Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pc unstable after virus removal, registry issuse? [Closed]


  • This topic is locked This topic is locked

#16
Technodave

Technodave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
the first program did not find anything.

pc is now on start up trying to load lots of programs like skype, windows mess and stream and it locks up alot still

Edited by Technodave, 27 May 2012 - 12:14 PM.

  • 0

Advertisements


#17
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Technodave,

We still have a troubled system here. The HelpAsst fix took care of part of the infection but didn't get the MBR. We'll try another tool.

It appears the some of your system files are corrupted also.


Step-1.

Posted Image TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    Posted Image
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-2.

Run Disc checker

NOTE: Before running the disk checker to repair a volume, you must do the following:
  • Be prepared to let the process complete.
    • If you check either or both of the boxes on the Check Disk window...
    • Automatically fix file system errors.
    • Scan for and attempt recovery of bad sectors
    ...on a large volume or on a volume with a very large number of files (in the millions), Chkdsk can take a long time to complete. The volume is not available during this time because Chkdsk does not relinquish control until it is done. If a volume is being checked during the startup process, the computer is not available until the disk checking process is complete.
  • The disk checker does not include parameters that let you cancel the process.
  • On the desktop click the My Computer icon
  • Right click your main drive (I am on C) and select properties
  • Select the Tools tab
  • Select Error Checking
  • Place a tick in both boxes in the Check Disk (OS) window
  • Press Start
  • You will get a warning that it needs to reboot to continue
  • Allow it to do so
Posted Image


After the disk check has completed

Get the Chkdsk log

Chkdsk Log

  • Click on Start, then Run.
  • Copy and paste the following bold text in to the Open: box:

    eventvwr.msc /s

  • This will bring up the Event Viewer window
  • In the left panel click on Application
  • The chkdsk log should be the first entry, with a source of Wininit. If it is not the first log:
    • Click on View, and then on Newest First
    • This should place the chkdsk log at the top of the list.
  • Click on the entry once
  • Now right-click on the entry and choose Properties.
  • In the window that pops-up, click on Posted Image(this will copy the log).
  • Paste the log in a Reply to this topic.


Step-3.

Things For Your Next Post:
1. The TDSSKiller log
2. The Ckkdsk log
  • 0

#18
Technodave

Technodave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
22:49:46.0734 0612 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
22:49:46.0890 0612 ============================================================
22:49:46.0890 0612 Current date / time: 2012/05/28 22:49:46.0890
22:49:46.0890 0612 SystemInfo:
22:49:46.0890 0612
22:49:46.0890 0612 OS Version: 5.1.2600 ServicePack: 3.0
22:49:46.0890 0612 Product type: Workstation
22:49:46.0890 0612 ComputerName: MOGGY-0C768B687
22:49:46.0890 0612 UserName: Moggy
22:49:46.0890 0612 Windows directory: C:\WINDOWS
22:49:46.0890 0612 System windows directory: C:\WINDOWS
22:49:46.0890 0612 Processor architecture: Intel x86
22:49:46.0890 0612 Number of processors: 2
22:49:46.0890 0612 Page size: 0x1000
22:49:46.0890 0612 Boot type: Normal boot
22:49:46.0890 0612 ============================================================
22:49:49.0625 0612 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:49:49.0640 0612 ============================================================
22:49:49.0640 0612 \Device\Harddisk0\DR0:
22:49:49.0656 0612 MBR partitions:
22:49:49.0656 0612 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
22:49:49.0656 0612 ============================================================
22:49:49.0703 0612 C: <-> \Device\Harddisk0\DR0\Partition0
22:49:49.0828 0612 ============================================================
22:49:49.0828 0612 Initialize success
22:49:49.0828 0612 ============================================================
22:49:59.0187 2260 ============================================================
22:49:59.0187 2260 Scan started
22:49:59.0187 2260 Mode: Manual; SigCheck; TDLFS;
22:49:59.0187 2260 ============================================================
22:49:59.0687 2260 4ze3hr8b.sys - ok
22:49:59.0734 2260 84087683 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\07754234.sys
22:50:00.0187 2260 84087683 - ok
22:50:00.0187 2260 Abiosdsk - ok
22:50:00.0203 2260 abp480n5 - ok
22:50:00.0234 2260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:51:19.0874 2260 ACPI - ok
22:51:19.0983 2260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:51:20.0233 2260 ACPIEC - ok
22:51:21.0358 2260 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:51:21.0608 2260 AdobeFlashPlayerUpdateSvc - ok
22:51:21.0608 2260 adpu160m - ok
22:51:22.0248 2260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:51:22.0561 2260 aec - ok
22:51:23.0764 2260 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:51:24.0358 2260 AFD - ok
22:51:24.0373 2260 Aha154x - ok
22:51:24.0373 2260 aic78u2 - ok
22:51:24.0373 2260 aic78xx - ok
22:51:32.0404 2260 ALCXWDM (fcb505a7fa9dd4b8b98064792fd038a4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:51:34.0763 2260 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning
22:51:34.0763 2260 ALCXWDM - detected UnsignedFile.Multi.Generic (1)
22:51:34.0935 2260 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:51:35.0076 2260 Alerter - ok
22:51:35.0107 2260 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:51:35.0185 2260 ALG - ok
22:51:35.0216 2260 AliIde - ok
22:51:35.0216 2260 AmdK8 - ok
22:51:35.0216 2260 amsint - ok
22:51:35.0310 2260 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
22:51:35.0326 2260 AOL ACS - ok
22:51:35.0388 2260 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:51:35.0388 2260 Apple Mobile Device - ok
22:51:35.0404 2260 AppMgmt - ok
22:51:35.0404 2260 asc - ok
22:51:35.0404 2260 asc3350p - ok
22:51:35.0404 2260 asc3550 - ok
22:51:35.0451 2260 AsIO (19a1dac5bc607c212e8a94c05886ed52) C:\WINDOWS\system32\drivers\AsIO.sys
22:51:35.0482 2260 AsIO ( UnsignedFile.Multi.Generic ) - warning
22:51:35.0482 2260 AsIO - detected UnsignedFile.Multi.Generic (1)
22:51:35.0560 2260 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:51:35.0638 2260 aspnet_state - ok
22:51:35.0701 2260 Asushwio (de91d0d73c3e61e6826d98fac2fac729) C:\WINDOWS\system32\drivers\Asushwio.sys
22:51:35.0748 2260 Asushwio ( UnsignedFile.Multi.Generic ) - warning
22:51:35.0748 2260 Asushwio - detected UnsignedFile.Multi.Generic (1)
22:51:35.0826 2260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:51:35.0951 2260 AsyncMac - ok
22:51:35.0982 2260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:51:36.0107 2260 atapi - ok
22:51:36.0107 2260 Atdisk - ok
22:51:36.0201 2260 Ati HotKey Poller (809b0eb83c75061c9de2e528c65a1575) C:\WINDOWS\system32\Ati2evxx.exe
22:51:36.0263 2260 Ati HotKey Poller - ok
22:51:36.0404 2260 ATI Smart (5f90b5a3381f5795e852960fccebff6a) C:\WINDOWS\system32\ati2sgag.exe
22:51:36.0451 2260 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
22:51:36.0451 2260 ATI Smart - detected UnsignedFile.Multi.Generic (1)
22:51:36.0701 2260 ati2mtag (032f23b133b680b06861329c5a176ee0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:51:36.0919 2260 ati2mtag - ok
22:51:37.0091 2260 AtiHDAudioService (bd9ca8136738040d3257363ed12be693) C:\WINDOWS\system32\drivers\AtihdXP3.sys
22:51:37.0107 2260 AtiHDAudioService - ok
22:51:37.0138 2260 AtiHdmiService (590724416c5a6aa6fbc1f8ee75131afc) C:\WINDOWS\system32\drivers\AtiHdmi.sys
22:51:37.0154 2260 AtiHdmiService - ok
22:51:37.0185 2260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:51:37.0279 2260 Atmarpc - ok
22:51:37.0310 2260 ATWPKT2 (31aad90bcd68907dac9d3db1eb4b9f3f) C:\WINDOWS\system32\drivers\ATWPKT2.SYS
22:51:37.0326 2260 ATWPKT2 - ok
22:51:37.0341 2260 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:51:37.0435 2260 AudioSrv - ok
22:51:37.0451 2260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:51:37.0544 2260 audstub - ok
22:51:37.0622 2260 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
22:51:37.0638 2260 BBSvc - ok
22:51:37.0685 2260 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
22:51:37.0701 2260 BBUpdate - ok
22:51:37.0732 2260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:51:37.0857 2260 Beep - ok
22:51:37.0904 2260 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:51:38.0013 2260 BITS - ok
22:51:38.0060 2260 bkn50USB (6d39682a1051a5be7437ec99f1bf9921) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
22:51:38.0091 2260 bkn50USB ( UnsignedFile.Multi.Generic ) - warning
22:51:38.0091 2260 bkn50USB - detected UnsignedFile.Multi.Generic (1)
22:51:38.0169 2260 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:51:38.0185 2260 Bonjour Service - ok
22:51:38.0232 2260 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:51:38.0326 2260 Browser - ok
22:51:38.0357 2260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:51:38.0451 2260 cbidf2k - ok
22:51:38.0451 2260 cd20xrnt - ok
22:51:38.0482 2260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:51:38.0607 2260 Cdaudio - ok
22:51:38.0654 2260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:51:38.0747 2260 Cdfs - ok
22:51:38.0763 2260 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:51:38.0872 2260 Cdrom - ok
22:51:38.0888 2260 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
22:51:38.0904 2260 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
22:51:38.0904 2260 cercsr6 - detected UnsignedFile.Multi.Generic (1)
22:51:38.0904 2260 Changer - ok
22:51:38.0935 2260 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:51:39.0029 2260 CiSvc - ok
22:51:39.0060 2260 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:51:39.0154 2260 ClipSrv - ok
22:51:39.0201 2260 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:51:39.0247 2260 clr_optimization_v2.0.50727_32 - ok
22:51:39.0263 2260 CmdIde - ok
22:51:39.0263 2260 COMSysApp - ok
22:51:39.0263 2260 Cpqarray - ok
22:51:39.0294 2260 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:51:39.0388 2260 CryptSvc - ok
22:51:39.0388 2260 dac2w2k - ok
22:51:39.0388 2260 dac960nt - ok
22:51:39.0419 2260 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:51:39.0466 2260 DcomLaunch - ok
22:51:39.0497 2260 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:51:39.0607 2260 Dhcp - ok
22:51:39.0638 2260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:51:39.0732 2260 Disk - ok
22:51:39.0732 2260 dmadmin - ok
22:51:39.0779 2260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:51:39.0904 2260 dmboot - ok
22:51:39.0919 2260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:51:40.0029 2260 dmio - ok
22:51:40.0044 2260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:51:40.0169 2260 dmload - ok
22:51:40.0216 2260 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:51:40.0294 2260 dmserver - ok
22:51:40.0310 2260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:51:40.0404 2260 DMusic - ok
22:51:40.0435 2260 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:51:40.0435 2260 Dnscache - ok
22:51:40.0482 2260 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:51:40.0560 2260 Dot3svc - ok
22:51:40.0560 2260 dpti2o - ok
22:51:40.0591 2260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:51:40.0685 2260 drmkaud - ok
22:51:40.0685 2260 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:51:40.0779 2260 EapHost - ok
22:51:40.0841 2260 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:51:40.0966 2260 ERSvc - ok
22:51:41.0013 2260 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
22:51:41.0154 2260 es1371 - ok
22:51:41.0310 2260 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:51:41.0357 2260 Eventlog - ok
22:51:41.0560 2260 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:51:41.0732 2260 EventSystem - ok
22:51:41.0841 2260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:51:41.0982 2260 Fastfat - ok
22:51:42.0075 2260 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:51:42.0153 2260 FastUserSwitchingCompatibility - ok
22:51:42.0232 2260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:51:42.0357 2260 Fdc - ok
22:51:42.0372 2260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:51:42.0560 2260 Fips - ok
22:51:42.0591 2260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:51:42.0685 2260 Flpydisk - ok
22:51:42.0763 2260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:51:42.0872 2260 FltMgr - ok
22:51:43.0013 2260 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:51:43.0028 2260 FontCache3.0.0.0 - ok
22:51:43.0075 2260 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
22:51:43.0075 2260 fssfltr - ok
22:51:43.0232 2260 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:51:43.0263 2260 fsssvc - ok
22:51:43.0278 2260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:51:43.0403 2260 Fs_Rec - ok
22:51:43.0435 2260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:51:43.0575 2260 Ftdisk - ok
22:51:43.0606 2260 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:51:43.0606 2260 GEARAspiWDM - ok
22:51:43.0638 2260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:51:43.0731 2260 Gpc - ok
22:51:43.0794 2260 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:51:43.0810 2260 gupdate - ok
22:51:43.0810 2260 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:51:43.0825 2260 gupdatem - ok
22:51:43.0856 2260 gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:51:43.0872 2260 gusvc - ok
22:51:43.0903 2260 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:51:43.0981 2260 HDAudBus - ok
22:51:44.0044 2260 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:51:44.0138 2260 helpsvc - ok
22:51:44.0153 2260 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:51:44.0231 2260 HidServ - ok
22:51:44.0247 2260 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:51:44.0341 2260 hidusb - ok
22:51:44.0356 2260 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:51:44.0466 2260 hkmsvc - ok
22:51:44.0466 2260 hpn - ok
22:51:44.0497 2260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:51:44.0544 2260 HTTP - ok
22:51:44.0560 2260 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:51:44.0669 2260 HTTPFilter - ok
22:51:44.0669 2260 i2omgmt - ok
22:51:44.0669 2260 i2omp - ok
22:51:44.0685 2260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:51:44.0763 2260 i8042prt - ok
22:51:44.0825 2260 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:51:44.0841 2260 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:51:44.0841 2260 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:51:44.0966 2260 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:51:44.0997 2260 idsvc - ok
22:51:45.0013 2260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:51:45.0091 2260 Imapi - ok
22:51:45.0138 2260 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:51:45.0231 2260 ImapiService - ok
22:51:45.0231 2260 ini910u - ok
22:51:45.0247 2260 IntelIde - ok
22:51:45.0263 2260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:51:45.0356 2260 Ip6Fw - ok
22:51:45.0388 2260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:51:45.0513 2260 IpFilterDriver - ok
22:51:45.0544 2260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:51:45.0638 2260 IpInIp - ok
22:51:45.0669 2260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:51:45.0778 2260 IpNat - ok
22:51:45.0856 2260 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
22:51:45.0872 2260 iPod Service - ok
22:51:45.0903 2260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:51:45.0981 2260 IPSec - ok
22:51:45.0997 2260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:51:46.0091 2260 IRENUM - ok
22:51:46.0091 2260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:51:46.0169 2260 isapnp - ok
22:51:46.0216 2260 JmtFltr (78cc22326e584d2c02e1ab8b38dbb00f) C:\WINDOWS\system32\Drivers\JmtFltr.sys
22:51:46.0263 2260 JmtFltr - ok
22:51:46.0278 2260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:51:46.0372 2260 Kbdclass - ok
22:51:46.0388 2260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:51:46.0466 2260 kbdhid - ok
22:51:46.0481 2260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:51:46.0559 2260 kmixer - ok
22:51:46.0575 2260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:51:46.0606 2260 KSecDD - ok
22:51:46.0653 2260 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
22:51:46.0653 2260 L8042Kbd - ok
22:51:46.0700 2260 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
22:51:46.0700 2260 L8042mou - ok
22:51:46.0747 2260 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:51:46.0809 2260 lanmanserver - ok
22:51:46.0841 2260 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:51:46.0903 2260 lanmanworkstation - ok
22:51:46.0903 2260 lbrtfdc - ok
22:51:46.0966 2260 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
22:51:46.0981 2260 LBTServ - ok
22:51:47.0013 2260 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:51:47.0106 2260 LmHosts - ok
22:51:47.0106 2260 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
22:51:47.0122 2260 LMouKE - ok
22:51:47.0153 2260 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
22:51:47.0169 2260 MBAMSwissArmy - ok
22:51:47.0216 2260 MDM (2738b111a73181fa654812c7dd9c8ed6) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
22:51:47.0262 2260 MDM ( UnsignedFile.Multi.Generic ) - warning
22:51:47.0262 2260 MDM - detected UnsignedFile.Multi.Generic (1)
22:51:47.0294 2260 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:51:47.0387 2260 Messenger - ok
22:51:47.0419 2260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:51:47.0528 2260 mnmdd - ok
22:51:47.0778 2260 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:51:47.0872 2260 mnmsrvc - ok
22:51:47.0903 2260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:51:47.0981 2260 Modem - ok
22:51:48.0012 2260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:51:48.0106 2260 Mouclass - ok
22:51:48.0122 2260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:51:48.0262 2260 mouhid - ok
22:51:48.0278 2260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:51:48.0372 2260 MountMgr - ok
22:51:48.0387 2260 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:51:48.0403 2260 MpFilter - ok
22:51:48.0466 2260 MpKsl107745df (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC5FE468-05FD-42D9-AB84-B5D8DF9C5683}\MpKsl107745df.sys
22:51:48.0466 2260 MpKsl107745df - ok
22:51:48.0466 2260 mraid35x - ok
22:51:48.0497 2260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:51:48.0591 2260 MRxDAV - ok
22:51:48.0622 2260 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:51:48.0716 2260 MRxSmb - ok
22:51:48.0747 2260 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:51:48.0841 2260 MSDTC - ok
22:51:48.0856 2260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:51:48.0950 2260 Msfs - ok
22:51:48.0950 2260 MSIServer - ok
22:51:48.0997 2260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:51:49.0075 2260 MSKSSRV - ok
22:51:49.0153 2260 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:51:49.0169 2260 MsMpSvc - ok
22:51:49.0184 2260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:51:49.0278 2260 MSPCLOCK - ok
22:51:49.0278 2260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:51:49.0356 2260 MSPQM - ok
22:51:49.0387 2260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:51:49.0465 2260 mssmbios - ok
22:51:49.0497 2260 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
22:51:49.0544 2260 MTsensor - ok
22:51:49.0575 2260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:51:49.0622 2260 Mup - ok
22:51:49.0669 2260 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:51:49.0778 2260 napagent - ok
22:51:49.0794 2260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:51:49.0903 2260 NDIS - ok
22:51:49.0919 2260 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:51:49.0965 2260 NdisTapi - ok
22:51:49.0965 2260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:51:50.0059 2260 Ndisuio - ok
22:51:50.0075 2260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:51:50.0169 2260 NdisWan - ok
22:51:50.0200 2260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:51:50.0231 2260 NDProxy - ok
22:51:50.0262 2260 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
22:51:50.0325 2260 Netaapl - ok
22:51:50.0356 2260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:51:50.0434 2260 NetBIOS - ok
22:51:50.0450 2260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:51:50.0544 2260 NetBT - ok
22:51:50.0575 2260 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:51:50.0669 2260 NetDDE - ok
22:51:50.0669 2260 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:51:50.0747 2260 NetDDEdsdm - ok
22:51:50.0762 2260 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:51:50.0840 2260 Netlogon - ok
22:51:50.0887 2260 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:51:50.0981 2260 Netman - ok
22:51:51.0059 2260 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:51:51.0075 2260 NetTcpPortSharing - ok
22:51:51.0106 2260 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:51:51.0122 2260 Nla - ok
22:51:51.0153 2260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:51:51.0231 2260 Npfs - ok
22:51:51.0247 2260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:51:51.0340 2260 Ntfs - ok
22:51:51.0340 2260 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:51:51.0418 2260 NtLmSsp - ok
22:51:51.0434 2260 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:51:51.0512 2260 NtmsSvc - ok
22:51:51.0543 2260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:51:51.0684 2260 Null - ok
22:51:51.0950 2260 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:51:52.0622 2260 nv - ok
22:51:52.0840 2260 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
22:51:52.0887 2260 nvata - ok
22:51:52.0934 2260 nvatabus (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\drivers\nvatabus.sys
22:51:53.0043 2260 nvatabus ( UnsignedFile.Multi.Generic ) - warning
22:51:53.0043 2260 nvatabus - detected UnsignedFile.Multi.Generic (1)
22:51:53.0106 2260 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:51:53.0168 2260 NVENETFD - ok
22:51:53.0215 2260 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:51:53.0246 2260 nvnetbus - ok
22:51:53.0293 2260 NVSvc (a8c1e6ff53fb0628a302843ea5fa5ab6) C:\WINDOWS\system32\nvsvc32.exe
22:51:53.0309 2260 NVSvc - ok
22:51:53.0340 2260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:51:53.0450 2260 NwlnkFlt - ok
22:51:53.0465 2260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:51:53.0590 2260 NwlnkFwd - ok
22:51:53.0653 2260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:51:53.0746 2260 Parport - ok
22:51:53.0778 2260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:51:53.0871 2260 PartMgr - ok
22:51:53.0903 2260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:51:54.0043 2260 ParVdm - ok
22:51:54.0043 2260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:51:54.0121 2260 PCI - ok
22:51:54.0137 2260 PCIDump - ok
22:51:54.0153 2260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:51:54.0309 2260 PCIIde - ok
22:51:54.0356 2260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:51:54.0450 2260 Pcmcia - ok
22:51:54.0559 2260 PCToolsSSDMonitorSvc (8cb97ab9edc3db4e6723577e1d790353) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
22:51:54.0590 2260 PCToolsSSDMonitorSvc - ok
22:51:54.0590 2260 PDCOMP - ok
22:51:54.0590 2260 PDFRAME - ok
22:51:54.0606 2260 PDRELI - ok
22:51:54.0606 2260 PDRFRAME - ok
22:51:54.0606 2260 perc2 - ok
22:51:54.0621 2260 perc2hib - ok
22:51:54.0715 2260 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:51:54.0731 2260 PlugPlay - ok
22:51:54.0809 2260 Point32 (d0be72557de73acabbab536496d23115) C:\WINDOWS\system32\DRIVERS\point32.sys
22:51:54.0825 2260 Point32 - ok
22:51:54.0856 2260 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:51:54.0934 2260 PolicyAgent - ok
22:51:54.0981 2260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:51:55.0074 2260 PptpMiniport - ok
22:51:55.0090 2260 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:51:55.0168 2260 Processor - ok
22:51:55.0168 2260 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:51:55.0246 2260 ProtectedStorage - ok
22:51:55.0246 2260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:51:55.0371 2260 PSched - ok
22:51:55.0403 2260 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
22:51:55.0403 2260 PSI - ok
22:51:55.0418 2260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:51:55.0543 2260 Ptilink - ok
22:51:55.0574 2260 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:51:55.0574 2260 PxHelp20 - ok
22:51:55.0574 2260 ql1080 - ok
22:51:55.0590 2260 Ql10wnt - ok
22:51:55.0590 2260 ql12160 - ok
22:51:55.0590 2260 ql1240 - ok
22:51:55.0606 2260 ql1280 - ok
22:51:55.0606 2260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:51:55.0731 2260 RasAcd - ok
22:51:55.0762 2260 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:51:55.0840 2260 RasAuto - ok
22:51:55.0856 2260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:51:55.0934 2260 Rasl2tp - ok
22:51:56.0028 2260 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:51:56.0106 2260 RasMan - ok
22:51:56.0121 2260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:51:56.0199 2260 RasPppoe - ok
22:51:56.0199 2260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:51:56.0324 2260 Raspti - ok
22:51:56.0340 2260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:51:56.0449 2260 Rdbss - ok
22:51:56.0449 2260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:51:56.0590 2260 RDPCDD - ok
22:51:56.0637 2260 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:51:56.0699 2260 RDPWD - ok
22:51:56.0793 2260 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:51:56.0871 2260 RDSessMgr - ok
22:51:56.0918 2260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:51:57.0012 2260 redbook - ok
22:51:57.0043 2260 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:51:57.0121 2260 RemoteAccess - ok
22:51:57.0121 2260 rootrepeal[1] - ok
22:51:57.0137 2260 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:51:57.0215 2260 RpcLocator - ok
22:51:57.0262 2260 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:51:57.0277 2260 RpcSs - ok
22:51:57.0309 2260 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:51:57.0434 2260 RSVP - ok
22:51:57.0496 2260 RzSynapse (2e2f0d988f6d46e5e5e84d9fcad39081) C:\WINDOWS\system32\DRIVERS\RzSynapse.sys
22:51:57.0527 2260 RzSynapse - ok
22:51:57.0574 2260 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:51:57.0652 2260 SamSs - ok
22:51:57.0793 2260 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:51:57.0902 2260 SCardSvr - ok
22:51:58.0043 2260 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:51:58.0121 2260 Schedule - ok
22:51:58.0121 2260 SCREAMINGBDRIVER - ok
22:51:58.0184 2260 SDTHOOK (f88d17b93621eeb8bef33b81e3af9207) C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys
22:51:58.0184 2260 SDTHOOK ( UnsignedFile.Multi.Generic ) - warning
22:51:58.0184 2260 SDTHOOK - detected UnsignedFile.Multi.Generic (1)
22:51:58.0231 2260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:51:58.0309 2260 Secdrv - ok
22:51:58.0324 2260 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:51:58.0402 2260 seclogon - ok
22:51:58.0496 2260 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
22:51:58.0527 2260 Secunia PSI Agent - ok
22:51:58.0543 2260 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files\Secunia\PSI\sua.exe
22:51:58.0559 2260 Secunia Update Agent - ok
22:51:58.0668 2260 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:51:58.0746 2260 SENS - ok
22:51:58.0777 2260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:51:58.0871 2260 serenum - ok
22:51:58.0887 2260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:51:58.0980 2260 Serial - ok
22:51:59.0012 2260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:51:59.0105 2260 Sfloppy - ok
22:51:59.0152 2260 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:51:59.0262 2260 SharedAccess - ok
22:51:59.0293 2260 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:51:59.0293 2260 ShellHWDetection - ok
22:51:59.0293 2260 Simbad - ok
22:51:59.0309 2260 Sparrow - ok
22:51:59.0309 2260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:51:59.0402 2260 splitter - ok
22:51:59.0434 2260 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:51:59.0449 2260 Spooler - ok
22:51:59.0449 2260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:51:59.0543 2260 sr - ok
22:51:59.0574 2260 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:51:59.0699 2260 srservice - ok
22:51:59.0746 2260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:51:59.0762 2260 Srv - ok
22:51:59.0793 2260 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:51:59.0887 2260 SSDPSRV - ok
22:51:59.0934 2260 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:52:00.0012 2260 stisvc - ok
22:52:00.0059 2260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:52:00.0152 2260 swenum - ok
22:52:00.0215 2260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:52:00.0309 2260 swmidi - ok
22:52:00.0324 2260 SwPrv - ok
22:52:00.0434 2260 Symantec Core LC (477a47c10c4b2e79dd52d74baa9ed716) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
22:52:00.0465 2260 Symantec Core LC - ok
22:52:00.0559 2260 symc810 - ok
22:52:00.0559 2260 symc8xx - ok
22:52:00.0590 2260 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
22:52:00.0605 2260 symlcbrd - ok
22:52:00.0605 2260 sym_hi - ok
22:52:00.0605 2260 sym_u3 - ok
22:52:00.0637 2260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:52:00.0762 2260 sysaudio - ok
22:52:00.0777 2260 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:52:00.0855 2260 SysmonLog - ok
22:52:00.0887 2260 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:52:00.0980 2260 TapiSrv - ok
22:52:01.0012 2260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:52:01.0027 2260 Tcpip - ok
22:52:01.0043 2260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:52:01.0121 2260 TDPIPE - ok
22:52:01.0137 2260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:52:01.0230 2260 TDTCP - ok
22:52:01.0277 2260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:52:01.0371 2260 TermDD - ok
22:52:01.0418 2260 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:52:01.0512 2260 TermService - ok
22:52:01.0543 2260 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:52:01.0543 2260 Themes - ok
22:52:01.0590 2260 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
22:52:01.0605 2260 tmcomm - ok
22:52:01.0605 2260 TosIde - ok
22:52:01.0668 2260 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:52:01.0793 2260 TrkWks - ok
22:52:01.0808 2260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:52:01.0902 2260 Udfs - ok
22:52:01.0902 2260 ultra - ok
22:52:01.0933 2260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:52:02.0027 2260 Update - ok
22:52:02.0058 2260 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:52:02.0152 2260 upnphost - ok
22:52:02.0152 2260 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:52:02.0246 2260 UPS - ok
22:52:02.0293 2260 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:52:02.0308 2260 USBAAPL - ok
22:52:02.0324 2260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:52:02.0433 2260 usbccgp - ok
22:52:02.0480 2260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:52:02.0558 2260 usbehci - ok
22:52:02.0574 2260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:52:02.0683 2260 usbhub - ok
22:52:02.0715 2260 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:52:02.0808 2260 usbohci - ok
22:52:02.0824 2260 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:52:02.0949 2260 usbscan - ok
22:52:02.0965 2260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:52:03.0043 2260 USBSTOR - ok
22:52:03.0043 2260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:52:03.0121 2260 VgaSave - ok
22:52:03.0152 2260 vhidmini (dffab3374f554977c4bb1b575a7b6502) C:\WINDOWS\system32\DRIVERS\vhidmini.sys
22:52:03.0168 2260 vhidmini - ok
22:52:03.0168 2260 ViaIde - ok
22:52:03.0183 2260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:52:03.0277 2260 VolSnap - ok
22:52:03.0308 2260 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:52:03.0402 2260 VSS - ok
22:52:03.0433 2260 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:52:03.0511 2260 W32Time - ok
22:52:03.0652 2260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:52:03.0730 2260 Wanarp - ok
22:52:03.0777 2260 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:52:03.0777 2260 wanatw - ok
22:52:03.0824 2260 WANMiniportService (eb9a99ab5d17b1727034ff191e6448d7) C:\WINDOWS\wanmpsvc.exe
22:52:04.0261 2260 WANMiniportService ( UnsignedFile.Multi.Generic ) - warning
22:52:04.0261 2260 WANMiniportService - detected UnsignedFile.Multi.Generic (1)
22:52:04.0402 2260 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:52:04.0433 2260 Wdf01000 - ok
22:52:04.0433 2260 WDICA - ok
22:52:04.0465 2260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:52:04.0558 2260 wdmaud - ok
22:52:04.0636 2260 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:52:04.0715 2260 WebClient - ok
22:52:04.0793 2260 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:52:04.0871 2260 winmgmt - ok
22:52:04.0964 2260 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:52:05.0011 2260 wlidsvc - ok
22:52:05.0089 2260 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:52:05.0121 2260 WmdmPmSN - ok
22:52:05.0183 2260 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:52:05.0277 2260 WmiApSrv - ok
22:52:05.0339 2260 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:52:05.0386 2260 WMPNetworkSvc - ok
22:52:05.0433 2260 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:52:05.0558 2260 WS2IFSL - ok
22:52:05.0589 2260 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:52:05.0668 2260 wscsvc - ok
22:52:05.0699 2260 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:52:05.0793 2260 wuauserv - ok
22:52:05.0839 2260 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:52:05.0839 2260 WudfPf - ok
22:52:05.0839 2260 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:52:05.0855 2260 WudfRd - ok
22:52:05.0871 2260 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:52:05.0886 2260 WudfSvc - ok
22:52:05.0918 2260 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:52:06.0027 2260 WZCSVC - ok
22:52:06.0043 2260 xcpip - ok
22:52:06.0058 2260 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:52:06.0152 2260 xmlprov - ok
22:52:06.0152 2260 xpsec - ok
22:52:06.0183 2260 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
22:52:06.0199 2260 xusb21 - ok
22:52:06.0230 2260 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
22:52:06.0230 2260 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
22:52:06.0230 2260 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
22:52:06.0246 2260 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:52:06.0246 2260 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:52:06.0246 2260 Boot (0x1200) (f8a28693d85f584b735f537c5e1137c0) \Device\Harddisk0\DR0\Partition0
22:52:06.0246 2260 \Device\Harddisk0\DR0\Partition0 - ok
22:52:06.0246 2260 ============================================================
22:52:06.0246 2260 Scan finished
22:52:06.0246 2260 ============================================================
22:52:06.0355 2120 Detected object count: 13
22:52:06.0355 2120 Actual detected object count: 13
22:53:19.0569 2120 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:19.0569 2120 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:19.0569 2120 AsIO ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:19.0569 2120 AsIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:19.0569 2120 Asushwio ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:19.0569 2120 Asushwio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:19.0569 2120 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:19.0569 2120 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:19.0569 2120 bkn50USB ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:19.0569 2120 bkn50USB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:19.0569 2120 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:19.0569 2120 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:19.0569 2120 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:19.0569 2120 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:19.0569 2120 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:19.0569 2120 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:19.0569 2120 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:19.0569 2120 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:19.0585 2120 SDTHOOK ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:19.0585 2120 SDTHOOK ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:19.0585 2120 WANMiniportService ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:19.0585 2120 WANMiniportService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:19.0897 2120 \Device\Harddisk0\DR0\# - copied to quarantine
22:53:30.0131 2120 \Device\Harddisk0\DR0 - copied to quarantine
22:53:30.0225 2120 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
22:53:30.0240 2120 \Device\Harddisk0\DR0 - ok
22:53:30.0240 2120 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
22:53:30.0240 2120 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:53:30.0240 2120 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:53:32.0740 0504 Deinitialize success
  • 0

#19
Technodave

Technodave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
i am having problems getting the other log the "eventvwr.msc /s" commmand isnt bringing up any box and just makes my pc lock up. pc is running better just like to lock up and freeze still
  • 0

#20
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Technodave,

Well TDSSKiller got the rootkit. Now we need to kill the TDSS File System. Since running the eventvwr.msc command locks the computer up we'll see if we can't get there through the GUI.

When you ran the disk checker did you notice if it found anything?

I also want to get a new OTL log and see if it will run when the drivers are included and see what's left. We still have a good bit of work to do here.


Step-1.

Delete the TDSS File System

  • Re-run TDSSKiller please with the same settings - when you see the following then select delete:
    • \Device\Harddisk0\DR0 ( TDSS File System )
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-2.

Get the chkdsk log

  • Click the Start Orb
  • Right click on Computer and click on Manage
  • Click (Continue) on the UAC screen. The Computer Management window will come up.
  • On the left side of the window click the arrow beside Event Viewer and click Windows Logs
  • Click Application. The Application logs will appear in the center window.
  • The chkdsk log should be the first entry, with a source of Wininit. If it is not the first log:
    • Click on View, and then on Sort by > Date and Time.
    • This should place the chkdsk log at or near the top of the list.
  • Click on the entry once
  • Now right-click on the entry and choose Properties.
  • In the window that pops-up, click on Posted Image (this will copy the log).
Paste the log in a Reply to this topic.


Step-3.

New OTL log

  • Please open OTL on the desktop and click the Posted Image button.
  • Post the log it produces in your next reply.
If it won't run, re-open OTL and click the radio button beside None in the Drivers section and then click the Run Scan button.


Step-4

Things For Your Next Post:
1. The TDSSKiller log
2. The chkdsk log
3. The new OTL.txt log
4. Are the freeze ups any different since the second TDSSKiller fix?
  • 0

#21
Technodave

Technodave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
20:31:39.0390 3592 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
20:31:39.0562 3592 ============================================================
20:31:39.0562 3592 Current date / time: 2012/05/31 20:31:39.0562
20:31:39.0562 3592 SystemInfo:
20:31:39.0562 3592
20:31:39.0562 3592 OS Version: 5.1.2600 ServicePack: 3.0
20:31:39.0562 3592 Product type: Workstation
20:31:39.0562 3592 ComputerName: MOGGY-0C768B687
20:31:39.0562 3592 UserName: Moggy
20:31:39.0562 3592 Windows directory: C:\WINDOWS
20:31:39.0562 3592 System windows directory: C:\WINDOWS
20:31:39.0562 3592 Processor architecture: Intel x86
20:31:39.0562 3592 Number of processors: 2
20:31:39.0562 3592 Page size: 0x1000
20:31:39.0562 3592 Boot type: Normal boot
20:31:39.0562 3592 ============================================================
20:31:41.0125 3592 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:31:41.0140 3592 ============================================================
20:31:41.0140 3592 \Device\Harddisk0\DR0:
20:31:41.0156 3592 MBR partitions:
20:31:41.0156 3592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
20:31:41.0156 3592 ============================================================
20:31:41.0156 3592 C: <-> \Device\Harddisk0\DR0\Partition0
20:31:41.0281 3592 ============================================================
20:31:41.0281 3592 Initialize success
20:31:41.0281 3592 ============================================================
20:31:48.0656 3700 ============================================================
20:31:48.0656 3700 Scan started
20:31:48.0656 3700 Mode: Manual; SigCheck; TDLFS;
20:31:48.0656 3700 ============================================================
20:31:49.0375 3700 29202076 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\40861211.sys
20:31:49.0515 3700 29202076 - ok
20:31:49.0531 3700 4ze3hr8b.sys - ok
20:31:49.0546 3700 72072396 - ok
20:31:49.0609 3700 84087683 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\07754234.sys
20:31:49.0625 3700 84087683 - ok
20:31:49.0625 3700 Abiosdsk - ok
20:31:49.0640 3700 abp480n5 - ok
20:31:49.0687 3700 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:32:37.0625 3700 ACPI - ok
20:32:37.0718 3700 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:32:37.0828 3700 ACPIEC - ok
20:32:37.0937 3700 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:32:38.0000 3700 AdobeFlashPlayerUpdateSvc - ok
20:32:38.0000 3700 adpu160m - ok
20:32:38.0156 3700 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:32:38.0328 3700 aec - ok
20:32:38.0437 3700 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:32:38.0562 3700 AFD - ok
20:32:38.0578 3700 Aha154x - ok
20:32:38.0578 3700 aic78u2 - ok
20:32:38.0578 3700 aic78xx - ok
20:32:41.0046 3700 ALCXWDM (fcb505a7fa9dd4b8b98064792fd038a4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:32:41.0375 3700 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning
20:32:41.0375 3700 ALCXWDM - detected UnsignedFile.Multi.Generic (1)
20:32:41.0875 3700 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:32:41.0984 3700 Alerter - ok
20:32:42.0000 3700 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:32:42.0109 3700 ALG - ok
20:32:42.0125 3700 AliIde - ok
20:32:42.0125 3700 AmdK8 - ok
20:32:42.0125 3700 amsint - ok
20:32:42.0218 3700 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
20:32:42.0218 3700 AOL ACS - ok
20:32:42.0281 3700 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:32:42.0296 3700 Apple Mobile Device - ok
20:32:42.0296 3700 AppMgmt - ok
20:32:42.0296 3700 asc - ok
20:32:42.0328 3700 asc3350p - ok
20:32:42.0328 3700 asc3550 - ok
20:32:42.0359 3700 AsIO (19a1dac5bc607c212e8a94c05886ed52) C:\WINDOWS\system32\drivers\AsIO.sys
20:32:42.0375 3700 AsIO ( UnsignedFile.Multi.Generic ) - warning
20:32:42.0375 3700 AsIO - detected UnsignedFile.Multi.Generic (1)
20:32:42.0453 3700 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:32:42.0500 3700 aspnet_state - ok
20:32:42.0515 3700 Asushwio (de91d0d73c3e61e6826d98fac2fac729) C:\WINDOWS\system32\drivers\Asushwio.sys
20:32:42.0546 3700 Asushwio ( UnsignedFile.Multi.Generic ) - warning
20:32:42.0546 3700 Asushwio - detected UnsignedFile.Multi.Generic (1)
20:32:42.0640 3700 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:32:42.0750 3700 AsyncMac - ok
20:32:42.0812 3700 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:32:42.0921 3700 atapi - ok
20:32:42.0921 3700 Atdisk - ok
20:32:42.0984 3700 Ati HotKey Poller (809b0eb83c75061c9de2e528c65a1575) C:\WINDOWS\system32\Ati2evxx.exe
20:32:43.0109 3700 Ati HotKey Poller - ok
20:32:43.0156 3700 ATI Smart (5f90b5a3381f5795e852960fccebff6a) C:\WINDOWS\system32\ati2sgag.exe
20:32:43.0203 3700 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
20:32:43.0203 3700 ATI Smart - detected UnsignedFile.Multi.Generic (1)
20:32:43.0421 3700 ati2mtag (032f23b133b680b06861329c5a176ee0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:32:43.0625 3700 ati2mtag - ok
20:32:43.0750 3700 AtiHDAudioService (bd9ca8136738040d3257363ed12be693) C:\WINDOWS\system32\drivers\AtihdXP3.sys
20:32:43.0765 3700 AtiHDAudioService - ok
20:32:43.0812 3700 AtiHdmiService (590724416c5a6aa6fbc1f8ee75131afc) C:\WINDOWS\system32\drivers\AtiHdmi.sys
20:32:43.0812 3700 AtiHdmiService - ok
20:32:43.0859 3700 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:32:43.0953 3700 Atmarpc - ok
20:32:44.0000 3700 ATWPKT2 (31aad90bcd68907dac9d3db1eb4b9f3f) C:\WINDOWS\system32\drivers\ATWPKT2.SYS
20:32:44.0000 3700 ATWPKT2 - ok
20:32:44.0031 3700 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:32:44.0140 3700 AudioSrv - ok
20:32:44.0171 3700 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:32:44.0265 3700 audstub - ok
20:32:44.0390 3700 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
20:32:44.0406 3700 BBSvc - ok
20:32:44.0406 3700 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
20:32:44.0421 3700 BBUpdate - ok
20:32:44.0453 3700 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:32:44.0562 3700 Beep - ok
20:32:44.0609 3700 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:32:44.0718 3700 BITS - ok
20:32:44.0750 3700 bkn50USB (6d39682a1051a5be7437ec99f1bf9921) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
20:32:44.0796 3700 bkn50USB ( UnsignedFile.Multi.Generic ) - warning
20:32:44.0796 3700 bkn50USB - detected UnsignedFile.Multi.Generic (1)
20:32:44.0843 3700 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:32:44.0859 3700 Bonjour Service - ok
20:32:44.0906 3700 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:32:45.0000 3700 Browser - ok
20:32:45.0015 3700 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:32:45.0125 3700 cbidf2k - ok
20:32:45.0125 3700 cd20xrnt - ok
20:32:45.0140 3700 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:32:45.0281 3700 Cdaudio - ok
20:32:45.0312 3700 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:32:45.0406 3700 Cdfs - ok
20:32:45.0421 3700 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:32:45.0515 3700 Cdrom - ok
20:32:45.0546 3700 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:32:45.0562 3700 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
20:32:45.0562 3700 cercsr6 - detected UnsignedFile.Multi.Generic (1)
20:32:45.0562 3700 Changer - ok
20:32:45.0609 3700 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:32:45.0703 3700 CiSvc - ok
20:32:45.0734 3700 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:32:45.0828 3700 ClipSrv - ok
20:32:45.0875 3700 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:32:45.0937 3700 clr_optimization_v2.0.50727_32 - ok
20:32:45.0937 3700 CmdIde - ok
20:32:45.0937 3700 COMSysApp - ok
20:32:45.0937 3700 Cpqarray - ok
20:32:45.0953 3700 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:32:46.0046 3700 CryptSvc - ok
20:32:46.0046 3700 dac2w2k - ok
20:32:46.0062 3700 dac960nt - ok
20:32:46.0109 3700 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:32:46.0187 3700 DcomLaunch - ok
20:32:46.0234 3700 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:32:46.0328 3700 Dhcp - ok
20:32:46.0343 3700 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:32:46.0437 3700 Disk - ok
20:32:46.0437 3700 dmadmin - ok
20:32:46.0468 3700 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:32:46.0609 3700 dmboot - ok
20:32:46.0625 3700 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:32:46.0734 3700 dmio - ok
20:32:46.0734 3700 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:32:46.0875 3700 dmload - ok
20:32:46.0906 3700 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:32:46.0984 3700 dmserver - ok
20:32:47.0000 3700 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:32:47.0093 3700 DMusic - ok
20:32:47.0125 3700 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:32:47.0218 3700 Dnscache - ok
20:32:47.0265 3700 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:32:47.0359 3700 Dot3svc - ok
20:32:47.0359 3700 dpti2o - ok
20:32:47.0390 3700 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:32:47.0484 3700 drmkaud - ok
20:32:47.0500 3700 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:32:47.0578 3700 EapHost - ok
20:32:47.0609 3700 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:32:47.0718 3700 ERSvc - ok
20:32:47.0750 3700 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
20:32:47.0875 3700 es1371 - ok
20:32:47.0906 3700 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:32:47.0937 3700 Eventlog - ok
20:32:47.0968 3700 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:32:48.0015 3700 EventSystem - ok
20:32:48.0031 3700 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:32:48.0109 3700 Fastfat - ok
20:32:48.0140 3700 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:32:48.0218 3700 FastUserSwitchingCompatibility - ok
20:32:48.0250 3700 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:32:48.0328 3700 Fdc - ok
20:32:48.0343 3700 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:32:48.0453 3700 Fips - ok
20:32:48.0468 3700 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:32:48.0546 3700 Flpydisk - ok
20:32:48.0578 3700 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:32:48.0671 3700 FltMgr - ok
20:32:48.0781 3700 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:32:49.0031 3700 FontCache3.0.0.0 - ok
20:32:49.0078 3700 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:32:49.0078 3700 fssfltr - ok
20:32:49.0265 3700 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:32:49.0312 3700 fsssvc - ok
20:32:49.0359 3700 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:32:49.0500 3700 Fs_Rec - ok
20:32:49.0515 3700 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:32:49.0656 3700 Ftdisk - ok
20:32:49.0687 3700 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:32:49.0687 3700 GEARAspiWDM - ok
20:32:49.0734 3700 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:32:49.0828 3700 Gpc - ok
20:32:49.0890 3700 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:32:49.0890 3700 gupdate - ok
20:32:49.0906 3700 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:32:49.0906 3700 gupdatem - ok
20:32:49.0937 3700 gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:32:49.0953 3700 gusvc - ok
20:32:50.0000 3700 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:32:50.0078 3700 HDAudBus - ok
20:32:50.0140 3700 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:32:50.0234 3700 helpsvc - ok
20:32:50.0234 3700 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:32:50.0312 3700 HidServ - ok
20:32:50.0343 3700 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:32:50.0421 3700 hidusb - ok
20:32:50.0468 3700 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:32:50.0562 3700 hkmsvc - ok
20:32:50.0562 3700 hpn - ok
20:32:50.0609 3700 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:32:50.0640 3700 HTTP - ok
20:32:50.0671 3700 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:32:50.0750 3700 HTTPFilter - ok
20:32:50.0765 3700 i2omgmt - ok
20:32:50.0765 3700 i2omp - ok
20:32:50.0812 3700 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:32:50.0890 3700 i8042prt - ok
20:32:50.0953 3700 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:32:50.0968 3700 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:32:50.0968 3700 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:32:51.0078 3700 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:32:51.0125 3700 idsvc - ok
20:32:51.0125 3700 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:32:51.0218 3700 Imapi - ok
20:32:51.0265 3700 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:32:51.0343 3700 ImapiService - ok
20:32:51.0359 3700 ini910u - ok
20:32:51.0359 3700 IntelIde - ok
20:32:51.0375 3700 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:32:51.0468 3700 Ip6Fw - ok
20:32:51.0515 3700 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:32:51.0640 3700 IpFilterDriver - ok
20:32:51.0671 3700 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:32:51.0750 3700 IpInIp - ok
20:32:51.0765 3700 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:32:51.0859 3700 IpNat - ok
20:32:51.0953 3700 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
20:32:52.0000 3700 iPod Service - ok
20:32:52.0015 3700 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:32:52.0093 3700 IPSec - ok
20:32:52.0125 3700 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:32:52.0203 3700 IRENUM - ok
20:32:52.0250 3700 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:32:52.0328 3700 isapnp - ok
20:32:52.0359 3700 JmtFltr (78cc22326e584d2c02e1ab8b38dbb00f) C:\WINDOWS\system32\Drivers\JmtFltr.sys
20:32:52.0406 3700 JmtFltr - ok
20:32:52.0421 3700 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:32:52.0515 3700 Kbdclass - ok
20:32:52.0515 3700 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:32:52.0593 3700 kbdhid - ok
20:32:52.0609 3700 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:32:52.0687 3700 kmixer - ok
20:32:52.0718 3700 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:32:52.0765 3700 KSecDD - ok
20:32:52.0812 3700 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
20:32:52.0812 3700 L8042Kbd - ok
20:32:52.0859 3700 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
20:32:52.0875 3700 L8042mou - ok
20:32:52.0906 3700 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:32:52.0968 3700 lanmanserver - ok
20:32:53.0015 3700 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:32:53.0062 3700 lanmanworkstation - ok
20:32:53.0062 3700 lbrtfdc - ok
20:32:53.0156 3700 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
20:32:53.0156 3700 LBTServ - ok
20:32:53.0203 3700 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:32:53.0296 3700 LmHosts - ok
20:32:53.0312 3700 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
20:32:53.0343 3700 LMouKE - ok
20:32:53.0359 3700 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
20:32:53.0359 3700 MBAMSwissArmy - ok
20:32:53.0421 3700 MDM (2738b111a73181fa654812c7dd9c8ed6) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
20:32:53.0437 3700 MDM ( UnsignedFile.Multi.Generic ) - warning
20:32:53.0437 3700 MDM - detected UnsignedFile.Multi.Generic (1)
20:32:53.0453 3700 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:32:53.0531 3700 Messenger - ok
20:32:53.0562 3700 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:32:53.0687 3700 mnmdd - ok
20:32:53.0718 3700 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:32:53.0796 3700 mnmsrvc - ok
20:32:53.0828 3700 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:32:53.0906 3700 Modem - ok
20:32:53.0921 3700 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:32:54.0000 3700 Mouclass - ok
20:32:54.0046 3700 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:32:54.0171 3700 mouhid - ok
20:32:54.0187 3700 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:32:54.0281 3700 MountMgr - ok
20:32:54.0312 3700 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:32:54.0328 3700 MpFilter - ok
20:32:54.0406 3700 MpKsl5301fdaf (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC5FE468-05FD-42D9-AB84-B5D8DF9C5683}\MpKsl5301fdaf.sys
20:32:54.0406 3700 MpKsl5301fdaf - ok
20:32:54.0406 3700 mraid35x - ok
20:32:54.0437 3700 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:32:54.0531 3700 MRxDAV - ok
20:32:54.0562 3700 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:32:55.0125 3700 MRxSmb - ok
20:32:55.0156 3700 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:32:55.0281 3700 MSDTC - ok
20:32:55.0312 3700 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:32:55.0406 3700 Msfs - ok
20:32:55.0406 3700 MSIServer - ok
20:32:55.0437 3700 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:32:55.0515 3700 MSKSSRV - ok
20:32:55.0640 3700 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:32:55.0656 3700 MsMpSvc - ok
20:32:55.0687 3700 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:32:55.0765 3700 MSPCLOCK - ok
20:32:55.0796 3700 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:32:55.0875 3700 MSPQM - ok
20:32:55.0890 3700 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:32:55.0968 3700 mssmbios - ok
20:32:56.0000 3700 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
20:32:56.0046 3700 MTsensor - ok
20:32:56.0062 3700 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:32:56.0109 3700 Mup - ok
20:32:56.0156 3700 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:32:56.0250 3700 napagent - ok
20:32:56.0281 3700 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:32:56.0375 3700 NDIS - ok
20:32:56.0390 3700 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:32:56.0390 3700 NdisTapi - ok
20:32:56.0421 3700 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:32:56.0500 3700 Ndisuio - ok
20:32:56.0531 3700 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:32:56.0625 3700 NdisWan - ok
20:32:56.0640 3700 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:32:56.0703 3700 NDProxy - ok
20:32:56.0734 3700 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
20:32:56.0828 3700 Netaapl - ok
20:32:56.0859 3700 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:32:56.0937 3700 NetBIOS - ok
20:32:56.0953 3700 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:32:57.0046 3700 NetBT - ok
20:32:57.0093 3700 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:32:57.0171 3700 NetDDE - ok
20:32:57.0171 3700 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:32:57.0250 3700 NetDDEdsdm - ok
20:32:57.0281 3700 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:32:57.0359 3700 Netlogon - ok
20:32:57.0375 3700 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:32:57.0468 3700 Netman - ok
20:32:57.0562 3700 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:32:57.0578 3700 NetTcpPortSharing - ok
20:32:57.0625 3700 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:32:57.0656 3700 Nla - ok
20:32:57.0703 3700 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:32:57.0781 3700 Npfs - ok
20:32:57.0843 3700 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:32:57.0968 3700 Ntfs - ok
20:32:57.0968 3700 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:32:58.0046 3700 NtLmSsp - ok
20:32:58.0078 3700 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:32:58.0171 3700 NtmsSvc - ok
20:32:58.0203 3700 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:32:58.0343 3700 Null - ok
20:32:58.0625 3700 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:32:59.0093 3700 nv - ok
20:32:59.0187 3700 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
20:32:59.0250 3700 nvata - ok
20:32:59.0265 3700 nvatabus (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\drivers\nvatabus.sys
20:32:59.0359 3700 nvatabus ( UnsignedFile.Multi.Generic ) - warning
20:32:59.0359 3700 nvatabus - detected UnsignedFile.Multi.Generic (1)
20:32:59.0390 3700 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:32:59.0437 3700 NVENETFD - ok
20:32:59.0468 3700 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:32:59.0468 3700 nvnetbus - ok
20:32:59.0500 3700 NVSvc (a8c1e6ff53fb0628a302843ea5fa5ab6) C:\WINDOWS\system32\nvsvc32.exe
20:32:59.0515 3700 NVSvc - ok
20:32:59.0546 3700 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:32:59.0687 3700 NwlnkFlt - ok
20:32:59.0687 3700 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:32:59.0796 3700 NwlnkFwd - ok
20:32:59.0843 3700 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:32:59.0921 3700 Parport - ok
20:32:59.0937 3700 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:33:00.0031 3700 PartMgr - ok
20:33:00.0046 3700 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:33:00.0187 3700 ParVdm - ok
20:33:00.0187 3700 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:33:00.0265 3700 PCI - ok
20:33:00.0265 3700 PCIDump - ok
20:33:00.0265 3700 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:33:00.0390 3700 PCIIde - ok
20:33:00.0406 3700 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:33:00.0484 3700 Pcmcia - ok
20:33:00.0625 3700 PCToolsSSDMonitorSvc (8cb97ab9edc3db4e6723577e1d790353) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
20:33:00.0656 3700 PCToolsSSDMonitorSvc - ok
20:33:00.0656 3700 PDCOMP - ok
20:33:00.0656 3700 PDFRAME - ok
20:33:00.0656 3700 PDRELI - ok
20:33:00.0671 3700 PDRFRAME - ok
20:33:00.0671 3700 perc2 - ok
20:33:00.0671 3700 perc2hib - ok
20:33:00.0703 3700 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:33:00.0734 3700 PlugPlay - ok
20:33:00.0734 3700 Point32 (d0be72557de73acabbab536496d23115) C:\WINDOWS\system32\DRIVERS\point32.sys
20:33:00.0765 3700 Point32 - ok
20:33:00.0781 3700 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:33:00.0859 3700 PolicyAgent - ok
20:33:00.0890 3700 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:33:00.0968 3700 PptpMiniport - ok
20:33:00.0984 3700 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:33:01.0078 3700 Processor - ok
20:33:01.0078 3700 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:33:01.0156 3700 ProtectedStorage - ok
20:33:01.0156 3700 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:33:01.0234 3700 PSched - ok
20:33:01.0265 3700 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
20:33:01.0265 3700 PSI - ok
20:33:01.0281 3700 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:33:01.0421 3700 Ptilink - ok
20:33:01.0468 3700 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:33:01.0468 3700 PxHelp20 - ok
20:33:01.0468 3700 ql1080 - ok
20:33:01.0468 3700 Ql10wnt - ok
20:33:01.0484 3700 ql12160 - ok
20:33:01.0484 3700 ql1240 - ok
20:33:01.0484 3700 ql1280 - ok
20:33:01.0500 3700 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:33:01.0609 3700 RasAcd - ok
20:33:01.0625 3700 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:33:01.0703 3700 RasAuto - ok
20:33:01.0718 3700 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:33:01.0781 3700 Rasl2tp - ok
20:33:01.0828 3700 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:33:01.0906 3700 RasMan - ok
20:33:01.0921 3700 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:33:02.0000 3700 RasPppoe - ok
20:33:02.0000 3700 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:33:02.0125 3700 Raspti - ok
20:33:02.0140 3700 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:33:02.0234 3700 Rdbss - ok
20:33:02.0234 3700 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:33:02.0359 3700 RDPCDD - ok
20:33:02.0390 3700 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:33:02.0468 3700 RDPWD - ok
20:33:02.0484 3700 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:33:02.0578 3700 RDSessMgr - ok
20:33:02.0625 3700 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:33:02.0703 3700 redbook - ok
20:33:02.0734 3700 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:33:02.0812 3700 RemoteAccess - ok
20:33:02.0812 3700 rootrepeal[1] - ok
20:33:02.0812 3700 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:33:02.0890 3700 RpcLocator - ok
20:33:02.0921 3700 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:33:02.0968 3700 RpcSs - ok
20:33:03.0000 3700 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:33:03.0140 3700 RSVP - ok
20:33:03.0187 3700 RzSynapse (2e2f0d988f6d46e5e5e84d9fcad39081) C:\WINDOWS\system32\DRIVERS\RzSynapse.sys
20:33:03.0250 3700 RzSynapse - ok
20:33:03.0281 3700 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:33:03.0343 3700 SamSs - ok
20:33:03.0375 3700 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:33:03.0468 3700 SCardSvr - ok
20:33:03.0500 3700 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:33:03.0593 3700 Schedule - ok
20:33:03.0593 3700 SCREAMINGBDRIVER - ok
20:33:03.0625 3700 SDTHOOK (f88d17b93621eeb8bef33b81e3af9207) C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys
20:33:03.0656 3700 SDTHOOK ( UnsignedFile.Multi.Generic ) - warning
20:33:03.0656 3700 SDTHOOK - detected UnsignedFile.Multi.Generic (1)
20:33:03.0687 3700 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:33:03.0765 3700 Secdrv - ok
20:33:03.0796 3700 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:33:03.0890 3700 seclogon - ok
20:33:03.0968 3700 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
20:33:04.0000 3700 Secunia PSI Agent - ok
20:33:04.0031 3700 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files\Secunia\PSI\sua.exe
20:33:04.0046 3700 Secunia Update Agent - ok
20:33:04.0171 3700 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:33:04.0250 3700 SENS - ok
20:33:04.0281 3700 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:33:04.0375 3700 serenum - ok
20:33:04.0390 3700 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:33:04.0484 3700 Serial - ok
20:33:04.0515 3700 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:33:04.0593 3700 Sfloppy - ok
20:33:04.0625 3700 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:33:04.0750 3700 SharedAccess - ok
20:33:04.0781 3700 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:33:04.0812 3700 ShellHWDetection - ok
20:33:04.0812 3700 Simbad - ok
20:33:04.0812 3700 Sparrow - ok
20:33:04.0828 3700 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:33:04.0906 3700 splitter - ok
20:33:04.0937 3700 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:33:05.0000 3700 Spooler - ok
20:33:05.0015 3700 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:33:05.0109 3700 sr - ok
20:33:05.0156 3700 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:33:05.0234 3700 srservice - ok
20:33:05.0265 3700 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:33:05.0328 3700 Srv - ok
20:33:05.0343 3700 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:33:05.0421 3700 SSDPSRV - ok
20:33:05.0468 3700 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:33:05.0578 3700 stisvc - ok
20:33:05.0609 3700 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:33:05.0687 3700 swenum - ok
20:33:05.0734 3700 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:33:05.0812 3700 swmidi - ok
20:33:05.0812 3700 SwPrv - ok
20:33:05.0921 3700 Symantec Core LC (477a47c10c4b2e79dd52d74baa9ed716) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
20:33:05.0968 3700 Symantec Core LC - ok
20:33:05.0984 3700 symc810 - ok
20:33:06.0000 3700 symc8xx - ok
20:33:06.0031 3700 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
20:33:06.0031 3700 symlcbrd - ok
20:33:06.0031 3700 sym_hi - ok
20:33:06.0046 3700 sym_u3 - ok
20:33:06.0062 3700 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:33:06.0156 3700 sysaudio - ok
20:33:06.0171 3700 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:33:06.0265 3700 SysmonLog - ok
20:33:06.0312 3700 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:33:06.0390 3700 TapiSrv - ok
20:33:06.0453 3700 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:33:06.0500 3700 Tcpip - ok
20:33:06.0531 3700 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:33:06.0625 3700 TDPIPE - ok
20:33:06.0640 3700 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:33:06.0718 3700 TDTCP - ok
20:33:06.0734 3700 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:33:06.0828 3700 TermDD - ok
20:33:06.0843 3700 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:33:06.0921 3700 TermService - ok
20:33:06.0953 3700 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:33:06.0968 3700 Themes - ok
20:33:07.0000 3700 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
20:33:07.0015 3700 tmcomm - ok
20:33:07.0015 3700 TosIde - ok
20:33:07.0062 3700 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:33:07.0140 3700 TrkWks - ok
20:33:07.0156 3700 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:33:07.0234 3700 Udfs - ok
20:33:07.0234 3700 ultra - ok
20:33:07.0281 3700 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:33:07.0359 3700 Update - ok
20:33:07.0375 3700 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:33:07.0468 3700 upnphost - ok
20:33:07.0484 3700 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:33:07.0562 3700 UPS - ok
20:33:07.0609 3700 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:33:07.0640 3700 USBAAPL - ok
20:33:07.0671 3700 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:33:07.0750 3700 usbccgp - ok
20:33:07.0765 3700 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:33:07.0843 3700 usbehci - ok
20:33:07.0843 3700 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:33:07.0921 3700 usbhub - ok
20:33:07.0921 3700 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:33:08.0015 3700 usbohci - ok
20:33:08.0046 3700 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:33:08.0140 3700 usbscan - ok
20:33:08.0156 3700 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:33:08.0234 3700 USBSTOR - ok
20:33:08.0250 3700 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:33:08.0343 3700 VgaSave - ok
20:33:08.0375 3700 vhidmini (dffab3374f554977c4bb1b575a7b6502) C:\WINDOWS\system32\DRIVERS\vhidmini.sys
20:33:08.0421 3700 vhidmini - ok
20:33:08.0421 3700 ViaIde - ok
20:33:08.0484 3700 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:33:08.0578 3700 VolSnap - ok
20:33:08.0609 3700 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:33:08.0703 3700 VSS - ok
20:33:08.0718 3700 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:33:08.0796 3700 W32Time - ok
20:33:08.0828 3700 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:33:08.0906 3700 Wanarp - ok
20:33:08.0953 3700 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
20:33:09.0000 3700 wanatw - ok
20:33:09.0046 3700 WANMiniportService (eb9a99ab5d17b1727034ff191e6448d7) C:\WINDOWS\wanmpsvc.exe
20:33:09.0203 3700 WANMiniportService ( UnsignedFile.Multi.Generic ) - warning
20:33:09.0203 3700 WANMiniportService - detected UnsignedFile.Multi.Generic (1)
20:33:09.0250 3700 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:33:09.0265 3700 Wdf01000 - ok
20:33:09.0265 3700 WDICA - ok
20:33:09.0296 3700 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:33:09.0406 3700 wdmaud - ok
20:33:09.0484 3700 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:33:09.0593 3700 WebClient - ok
20:33:09.0718 3700 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:33:09.0812 3700 winmgmt - ok
20:33:10.0046 3700 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:33:10.0281 3700 wlidsvc - ok
20:33:10.0734 3700 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:33:10.0812 3700 WmdmPmSN - ok
20:33:10.0968 3700 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:33:11.0093 3700 WmiApSrv - ok
20:33:11.0796 3700 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:33:11.0984 3700 WMPNetworkSvc - ok
20:33:12.0140 3700 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:33:12.0312 3700 WS2IFSL - ok
20:33:12.0453 3700 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:33:12.0593 3700 wscsvc - ok
20:33:12.0640 3700 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:33:12.0765 3700 wuauserv - ok
20:33:12.0812 3700 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:33:12.0875 3700 WudfPf - ok
20:33:13.0000 3700 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:33:13.0015 3700 WudfRd - ok
20:33:13.0093 3700 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:33:13.0171 3700 WudfSvc - ok
20:33:13.0421 3700 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:33:13.0562 3700 WZCSVC - ok
20:33:13.0562 3700 xcpip - ok
20:33:13.0671 3700 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:33:13.0796 3700 xmlprov - ok
20:33:13.0796 3700 xpsec - ok
20:33:13.0828 3700 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
20:33:13.0843 3700 xusb21 - ok
20:33:13.0859 3700 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
20:33:13.0859 3700 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
20:33:13.0859 3700 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
20:33:13.0890 3700 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:33:13.0890 3700 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:33:13.0890 3700 Boot (0x1200) (f8a28693d85f584b735f537c5e1137c0) \Device\Harddisk0\DR0\Partition0
20:33:13.0890 3700 \Device\Harddisk0\DR0\Partition0 - ok
20:33:13.0890 3700 ============================================================
20:33:13.0890 3700 Scan finished
20:33:13.0890 3700 ============================================================
20:33:14.0015 3692 Detected object count: 13
20:33:14.0015 3692 Actual detected object count: 13
20:34:19.0062 3692 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:19.0062 3692 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:34:19.0062 3692 AsIO ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:19.0062 3692 AsIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:34:19.0078 3692 Asushwio ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:19.0078 3692 Asushwio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:34:19.0078 3692 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:19.0078 3692 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:34:19.0078 3692 bkn50USB ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:19.0078 3692 bkn50USB ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:34:19.0078 3692 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:19.0078 3692 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:34:19.0078 3692 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:19.0078 3692 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:34:19.0078 3692 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:19.0078 3692 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:34:19.0078 3692 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:19.0078 3692 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:34:19.0078 3692 SDTHOOK ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:19.0078 3692 SDTHOOK ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:34:19.0078 3692 WANMiniportService ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:19.0078 3692 WANMiniportService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:34:19.0359 3692 \Device\Harddisk0\DR0\# - copied to quarantine
20:34:29.0546 3692 \Device\Harddisk0\DR0 - copied to quarantine
20:34:29.0671 3692 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
20:34:29.0687 3692 \Device\Harddisk0\DR0 - ok
20:34:29.0687 3692 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
20:34:29.0750 3692 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
20:34:29.0781 3692 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
20:34:29.0828 3692 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
20:34:29.0921 3692 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:34:30.0000 3692 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:34:30.0000 3692 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:34:30.0015 3692 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:34:30.0031 3692 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:34:30.0187 3692 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
20:34:30.0187 3692 \Device\Harddisk0\DR0\TDLFS - deleted
20:34:30.0187 3692 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
20:34:32.0437 3588 Deinitialize success
  • 0

#22
Technodave

Technodave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL logfile created on: 5/31/2012 9:13:45 PM - Run 4
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Moggy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 79.31% Memory free
5.09 Gb Paging File | 4.36 Gb Available in Paging File | 85.70% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 110.87 Gb Free Space | 37.19% Space Free | Partition Type: NTFS
Drive D: | 562.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOGGY-0C768B687 | User Name: Moggy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/23 18:44:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moggy\desktop\OTL.exe
PRC - [2012/05/09 04:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/18 19:55:53 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/01/04 23:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/12 12:58:30 | 000,163,840 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\n52te\razerhid.exe
PRC - [2007/09/20 00:27:44 | 001,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/11/17 14:21:49 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1187017261\ee\aolsoftware.exe
PRC - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/07/23 02:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/06/20 22:42:44 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/09 22:36:11 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
MOD - [2012/05/09 22:36:04 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 22:35:36 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/09 22:35:35 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
MOD - [2012/05/09 22:35:27 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012/05/09 22:35:04 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 22:35:00 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 22:34:56 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 22:34:49 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/28 03:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/28 03:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 03:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 03:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 03:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/03/09 00:32:04 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2007/09/20 00:27:44 | 001,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2007/09/20 00:27:44 | 000,361,328 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/03 22:19:16 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/04 23:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/20 00:27:44 | 001,247,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glary...com/?src=iehome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glary...com/?src=iehome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?r...GB&dcc=GB&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A C9 02 3E 7E E3 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\w, =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1BBB0CE9-C992-42A2-9D7D-6EC9CD856086}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{9EEEC689-F07E-4241-8B15-A0FEAC12ECE1}: "URL" = http://query.nytimes...s}&opensearch=1
IE - HKCU\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Program Files\Octoshape Streaming Services\Moggy\octoprogram-L03-NMS1101262_SUA_000\npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Moggy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Moggy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/18 19:56:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/19 18:36:55 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Moggy\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Moggy\Application Data\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Moggy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Moggy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187017261\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Jomantha] C:\Program Files\n52te\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga Epic\NagaEpicSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF437E3C-D516-425F-9FEE-DD69A9CDC169}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Moggy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Moggy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/13 03:25:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{925e9f5e-a3ce-11de-a113-0017315df0b6}\Shell - "" = AutoRun
O33 - MountPoints2\{925e9f5e-a3ce-11de-a113-0017315df0b6}\Shell\Auto\command - "" = MicrosoftPowerPoint.exe
O33 - MountPoints2\{925e9f5e-a3ce-11de-a113-0017315df0b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{925e9f5e-a3ce-11de-a113-0017315df0b6}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2004/08/04 13:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/30 21:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/05/30 19:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moggy\My Documents\magaluff
[2012/05/29 22:09:40 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\40861211.sys
[2012/05/28 22:53:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/28 22:44:56 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Moggy\Desktop\tdsskiller.exe
[2012/05/28 22:36:39 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\07754234.sys
[2012/05/27 17:36:35 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2012/05/27 17:36:32 | 000,278,016 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2012/05/23 18:44:16 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Moggy\Desktop\OTL.exe
[2012/05/22 22:31:55 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/22 22:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/22 22:25:30 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/22 20:47:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Moggy\Recent
[2012/05/19 20:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities
[2012/05/19 20:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moggy\Application Data\GlarySoft
[2012/05/19 20:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2012/05/19 20:22:38 | 000,028,040 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP152.SYS
[2012/05/19 19:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moggy\Start Menu\Programs\Free Window Registry Repair
[2012/05/19 19:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2012/05/19 19:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/05/19 19:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/05/19 18:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Registry Mechanic
[2012/05/19 11:47:14 | 000,000,000 | ---D | C] -- C:\fd9a065da192b07f215c7986ccf2
[2012/05/19 09:41:58 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2012/05/19 00:36:55 | 000,000,000 | ---D | C] -- C:\522b55c28c987999615a62
[2012/05/18 20:11:07 | 000,000,000 | ---D | C] -- C:\a258d02e152721d1ed706f
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/31 21:10:01 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/31 21:10:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/31 21:02:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B8B918BA-D311-4755-9D85-B9EA16A23CD5}.job
[2012/05/31 21:00:04 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/31 21:00:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-796845957-725345543-1004.job
[2012/05/31 21:00:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/31 21:00:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-796845957-725345543-1005.job
[2012/05/31 20:59:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/31 20:30:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/30 21:01:57 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Moggy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/30 19:31:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekday Scanner.job
[2012/05/30 19:00:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/05/30 11:38:37 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-796845957-725345543-1004.job
[2012/05/29 22:09:40 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\40861211.sys
[2012/05/28 22:44:59 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Moggy\Desktop\tdsskiller.exe
[2012/05/28 22:36:39 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\07754234.sys
[2012/05/28 22:35:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-796845957-725345543-1005.job
[2012/05/28 20:29:56 | 000,013,740 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/27 18:25:56 | 000,396,465 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\MiniToolBox.exe
[2012/05/27 17:33:02 | 000,490,256 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\HelpAsst_mebroot_fix.exe
[2012/05/27 17:30:55 | 000,000,223 | ---- | M] () -- C:\boot.ini
[2012/05/26 17:01:20 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/26 10:49:17 | 000,000,000 | ---- | M] () -- C:\Documents
[2012/05/26 09:36:21 | 000,485,928 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\HAMeb_check (1).exe
[2012/05/26 09:35:38 | 000,337,661 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\FSS.exe
[2012/05/23 20:10:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Moggy\Desktop\aswMBR.exe
[2012/05/23 18:44:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Moggy\Desktop\OTL.exe
[2012/05/22 22:43:45 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/05/22 22:31:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/22 20:29:21 | 000,041,622 | ---- | M] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120522_202917.reg
[2012/05/22 08:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/20 21:53:22 | 000,020,256 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2012/05/20 21:10:40 | 000,000,232 | ---- | M] () -- C:\BOOT.BAK
[2012/05/20 20:35:49 | 000,001,887 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2012/05/20 20:35:49 | 000,001,887 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2012/05/20 19:41:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
[2012/05/19 20:26:59 | 000,000,157 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\Filepuma.url
[2012/05/19 20:24:57 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Moggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2012/05/19 20:24:57 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\Glary Utilities.lnk
[2012/05/19 20:23:34 | 000,028,040 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP152.SYS
[2012/05/19 19:39:37 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\Free Window Registry Repair.lnk
[2012/05/19 13:00:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Path.idx
[2012/05/18 22:35:08 | 000,008,912 | ---- | M] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120518_223502.reg
[2012/05/18 20:06:04 | 000,024,342 | ---- | M] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120518_200600.reg
[2012/05/10 20:49:50 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 22:34:18 | 000,441,462 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 22:34:18 | 000,071,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/08 22:51:07 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/08 22:51:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/06 22:25:36 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2012/05/06 22:25:35 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\Moggy\Desktop\DivX Movies.lnk
[2012/05/01 22:13:27 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/30 19:31:24 | 273,078,784 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\midgetmafia2.avi
[2012/05/30 19:31:21 | 070,067,350 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\midgetmafia1.avi
[2012/05/30 19:30:46 | 892,358,656 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\Cylia_1_ArenasHQ.avi
[2012/05/30 19:30:10 | 771,000,362 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\b4.avi
[2012/05/30 19:29:32 | 978,705,464 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\Tales of the Past 3.avi
[2012/05/30 19:29:11 | 462,745,600 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\Sonny_resto_2.avi
[2012/05/30 19:28:41 | 750,508,032 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\sonny_final.avi
[2012/05/30 19:28:10 | 745,783,296 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\SecurityKJFINAL.avi
[2012/05/30 19:27:44 | 599,546,831 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\Tuska_4_Final.wmv
[2012/05/30 19:27:24 | 578,611,454 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\tfod.wmv
[2012/05/30 19:27:13 | 271,892,473 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\SPpvp1_0003.wmv
[2012/05/30 19:27:07 | 127,630,747 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\SKvsNWM.wmv
[2012/05/30 19:26:58 | 222,610,941 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\Security_VS_Vashj_1stkills.wmv
[2012/05/30 19:26:40 | 491,139,788 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\Security_vs_Illidan_Stormv.wmv
[2012/05/30 19:26:36 | 084,958,094 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\Security_VS_Felmyst.wmv
[2012/05/30 19:26:29 | 216,391,510 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\Security_vs_eredar_twins.wmv
[2012/05/30 19:26:26 | 063,027,938 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\Security_VS_Brutallus.wmv
[2012/05/30 19:26:19 | 180,327,978 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\security_kalecgos.wmv
[2012/05/30 19:26:09 | 282,324,264 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\SEC-Illidan.wmv
[2012/05/30 19:25:48 | 555,446,077 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\Reckful 2.wmv
[2012/05/30 19:24:42 | 761,396,223 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\Nerf_Sap_10_-_Commentary.wmv
[2012/05/27 18:25:54 | 000,396,465 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\MiniToolBox.exe
[2012/05/27 17:36:32 | 000,082,944 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/27 17:36:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\mbr.exe
[2012/05/27 17:33:03 | 000,490,256 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\HelpAsst_mebroot_fix.exe
[2012/05/26 10:49:17 | 000,000,000 | ---- | C] () -- C:\Documents
[2012/05/26 09:36:09 | 000,485,928 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\HAMeb_check (1).exe
[2012/05/26 09:35:36 | 000,337,661 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\FSS.exe
[2012/05/22 22:31:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/22 20:29:18 | 000,041,622 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120522_202917.reg
[2012/05/19 23:52:34 | 000,000,232 | ---- | C] () -- C:\BOOT.BAK
[2012/05/19 20:24:58 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/19 20:24:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Moggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2012/05/19 20:24:57 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\Glary Utilities.lnk
[2012/05/19 20:24:57 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\Filepuma.url
[2012/05/19 19:39:37 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Moggy\Desktop\Free Window Registry Repair.lnk
[2012/05/19 13:00:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Path.idx
[2012/05/19 09:40:31 | 000,001,887 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2012/05/19 09:40:31 | 000,001,887 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2012/05/18 22:35:04 | 000,008,912 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120518_223502.reg
[2012/05/18 20:06:02 | 000,024,342 | ---- | C] () -- C:\Documents and Settings\Moggy\My Documents\cc_20120518_200600.reg
[2012/02/19 21:11:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/18 00:11:46 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/02/14 21:11:44 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Moggy\Local Settings\Application Data\84756-11986-27475-00TC1-94865
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/07/15 00:15:36 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/05/02 15:37:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/05/02 15:32:50 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/04/15 11:26:30 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/15 11:26:29 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/15 11:26:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/23 12:13:06 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D29BF00

< End of report >
  • 0

#23
Technodave

Technodave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
otl.exe was stopping at xusb21 again. i can not find the chkdsk log all thou i can get to the right place to look for it now
  • 0

#24
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Technodave,

We're going to need to get a Master Boot Record dump form outside of the Windows environment. To do this you are going to need a clean computer with a CD/DVD burner, a blank CD/DVD and a USB drive (also known as a thumb drive).

First we will run a USB disinfector program on the clean computer as a precaution measure.


Step-1.

Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from here and save it to the desktop of the clean computer.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.


Step-2.

Get MBR with xPud

Do this from the clean computer.
You will need a USB drive and a blank CD.
  • Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat file
  • The program will download xpud_0.9.2.iso, and upon finishing will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD. When the CD burn has finished:
  • Safely remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD. On newer computers you can press an F key at start up to reach the Boot Menu . If your computer has this it will tell you which key to use. As soon as the computer starts you will see in the top left corner or bottom right corner something like the following:
    SETUP=F2 (or some other key)
    BOOT=F12 (or some other key)
  • As soon as the computer starts up, gently tap the F key and choose to boot from the CD then reboot the machine.
    • NOTE: If your computer doesn't have this feature you may need to configure the BIOS to set your computer to boot from the CD. If you don't know how to do that, follow the steps here, or here

    After the computer has been booted from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Safely remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.
This will allow me to have a look at the MasterBootRecord of your drive and see if it is still infected.


Step-3.

Things For Your Next Post:
1. The zipped mbr.bin file attached to the post
  • 0

#25
Technodave

Technodave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
hi gidawgs the pc is working a lot better i have been able to save and back up all the files i need. I want to reinstall windows xp now. If i can do so and it will solve my problems i have windows xp and vista disks.

I have not been able to access the bios menus on start up thou.
  • 0

Advertisements


#26
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Technodave,

It depends on what you are talking about. A format and reinstall of Windows should solve the remaining virus, malware issues. A simple Windows repair will not. You should be able to reinstall XP with no problems. Installing Vista depends on the type of disk that you have. If you have a normal installation disk you can install from that, but if the Vista disk is an upgrade disk you will need to install XP and then upgrade to Vista. Let me know what you decide. I can post some links for the format and reinstall and if you need assistance I will be here for that too.
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP