00.0765 3732 lanmanworkstation - ok
10:53:00.0781 3732 lbrtfdc - ok
10:53:00.0781 3732 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:53:00.0796 3732 LmHosts - ok
10:53:00.0828 3732 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:53:00.0828 3732 mdmxsdk - ok
10:53:00.0843 3732 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:53:00.0843 3732 Messenger - ok
10:53:00.0875 3732 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:53:00.0875 3732 mnmdd - ok
10:53:00.0906 3732 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:53:00.0921 3732 mnmsrvc - ok
10:53:00.0937 3732 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:53:00.0953 3732 Modem - ok
10:53:00.0968 3732 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:53:00.0984 3732 Mouclass - ok
10:53:01.0000 3732 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:53:01.0000 3732 mouhid - ok
10:53:01.0015 3732 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:53:01.0031 3732 MountMgr - ok
10:53:01.0062 3732 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:53:01.0078 3732 MpFilter - ok
10:53:01.0156 3732 MpKsl25dcce1f (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD906268-7D95-4097-A011-EF8F35F1B152}\MpKsl25dcce1f.sys
10:53:01.0156 3732 MpKsl25dcce1f - ok
10:53:01.0171 3732 mraid35x - ok
10:53:01.0171 3732 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:53:01.0187 3732 MRxDAV - ok
10:53:01.0203 3732 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:53:01.0203 3732 MRxSmb - ok
10:53:01.0234 3732 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:53:01.0250 3732 MSDTC - ok
10:53:01.0250 3732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:53:01.0296 3732 Msfs - ok
10:53:01.0296 3732 MSIServer - ok
10:53:01.0328 3732 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:53:01.0328 3732 MSKSSRV - ok
10:53:01.0390 3732 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:53:01.0406 3732 MsMpSvc - ok
10:53:01.0406 3732 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:53:01.0421 3732 MSPCLOCK - ok
10:53:01.0421 3732 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:53:01.0437 3732 MSPQM - ok
10:53:01.0453 3732 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:53:01.0468 3732 mssmbios - ok
10:53:01.0468 3732 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:53:01.0468 3732 Mup - ok
10:53:01.0500 3732 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:53:01.0546 3732 napagent - ok
10:53:01.0562 3732 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:53:01.0578 3732 NDIS - ok
10:53:01.0593 3732 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:53:01.0593 3732 NdisTapi - ok
10:53:01.0640 3732 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:53:01.0656 3732 Ndisuio - ok
10:53:01.0656 3732 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:53:01.0687 3732 NdisWan - ok
10:53:01.0687 3732 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:53:01.0687 3732 NDProxy - ok
10:53:01.0718 3732 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:53:01.0734 3732 NetBIOS - ok
10:53:01.0750 3732 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:53:01.0765 3732 NetBT - ok
10:53:01.0796 3732 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:53:01.0828 3732 NetDDE - ok
10:53:01.0843 3732 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:53:01.0843 3732 NetDDEdsdm - ok
10:53:01.0875 3732 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:53:01.0875 3732 Netlogon - ok
10:53:01.0890 3732 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:53:01.0906 3732 Netman - ok
10:53:01.0937 3732 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
10:53:01.0953 3732 Nla - ok
10:53:01.0968 3732 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:53:01.0984 3732 Npfs - ok
10:53:02.0031 3732 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:53:02.0062 3732 Ntfs - ok
10:53:02.0062 3732 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:53:02.0062 3732 NtLmSsp - ok
10:53:02.0093 3732 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:53:02.0109 3732 NtmsSvc - ok
10:53:02.0140 3732 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:53:02.0140 3732 Null - ok
10:53:02.0171 3732 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:53:02.0171 3732 NwlnkFlt - ok
10:53:02.0187 3732 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:53:02.0203 3732 NwlnkFwd - ok
10:53:02.0234 3732 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:53:02.0265 3732 Parport - ok
10:53:02.0281 3732 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:53:02.0296 3732 PartMgr - ok
10:53:02.0296 3732 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:53:02.0312 3732 ParVdm - ok
10:53:02.0343 3732 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:53:02.0359 3732 PCI - ok
10:53:02.0359 3732 PCIDump - ok
10:53:02.0359 3732 PCIIde - ok
10:53:02.0390 3732 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:53:02.0406 3732 Pcmcia - ok
10:53:02.0421 3732 PDCOMP - ok
10:53:02.0421 3732 PDFRAME - ok
10:53:02.0421 3732 PDRELI - ok
10:53:02.0421 3732 PDRFRAME - ok
10:53:02.0421 3732 perc2 - ok
10:53:02.0437 3732 perc2hib - ok
10:53:02.0453 3732 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
10:53:02.0453 3732 PlugPlay - ok
10:53:02.0453 3732 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:53:02.0453 3732 PolicyAgent - ok
10:53:02.0484 3732 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:53:02.0500 3732 PptpMiniport - ok
10:53:02.0500 3732 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:53:02.0500 3732 ProtectedStorage - ok
10:53:02.0515 3732 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:53:02.0531 3732 PSched - ok
10:53:02.0546 3732 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:53:02.0562 3732 Ptilink - ok
10:53:02.0562 3732 ql1080 - ok
10:53:02.0578 3732 Ql10wnt - ok
10:53:02.0578 3732 ql12160 - ok
10:53:02.0578 3732 ql1240 - ok
10:53:02.0578 3732 ql1280 - ok
10:53:02.0578 3732 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:53:02.0593 3732 RasAcd - ok
10:53:02.0609 3732 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:53:02.0625 3732 RasAuto - ok
10:53:02.0640 3732 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:53:02.0656 3732 Rasl2tp - ok
10:53:02.0671 3732 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:53:02.0687 3732 RasMan - ok
10:53:02.0703 3732 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:53:02.0718 3732 RasPppoe - ok
10:53:02.0718 3732 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:53:02.0734 3732 Raspti - ok
10:53:02.0750 3732 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:53:06.0593 3732 Rdbss - ok
10:53:06.0593 3732 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:53:06.0609 3732 RDPCDD - ok
10:53:06.0656 3732 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:53:10.0546 3732 rdpdr - ok
10:53:10.0593 3732 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:53:10.0593 3732 RDPWD - ok
10:53:10.0625 3732 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:53:10.0656 3732 RDSessMgr - ok
10:53:10.0687 3732 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:53:10.0703 3732 redbook - ok
10:53:10.0734 3732 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:53:10.0765 3732 RemoteAccess - ok
10:53:10.0781 3732 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:53:10.0796 3732 RemoteRegistry - ok
10:53:10.0812 3732 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:53:10.0843 3732 RpcLocator - ok
10:53:10.0875 3732 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
10:53:10.0875 3732 RpcSs - ok
10:53:10.0890 3732 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:53:10.0921 3732 RSVP - ok
10:53:10.0953 3732 RTL8187B (60aecd4284317784111716bb88342f46) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
10:53:10.0968 3732 RTL8187B - ok
10:53:10.0984 3732 RTLE8023xp (7174f20ad9b7b7878a51ecca03c499c2) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:53:11.0015 3732 RTLE8023xp - ok
10:53:11.0046 3732 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:53:11.0046 3732 SamSs - ok
10:53:11.0062 3732 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:53:11.0093 3732 SCardSvr - ok
10:53:11.0125 3732 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:53:11.0140 3732 Schedule - ok
10:53:11.0156 3732 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:53:11.0171 3732 Secdrv - ok
10:53:11.0187 3732 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:53:11.0203 3732 seclogon - ok
10:53:11.0203 3732 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:53:11.0203 3732 SENS - ok
10:53:11.0218 3732 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:53:11.0234 3732 serenum - ok
10:53:11.0234 3732 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:53:12.0781 3732 Serial - ok
10:53:12.0781 3732 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:53:12.0796 3732 Sfloppy - ok
10:53:12.0828 3732 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:53:12.0859 3732 SharedAccess - ok
10:53:12.0890 3732 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:53:12.0890 3732 ShellHWDetection - ok
10:53:12.0890 3732 Simbad - ok
10:53:12.0890 3732 Sparrow - ok
10:53:12.0921 3732 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:53:12.0921 3732 splitter - ok
10:53:12.0937 3732 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
10:53:12.0937 3732 Spooler - ok
10:53:12.0968 3732 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:53:13.0000 3732 sr - ok
10:53:13.0015 3732 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:53:13.0031 3732 srservice - ok
10:53:13.0062 3732 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
10:53:13.0062 3732 Srv - ok
10:53:13.0093 3732 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:53:13.0109 3732 SSDPSRV - ok
10:53:13.0156 3732 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:53:13.0187 3732 stisvc - ok
10:53:13.0187 3732 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:53:13.0187 3732 swenum - ok
10:53:13.0218 3732 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:53:13.0234 3732 swmidi - ok
10:53:13.0250 3732 SwPrv - ok
10:53:13.0250 3732 symc810 - ok
10:53:13.0250 3732 symc8xx - ok
10:53:13.0250 3732 sym_hi - ok
10:53:13.0250 3732 sym_u3 - ok
10:53:13.0265 3732 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:53:13.0296 3732 sysaudio - ok
10:53:13.0312 3732 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:53:13.0359 3732 SysmonLog - ok
10:53:13.0375 3732 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:53:13.0406 3732 TapiSrv - ok
10:53:13.0437 3732 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:53:13.0453 3732 Tcpip - ok
10:53:13.0484 3732 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:53:13.0484 3732 TDPIPE - ok
10:53:13.0500 3732 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:53:13.0515 3732 TDTCP - ok
10:53:13.0515 3732 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:53:13.0546 3732 TermDD - ok
10:53:13.0593 3732 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:53:13.0625 3732 TermService - ok
10:53:13.0656 3732 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:53:13.0656 3732 Themes - ok
10:53:13.0671 3732 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:53:13.0703 3732 TlntSvr - ok
10:53:13.0703 3732 TosIde - ok
10:53:13.0734 3732 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:53:13.0750 3732 TrkWks - ok
10:53:13.0765 3732 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:53:13.0781 3732 Udfs - ok
10:53:13.0781 3732 ultra - ok
10:53:13.0828 3732 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:53:13.0843 3732 Update - ok
10:53:13.0859 3732 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:53:13.0890 3732 upnphost - ok
10:53:13.0890 3732 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:53:13.0921 3732 UPS - ok
10:53:13.0953 3732 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:53:13.0968 3732 usbehci - ok
10:53:13.0984 3732 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:53:14.0000 3732 usbhub - ok
10:53:14.0015 3732 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:53:14.0031 3732 usbstor - ok
10:53:14.0046 3732 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:53:14.0062 3732 usbuhci - ok
10:53:14.0078 3732 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:53:14.0093 3732 VgaSave - ok
10:53:14.0093 3732 ViaIde - ok
10:53:14.0125 3732 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:53:14.0140 3732 VolSnap - ok
10:53:14.0171 3732 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:53:14.0203 3732 VSS - ok
10:53:14.0234 3732 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:53:14.0250 3732 W32Time - ok
10:53:14.0265 3732 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:53:14.0281 3732 Wanarp - ok
10:53:14.0281 3732 WDICA - ok
10:53:14.0312 3732 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:53:14.0328 3732 wdmaud - ok
10:53:14.0359 3732 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:53:14.0375 3732 WebClient - ok
10:53:14.0421 3732 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:53:14.0437 3732 winachsf - ok
10:53:14.0531 3732 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:53:14.0562 3732 winmgmt - ok
10:53:14.0593 3732 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
10:53:14.0609 3732 WmdmPmSN - ok
10:53:14.0671 3732 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll
10:53:14.0671 3732 Wmi - ok
10:53:14.0718 3732 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:53:14.0750 3732 WmiApSrv - ok
10:53:14.0781 3732 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:53:14.0796 3732 wscsvc - ok
10:53:14.0812 3732 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:53:14.0828 3732 wuauserv - ok
10:53:14.0859 3732 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:53:14.0890 3732 WZCSVC - ok
10:53:14.0890 3732 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:53:14.0921 3732 xmlprov - ok
10:53:14.0937 3732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:53:15.0171 3732 \Device\Harddisk0\DR0 - ok
10:53:15.0187 3732 Boot (0x1200) (097863978f2ba4dbbfb82d7ae1c0471e) \Device\Harddisk0\DR0\Partition0
10:53:15.0187 3732 \Device\Harddisk0\DR0\Partition0 - ok
10:53:15.0187 3732 ============================================================
10:53:15.0187 3732 Scan finished
10:53:15.0187 3732 ============================================================
10:53:15.0187 3728 Detected object count: 0
10:53:15.0187 3728 Actual detected object count: 0
10:54:05.0484 2340 ============================================================
10:54:05.0484 2340 Scan started
10:54:05.0484 2340 Mode: Manual; SigCheck; TDLFS;
10:54:05.0484 2340 ============================================================
10:54:05.0562 2340 Abiosdsk - ok
10:54:05.0578 2340 abp480n5 - ok
10:54:05.0609 2340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:54:05.0812 2340 ACPI - ok
10:54:05.0843 2340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:54:05.0921 2340 ACPIEC - ok
10:54:05.0921 2340 adpu160m - ok
10:54:05.0953 2340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:54:06.0015 2340 aec - ok
10:54:06.0031 2340 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:54:06.0046 2340 AegisP ( UnsignedFile.Multi.Generic ) - warning
10:54:06.0046 2340 AegisP - detected UnsignedFile.Multi.Generic (1)
10:54:06.0078 2340 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
10:54:06.0156 2340 AFD - ok
10:54:06.0156 2340 Aha154x - ok
10:54:06.0156 2340 aic78u2 - ok
10:54:06.0156 2340 aic78xx - ok
10:54:06.0171 2340 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:54:06.0250 2340 Alerter - ok
10:54:06.0265 2340 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:54:06.0312 2340 ALG - ok
10:54:06.0312 2340 AliIde - ok
10:54:06.0312 2340 amsint - ok
10:54:06.0328 2340 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:54:06.0359 2340 AppMgmt - ok
10:54:06.0359 2340 asc - ok
10:54:06.0359 2340 asc3350p - ok
10:54:06.0375 2340 asc3550 - ok
10:54:06.0375 2340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:54:06.0453 2340 AsyncMac - ok
10:54:06.0484 2340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
10:54:06.0546 2340 atapi - ok
10:54:06.0546 2340 Atdisk - ok
10:54:06.0562 2340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:54:06.0625 2340 Atmarpc - ok
10:54:06.0640 2340 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:54:06.0734 2340 AudioSrv - ok
10:54:06.0750 2340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:54:06.0828 2340 audstub - ok
10:54:06.0859 2340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:54:06.0937 2340 Beep - ok
10:54:06.0984 2340 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:54:07.0062 2340 BITS - ok
10:54:07.0078 2340 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:54:07.0156 2340 Browser - ok
10:54:07.0171 2340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:54:07.0234 2340 cbidf2k - ok
10:54:07.0234 2340 cd20xrnt - ok
10:54:07.0250 2340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:54:07.0328 2340 Cdaudio - ok
10:54:07.0343 2340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:54:07.0421 2340 Cdfs - ok
10:54:07.0437 2340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:54:07.0515 2340 Cdrom - ok
10:54:07.0515 2340 cerc6 - ok
10:54:07.0515 2340 Changer - ok
10:54:07.0531 2340 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:54:07.0609 2340 CiSvc - ok
10:54:07.0625 2340 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:54:07.0703 2340 ClipSrv - ok
10:54:07.0718 2340 CmdIde - ok
10:54:07.0718 2340 COMSysApp - ok
10:54:07.0718 2340 Cpqarray - ok
10:54:07.0734 2340 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:54:07.0796 2340 CryptSvc - ok
10:54:07.0796 2340 dac2w2k - ok
10:54:07.0812 2340 dac960nt - ok
10:54:07.0828 2340 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
10:54:07.0921 2340 DcomLaunch - ok
10:54:07.0937 2340 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:54:08.0000 2340 Dhcp - ok
10:54:08.0000 2340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:54:08.0078 2340 Disk - ok
10:54:08.0078 2340 dmadmin - ok
10:54:08.0140 2340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:54:08.0234 2340 dmboot - ok
10:54:08.0250 2340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:54:08.0328 2340 dmio - ok
10:54:08.0343 2340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:54:08.0421 2340 dmload - ok
10:54:08.0421 2340 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:54:08.0500 2340 dmserver - ok
10:54:08.0515 2340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:54:08.0609 2340 DMusic - ok
10:54:08.0625 2340 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
10:54:08.0703 2340 Dnscache - ok
10:54:08.0734 2340 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:54:08.0796 2340 Dot3svc - ok
10:54:08.0812 2340 dpti2o - ok
10:54:08.0812 2340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:54:08.0890 2340 drmkaud - ok
10:54:08.0890 2340 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:54:08.0968 2340 EapHost - ok
10:54:09.0000 2340 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
10:54:09.0000 2340 EAPPkt ( UnsignedFile.Multi.Generic ) - warning
10:54:09.0000 2340 EAPPkt - detected UnsignedFile.Multi.Generic (1)
10:54:09.0015 2340 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:54:09.0093 2340 ERSvc - ok
10:54:09.0125 2340 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
10:54:09.0187 2340 Eventlog - ok
10:54:09.0203 2340 EventSystem (19a799805b24990867b00c120d300c3a) C:\WINDOWS\system32\es.dll
10:54:09.0281 2340 EventSystem - ok
10:54:09.0296 2340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:54:09.0375 2340 Fastfat - ok
10:54:09.0390 2340 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:54:09.0468 2340 FastUserSwitchingCompatibility - ok
10:54:09.0468 2340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:54:09.0546 2340 Fdc - ok
10:54:09.0562 2340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:54:09.0640 2340 Fips - ok
10:54:09.0656 2340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:54:09.0718 2340 Flpydisk - ok
10:54:09.0750 2340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:54:09.0828 2340 FltMgr - ok
10:54:09.0843 2340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:54:09.0921 2340 Fs_Rec - ok
10:54:09.0937 2340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:54:10.0015 2340 Ftdisk - ok
10:54:10.0015 2340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:54:10.0093 2340 Gpc - ok
10:54:10.0125 2340 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:54:10.0203 2340 HDAudBus - ok
10:54:10.0250 2340 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:54:10.0312 2340 helpsvc - ok
10:54:10.0328 2340 HidServ - ok
10:54:10.0328 2340 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:54:10.0406 2340 hidusb - ok
10:54:10.0437 2340 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:54:10.0515 2340 hkmsvc - ok
10:54:10.0515 2340 hpn - ok
10:54:10.0546 2340 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
10:54:10.0578 2340 HSFHWBS2 - ok
10:54:10.0656 2340 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:54:10.0687 2340 HSF_DPV - ok
10:54:10.0718 2340 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
10:54:10.0796 2340 HTTP - ok
10:54:10.0828 2340 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:54:10.0890 2340 HTTPFilter - ok
10:54:10.0890 2340 i2omgmt - ok
10:54:10.0890 2340 i2omp - ok
10:54:10.0937 2340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
10:54:11.0000 2340 i8042prt - ok
10:54:11.0125 2340 IAANTMON (3e42c4691aad4b1e8d0466f9cbf05cbe) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:54:11.0156 2340 IAANTMON - ok
10:54:11.0468 2340 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:54:11.0609 2340 ialm - ok
10:54:12.0296 2340 iastor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iastor.sys
10:54:12.0312 2340 iastor - ok
10:54:12.0328 2340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:54:12.0406 2340 Imapi - ok
10:54:12.0453 2340 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:54:12.0515 2340 ImapiService - ok
10:54:12.0531 2340 ini910u - ok
10:54:12.0828 2340 IntcAzAudAddService (5c8f36cdcb489111b24003af4dfe1fdc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:54:12.0968 2340 IntcAzAudAddService - ok
10:54:13.0625 2340 IntcHdmiAddService (c9ef68bee3b1a62f34125a9fbbaac10c) C:\WINDOWS\system32\drivers\IntcHdmi.sys
10:54:13.0640 2340 IntcHdmiAddService - ok
10:54:13.0640 2340 IntelIde - ok
10:54:13.0687 2340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:54:13.0750 2340 intelppm - ok
10:54:13.0765 2340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:54:13.0843 2340 Ip6Fw - ok
10:54:13.0859 2340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:54:13.0937 2340 IpFilterDriver - ok
10:54:13.0937 2340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:54:14.0000 2340 IpInIp - ok
10:54:14.0015 2340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:54:14.0078 2340 IpNat - ok
10:54:14.0109 2340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:54:14.0187 2340 IPSec - ok
10:54:14.0218 2340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:54:14.0234 2340 IRENUM - ok
10:54:14.0265 2340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:54:14.0328 2340 isapnp - ok
10:54:14.0359 2340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:54:14.0421 2340 Kbdclass - ok
10:54:14.0421 2340 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:54:14.0500 2340 kbdhid - ok
10:54:14.0515 2340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:54:14.0593 2340 kmixer - ok
10:54:14.0640 2340 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
10:54:14.0718 2340 KSecDD - ok
10:54:14.0734 2340 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
10:54:14.0812 2340 LanmanServer - ok
10:54:14.0812 2340 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
10:54:14.0890 2340 lanmanworkstation - ok
10:54:14.0890 2340 lbrtfdc - ok
10:54:14.0906 2340 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:54:14.0984 2340 LmHosts - ok
10:54:15.0015 2340 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:54:15.0015 2340 mdmxsdk - ok
10:54:15.0015 2340 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:54:15.0093 2340 Messenger - ok
10:54:15.0125 2340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:54:15.0187 2340 mnmdd - ok
10:54:15.0218 2340 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:54:15.0281 2340 mnmsrvc - ok
10:54:15.0296 2340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:54:15.0375 2340 Modem - ok
10:54:15.0390 2340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:54:15.0468 2340 Mouclass - ok
10:54:15.0468 2340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:54:15.0546 2340 mouhid - ok
10:54:15.0546 2340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:54:15.0625 2340 MountMgr - ok
10:54:15.0656 2340 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:54:15.0671 2340 MpFilter - ok
10:54:15.0781 2340 MpKsl25dcce1f (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD906268-7D95-4097-A011-EF8F35F1B152}\MpKsl25dcce1f.sys
10:54:15.0781 2340 MpKsl25dcce1f - ok
10:54:15.0781 2340 mraid35x - ok
10:54:15.0796 2340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:54:15.0875 2340 MRxDAV - ok
10:54:15.0906 2340 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:54:15.0984 2340 MRxSmb - ok
10:54:16.0015 2340 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:54:16.0078 2340 MSDTC - ok
10:54:16.0078 2340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:54:16.0156 2340 Msfs - ok
10:54:16.0156 2340 MSIServer - ok
10:54:16.0187 2340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:54:16.0250 2340 MSKSSRV - ok
10:54:16.0312 2340 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:54:16.0312 2340 MsMpSvc - ok
10:54:16.0328 2340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:54:16.0390 2340 MSPCLOCK - ok
10:54:16.0406 2340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:54:16.0468 2340 MSPQM - ok
10:54:16.0484 2340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:54:16.0546 2340 mssmbios - ok
10:54:16.0562 2340 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:54:16.0625 2340 Mup - ok
10:54:16.0671 2340 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:54:16.0734 2340 napagent - ok
10:54:16.0750 2340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:54:16.0828 2340 NDIS - ok
10:54:16.0843 2340 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:54:16.0906 2340 NdisTapi - ok
10:54:16.0921 2340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:54:16.0984 2340 Ndisuio - ok
10:54:17.0000 2340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:54:17.0062 2340 NdisWan - ok
10:54:17.0078 2340 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:54:17.0140 2340 NDProxy - ok
10:54:17.0156 2340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:54:17.0234 2340 NetBIOS - ok
10:54:17.0250 2340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:54:17.0312 2340 NetBT - ok
10:54:17.0343 2340 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:54:17.0421 2340 NetDDE - ok
10:54:17.0421 2340 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:54:17.0484 2340 NetDDEdsdm - ok
10:54:17.0500 2340 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:54:17.0562 2340 Netlogon - ok
10:54:17.0578 2340 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:54:17.0640 2340 Netman - ok
10:54:17.0671 2340 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
10:54:17.0750 2340 Nla - ok
10:54:17.0765 2340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:54:17.0828 2340 Npfs - ok
10:54:17.0875 2340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:54:17.0953 2340 Ntfs - ok
10:54:17.0953 2340 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:54:18.0015 2340 NtLmSsp - ok
10:54:18.0046 2340 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:54:18.0109 2340 NtmsSvc - ok
10:54:18.0140 2340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:54:18.0203 2340 Null - ok
10:54:18.0234 2340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:54:18.0296 2340 NwlnkFlt - ok
10:54:18.0296 2340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:54:18.0359 2340 NwlnkFwd - ok
10:54:18.0390 2340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:54:18.0453 2340 Parport - ok
10:54:18.0468 2340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:54:18.0531 2340 PartMgr - ok
10:54:18.0546 2340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:54:18.0609 2340 ParVdm - ok
10:54:18.0640 2340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:54:18.0703 2340 PCI - ok
10:54:18.0718 2340 PCIDump - ok
10:54:18.0718 2340 PCIIde - ok
10:54:18.0750 2340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:54:18.0812 2340 Pcmcia - ok
10:54:18.0828 2340 PDCOMP - ok
10:54:18.0828 2340 PDFRAME - ok
10:54:18.0828 2340 PDRELI - ok
10:54:18.0828 2340 PDRFRAME - ok
10:54:18.0843 2340 perc2 - ok
10:54:18.0843 2340 perc2hib - ok
10:54:18.0859 2340 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
10:54:18.0921 2340 PlugPlay - ok
10:54:18.0937 2340 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:54:19.0000 2340 PolicyAgent - ok
10:54:19.0015 2340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:54:19.0093 2340 PptpMiniport - ok
10:54:19.0093 2340 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:54:19.0156 2340 ProtectedStorage - ok
10:54:19.0156 2340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:54:19.0218 2340 PSched - ok
10:54:19.0250 2340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:54:19.0328 2340 Ptilink - ok
10:54:19.0328 2340 ql1080 - ok
10:54:19.0328 2340 Ql10wnt - ok
10:54:19.0328 2340 ql12160 - ok
10:54:19.0328 2340 ql1240 - ok
10:54:19.0343 2340 ql1280 - ok
10:54:19.0343 2340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:54:19.0406 2340 RasAcd - ok
10:54:19.0421 2340 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:54:19.0500 2340 RasAuto - ok
10:54:19.0515 2340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:54:19.0578 2340 Rasl2tp - ok
10:54:19.0593 2340 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:54:19.0656 2340 RasMan - ok
10:54:19.0671 2340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:54:19.0734 2340 RasPppoe - ok
10:54:19.0734 2340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:54:19.0812 2340 Raspti - ok
10:54:19.0828 2340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:54:19.0906 2340 Rdbss - ok
10:54:19.0906 2340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:54:19.0968 2340 RDPCDD - ok
10:54:20.0000 2340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:54:20.0062 2340 rdpdr - ok
10:54:20.0093 2340 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:54:20.0156 2340 RDPWD - ok
10:54:20.0203 2340 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:54:20.0265 2340 RDSessMgr - ok
10:54:20.0265 2340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:54:20.0328 2340 redbook - ok
10:54:20.0359 2340 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:54:20.0421 2340 RemoteAccess - ok
10:54:20.0437 2340 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:54:20.0515 2340 RemoteRegistry - ok
10:54:20.0531 2340 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:54:20.0593 2340 RpcLocator - ok
10:54:20.0625 2340 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
10:54:20.0703 2340 RpcSs - ok
10:54:20.0734 2340 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:54:20.0796 2340 RSVP - ok
10:54:20.0843 2340 RTL8187B (60aecd4284317784111716bb88342f46) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
10:54:20.0843 2340 RTL8187B - ok
10:54:20.0875 2340 RTLE8023xp (7174f20ad9b7b7878a51ecca03c499c2) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:54:20.0890 2340 RTLE8023xp - ok
10:54:20.0921 2340 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:54:20.0984 2340 SamSs - ok
10:54:21.0000 2340 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:54:21.0062 2340 SCardSvr - ok
10:54:21.0093 2340 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:54:21.0156 2340 Schedule - ok
10:54:21.0171 2340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:54:21.0203 2340 Secdrv - ok
10:54:21.0234 2340 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:54:21.0296 2340 seclogon - ok
10:54:21.0296 2340 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:54:21.0375 2340 SENS - ok
10:54:21.0390 2340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:54:21.0453 2340 serenum - ok
10:54:21.0468 2340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:54:21.0531 2340 Serial - ok
10:54:21.0531 2340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:54:21.0593 2340 Sfloppy - ok
10:54:21.0656 2340 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:54:21.0734 2340 SharedAccess - ok
10:54:21.0765 2340 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:54:21.0828 2340 ShellHWDetection - ok
10:54:21.0828 2340 Simbad - ok
10:54:21.0828 2340 Sparrow - ok
10:54:21.0843 2340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:54:21.0906 2340 splitter - ok
10:54:21.0921 2340 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
10:54:21.0984 2340 Spooler - ok
10:54:22.0000 2340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:54:22.0046 2340 sr - ok
10:54:22.0046 2340 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:54:22.0078 2340 srservice - ok
10:54:22.0109 2340 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
10:54:22.0187 2340 Srv - ok
10:54:22.0218 2340 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:54:22.0250 2340 SSDPSRV - ok
10:54:22.0281 2340 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:54:22.0359 2340 stisvc - ok
10:54:22.0359 2340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:54:22.0437 2340 swenum - ok
10:54:22.0468 2340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:54:22.0515 2340 swmidi - ok
10:54:22.0531 2340 SwPrv - ok
10:54:22.0531 2340 symc810 - ok
10:54:22.0531 2340 symc8xx - ok
10:54:22.0531 2340 sym_hi - ok
10:54:22.0546 2340 sym_u3 - ok
10:54:22.0562 2340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:54:22.0625 2340 sysaudio - ok
10:54:22.0656 2340 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:54:22.0718 2340 SysmonLog - ok
10:54:22.0750 2340 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:54:22.0812 2340 TapiSrv - ok
10:54:22.0859 2340 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:54:22.0937 2340 Tcpip - ok
10:54:22.0953 2340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:54:23.0031 2340 TDPIPE - ok
10:54:23.0046 2340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:54:23.0109 2340 TDTCP - ok
10:54:23.0109 2340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:54:23.0171 2340 TermDD - ok
10:54:23.0218 2340 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:54:23.0281 2340 TermService - ok
10:54:23.0312 2340 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:54:23.0375 2340 Themes - ok
10:54:23.0406 2340 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:54:23.0437 2340 TlntSvr - ok
10:54:23.0437 2340 TosIde - ok
10:54:23.0468 2340 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:54:23.0531 2340 TrkWks - ok
10:54:23.0546 2340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:54:23.0609 2340 Udfs - ok
10:54:23.0625 2340 ultra - ok
10:54:23.0671 2340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:54:23.0734 2340 Update - ok
10:54:23.0750 2340 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:54:23.0796 2340 upnphost - ok
10:54:23.0796 2340 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:54:23.0859 2340 UPS - ok
10:54:23.0875 2340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:54:23.0937 2340 usbehci - ok
10:54:23.0968 2340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:54:24.0015 2340 usbhub - ok
10:54:24.0046 2340 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:54:24.0109 2340 usbstor - ok
10:54:24.0125 2340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:54:24.0187 2340 usbuhci - ok
10:54:24.0203 2340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:54:24.0265 2340 VgaSave - ok
10:54:24.0265 2340 ViaIde - ok
10:54:24.0281 2340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:54:24.0343 2340 VolSnap - ok
10:54:24.0390 2340 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:54:24.0421 2340 VSS - ok
10:54:24.0453 2340 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:54:24.0515 2340 W32Time - ok
10:54:24.0531 2340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:54:24.0593 2340 Wanarp - ok
10:54:24.0593 2340 WDICA - ok
10:54:24.0640 2340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:54:24.0703 2340 wdmaud - ok
10:54:24.0734 2340 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:54:24.0796 2340 WebClient - ok
10:54:24.0843 2340 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:54:24.0859 2340 winachsf - ok
10:54:24.0937 2340 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:54:25.0000 2340 winmgmt - ok
10:54:25.0031 2340 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
10:54:25.0093 2340 WmdmPmSN - ok
10:54:25.0156 2340 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll
10:54:25.0218 2340 Wmi - ok
10:54:25.0250 2340 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:54:25.0328 2340 WmiApSrv - ok
10:54:25.0343 2340 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:54:25.0421 2340 wscsvc - ok
10:54:25.0437 2340 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:54:25.0500 2340 wuauserv - ok
10:54:25.0546 2340 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:54:25.0625 2340 WZCSVC - ok
10:54:25.0640 2340 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:54:25.0703 2340 xmlprov - ok
10:54:25.0718 2340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:54:26.0046 2340 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:54:26.0046 2340 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:54:26.0078 2340 Boot (0x1200) (097863978f2ba4dbbfb82d7ae1c0471e) \Device\Harddisk0\DR0\Partition0
10:54:26.0078 2340 \Device\Harddisk0\DR0\Partition0 - ok
10:54:26.0078 2340 ============================================================
10:54:26.0078 2340 Scan finished
10:54:26.0078 2340 ============================================================
10:54:26.0187 2728 Detected object count: 3
10:54:26.0187 2728 Actual detected object count: 3
10:55:26.0453 2728 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
10:55:26.0453 2728 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:55:26.0453 2728 EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user
10:55:26.0453 2728 EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:55:26.0468 2728 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
10:55:26.0484 2728 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
10:55:26.0484 2728 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
10:55:26.0484 2728 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
10:55:26.0500 2728 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
10:55:26.0500 2728 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
10:55:26.0593 2728 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
10:55:26.0609 2728 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
10:55:26.0625 2728 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
10:55:26.0656 2728 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:55:26.0703 2728 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:55:26.0718 2728 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:55:26.0734 2728 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:55:26.0765 2728 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
10:55:26.0765 2728 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
10:55:26.0765 2728 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
10:55:26.0796 2728 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
10:55:28.0140 2728 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
10:55:28.0171 2728 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
10:55:28.0234 2728 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
10:55:28.0234 2728 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
10:55:28.0375 2728 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
10:55:28.0375 2728 \Device\Harddisk0\DR0\TDLFS - deleted
10:55:28.0375 2728 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
10:55:36.0468 3268 Deinitialize success
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP