After following your instructions my computer seems to be running better than it was, but my add/remove program says " windows cannot find "C:\WINDOWS\system32\rundll32.exe"" and therefore it won't open and also I cannot delete the original combofix from my desktop. When I click delete it says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them". One more thing, after I ran OTL and it rebooted there were some icons on my desktop I had not seen in months but they were check-marked hidden in their attributes when I right-clicked on them. One in particular stood out, it was an image file and when I went to its properties there was a message in the middle of the screen that said something like it was from another computer, could be malicious. Anyways here are the logs.
OTL logfile created on: 6/15/2012 1:32:36 AM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Aaron\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
766.42 Mb Total Physical Memory | 433.53 Mb Available Physical Memory | 56.57% Memory free
2.02 Gb Paging File | 1.78 Gb Available in Paging File | 87.89% Paging File free
Paging file location(s): C:\pagefile.sys 1350 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.26 Gb Total Space | 6.51 Gb Free Space | 11.36% Space Free | Partition Type: NTFS
Computer Name: AARON-H612E60RG | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/06/14 00:11:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
PRC - [2011/07/09 12:15:18 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2010/03/31 21:03:19 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/14 09:29:00 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2006/09/22 23:18:13 | 000,356,352 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
PRC - [2006/07/14 22:37:55 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/07/14 22:37:55 | 000,053,293 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realevent.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ========== MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/10 12:48:03 | 000,150,480 | ---- | M] () -- C:\WINDOWS\system32\5017\components\AcroFF017.dll
MOD - [2008/12/12 18:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 18:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2006/09/22 23:18:13 | 000,356,352 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
MOD - [2006/09/22 23:18:13 | 000,073,728 | ---- | M] () -- C:\Program Files\Micro Innovations\Optical Scroll\mouDL32A.dll
MOD - [2004/08/04 00:56:46 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/07/09 12:15:18 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2009/04/26 15:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/03/03 14:53:32 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\e5f36169.sys -- (e5f36169)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/11/06 00:13:33 | 000,044,696 | ---- | M] (Phantombility, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\phmcd.sys -- (phmcd)
DRV - [2007/02/18 11:56:38 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/01/30 01:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/07/24 00:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/18 21:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/18 21:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/18 21:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/18 21:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/18 21:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/18 21:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/04/30 04:17:54 | 000,917,988 | R--- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "
http://www.yahoo.com/"FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems:
[email protected]:7
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/flashplayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5017 [2011/06/10 12:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/03 18:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 12:33:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Documents and Settings\Aaron\Application Data\Move Networks [2009/11/14 14:24:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5017 [2011/06/10 12:48:03 | 000,000,000 | ---D | M]
[2011/01/03 02:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Extensions
[2011/01/03 02:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Extensions\
[email protected][2012/06/15 01:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions
[2009/05/21 13:07:03 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/11/29 03:04:42 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2)
[2008/12/12 13:23:54 | 000,002,158 | -H-- | M] () -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\searchplugins\MySpace.xml
[2012/06/15 01:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/14 14:24:37 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOVE NETWORKS
[2009/07/05 01:19:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/10 12:48:03 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5017
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: getPlus for Adobe 15235 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Aaron\Application Data\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Aaron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/06/15 01:23:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe ()
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [RealPlayer] C:\Program Files\Real\RealOne Player\realplay.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71}
http://download.micr...9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499}
https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1248838524406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8ffbe65d-2c9c-4669-84bd-5829dc0b603c}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941}
http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7}
http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40D07D27-6BC4-4866-971E-D1050AE8A92E}: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{557019BA-570F-494C-8F4D-72862B87EFB0}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/13 02:10:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2012/06/15 01:32:50 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aaron\Desktop\tdsskiller.exe
[2012/06/15 01:23:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/14 00:13:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Aaron\Desktop\aswMBR.exe
[2012/06/14 00:11:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
[2012/06/05 00:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
========== Files - Modified Within 30 Days ========== [2012/06/15 01:33:02 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Aaron\Desktop\tdsskiller.exe
[2012/06/15 01:29:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/15 01:28:47 | 000,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/15 01:28:47 | 000,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/15 01:28:47 | 000,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/15 01:28:47 | 000,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000009-00001102-00000002-80651102}.rfx
[2012/06/15 01:28:47 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/06/15 01:28:47 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/06/15 01:28:47 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80651102}.dat
[2012/06/15 01:28:47 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000009-00001102-00000002-80651102}.dat
[2012/06/15 01:23:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/15 01:10:32 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004UA.job
[2012/06/15 01:00:52 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/14 00:43:15 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\Aaron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/14 00:40:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\MBR.dat
[2012/06/14 00:13:48 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Aaron\Desktop\aswMBR.exe
[2012/06/14 00:11:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
[2012/06/14 00:10:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004Core.job
[2012/06/13 14:09:44 | 000,004,036 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/11 22:11:41 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/11 22:11:39 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\Google Chrome.lnk
[2012/06/04 18:39:03 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lkkjeunt.sys
[2012/06/02 15:38:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
========== Files Created - No Company Name ========== [2012/06/14 00:40:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Aaron\Desktop\MBR.dat
[2012/06/04 18:39:03 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lkkjeunt.sys
[2012/06/02 15:38:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
========== LOP Check ========== [2010/12/31 00:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\.anomos
[2007/01/01 20:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\acccore
[2006/07/13 13:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Aim
[2009/08/13 01:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Any Video Converter
[2012/06/13 20:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Azureus
[2011/10/08 13:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\FrostWire
[2010/02/01 22:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\iWin
[2010/08/21 23:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Leawo
[2009/11/29 03:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Lionhead Studios
[2009/07/12 21:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\LPECommon
[2006/08/07 15:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\LucasArts
[2011/12/04 03:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\MP3Rocket
[2009/11/29 03:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\My Games
[2009/06/18 00:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Opera
[2011/01/03 02:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Philips
[2011/01/03 02:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Philips-Songbird
[2009/11/29 01:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\QuickScan
[2009/03/21 02:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Research In Motion
[2009/11/07 12:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\uTorrent
[2007/01/11 16:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Viewpoint
[2009/09/09 14:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/02/07 19:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/09/10 13:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2009/11/29 03:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2011/04/22 20:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2009/12/16 02:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/04/22 20:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/12/26 03:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/02 10:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/15 13:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/21 23:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/12 01:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
< End of report >
01:59:28.0916 2128 TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
01:59:29.0376 2128 ============================================================
01:59:29.0376 2128 Current date / time: 2012/06/15 01:59:29.0376
01:59:29.0376 2128 SystemInfo:
01:59:29.0376 2128
01:59:29.0376 2128 OS Version: 5.1.2600 ServicePack: 2.0
01:59:29.0376 2128 Product type: Workstation
01:59:29.0376 2128 ComputerName: AARON-H612E60RG
01:59:29.0376 2128 UserName: Aaron
01:59:29.0376 2128 Windows directory: C:\WINDOWS
01:59:29.0376 2128 System windows directory: C:\WINDOWS
01:59:29.0376 2128 Processor architecture: Intel x86
01:59:29.0376 2128 Number of processors: 1
01:59:29.0376 2128 Page size: 0x1000
01:59:29.0376 2128 Boot type: Normal boot
01:59:29.0376 2128 ============================================================
01:59:31.0349 2128 Drive \Device\Harddisk0\DR0 - Size: 0xE51424000 (57.27 Gb), SectorSize: 0x200, Cylinders: 0x1D34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:59:31.0349 2128 ============================================================
01:59:31.0359 2128 \Device\Harddisk0\DR0:
01:59:31.0359 2128 MBR partitions:
01:59:31.0359 2128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7285D34
01:59:31.0359 2128 ============================================================
01:59:31.0600 2128 C: <-> \Device\Harddisk0\DR0\Partition0
01:59:31.0650 2128 ============================================================
01:59:31.0650 2128 Initialize success
01:59:31.0650 2128 ============================================================
02:00:42.0532 1300 ============================================================
02:00:42.0532 1300 Scan started
02:00:42.0532 1300 Mode: Manual; SigCheck; TDLFS;
02:00:42.0532 1300 ============================================================
02:00:42.0892 1300 Abiosdsk - ok
02:00:42.0952 1300 abp480n5 - ok
02:00:43.0082 1300 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:00:45.0536 1300 ACPI - ok
02:00:45.0636 1300 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:00:45.0957 1300 ACPIEC - ok
02:00:46.0007 1300 adpu160m - ok
02:00:46.0087 1300 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
02:00:46.0367 1300 aec - ok
02:00:46.0427 1300 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
02:00:46.0447 1300 AegisP ( UnsignedFile.Multi.Generic ) - warning
02:00:46.0447 1300 AegisP - detected UnsignedFile.Multi.Generic (1)
02:00:46.0517 1300 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
02:00:46.0788 1300 AFD - ok
02:00:46.0838 1300 Aha154x - ok
02:00:46.0918 1300 aic78u2 - ok
02:00:46.0968 1300 aic78xx - ok
02:00:47.0058 1300 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
02:00:47.0338 1300 Alerter - ok
02:00:47.0409 1300 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
02:00:47.0699 1300 ALG - ok
02:00:47.0729 1300 AliIde - ok
02:00:47.0779 1300 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
02:00:48.0029 1300 AmdK7 - ok
02:00:48.0080 1300 amsint - ok
02:00:48.0250 1300 Apple Mobile Device (b1a0266d5f48c1a9a87c60ca5304a43e) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:00:48.0300 1300 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
02:00:48.0300 1300 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
02:00:48.0350 1300 AppMgmt - ok
02:00:48.0380 1300 asc - ok
02:00:48.0430 1300 asc3350p - ok
02:00:48.0480 1300 asc3550 - ok
02:00:48.0660 1300 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:00:48.0680 1300 aspnet_state - ok
02:00:48.0730 1300 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:00:49.0001 1300 AsyncMac - ok
02:00:49.0081 1300 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:00:49.0321 1300 atapi - ok
02:00:49.0391 1300 Atdisk - ok
02:00:49.0462 1300 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:00:49.0732 1300 Atmarpc - ok
02:00:49.0832 1300 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
02:00:50.0072 1300 AudioSrv - ok
02:00:50.0163 1300 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:00:50.0463 1300 audstub - ok
02:00:50.0533 1300 Beep - ok
02:00:50.0683 1300 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
02:00:51.0004 1300 BITS - ok
02:00:51.0174 1300 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
02:00:51.0214 1300 Bonjour Service - ok
02:00:51.0304 1300 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
02:00:51.0565 1300 Browser - ok
02:00:51.0615 1300 catchme - ok
02:00:51.0735 1300 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:00:52.0035 1300 cbidf2k - ok
02:00:52.0085 1300 cd20xrnt - ok
02:00:52.0216 1300 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:00:52.0496 1300 Cdaudio - ok
02:00:52.0556 1300 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
02:00:52.0806 1300 Cdfs - ok
02:00:52.0876 1300 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:00:53.0157 1300 Cdrom - ok
02:00:53.0177 1300 Changer - ok
02:00:53.0247 1300 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
02:00:53.0517 1300 CiSvc - ok
02:00:53.0567 1300 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
02:00:53.0868 1300 ClipSrv - ok
02:00:53.0948 1300 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:00:54.0018 1300 clr_optimization_v2.0.50727_32 - ok
02:00:54.0038 1300 CmdIde - ok
02:00:54.0098 1300 COMSysApp - ok
02:00:54.0168 1300 Cpqarray - ok
02:00:54.0248 1300 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
02:00:54.0499 1300 CryptSvc - ok
02:00:54.0569 1300 ctac32k (4b6096745f72b4fd36514617e2ea5d37) C:\WINDOWS\system32\drivers\ctac32k.sys
02:00:54.0659 1300 ctac32k - ok
02:00:54.0829 1300 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys
02:00:54.0899 1300 ctaud2k - ok
02:00:54.0969 1300 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
02:00:55.0270 1300 ctljystk - ok
02:00:55.0330 1300 ctprxy2k (097d42574e3c6d98cd5a2ee7647fa6bf) C:\WINDOWS\system32\drivers\ctprxy2k.sys
02:00:55.0360 1300 ctprxy2k - ok
02:00:55.0430 1300 ctsfm2k (c58a2507ef62b20b9bd670c666088b50) C:\WINDOWS\system32\drivers\ctsfm2k.sys
02:00:55.0470 1300 ctsfm2k - ok
02:00:55.0560 1300 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
02:00:55.0590 1300 d347bus ( UnsignedFile.Multi.Generic ) - warning
02:00:55.0590 1300 d347bus - detected UnsignedFile.Multi.Generic (1)
02:00:55.0660 1300 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
02:00:55.0711 1300 d347prt ( UnsignedFile.Multi.Generic ) - warning
02:00:55.0711 1300 d347prt - detected UnsignedFile.Multi.Generic (1)
02:00:55.0761 1300 dac2w2k - ok
02:00:55.0821 1300 dac960nt - ok
02:00:55.0961 1300 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
02:00:56.0251 1300 DcomLaunch - ok
02:00:56.0341 1300 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
02:00:56.0592 1300 Dhcp - ok
02:00:56.0632 1300 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
02:00:56.0902 1300 Disk - ok
02:00:56.0932 1300 dmadmin - ok
02:00:57.0093 1300 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
02:00:57.0413 1300 dmboot - ok
02:00:57.0493 1300 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
02:00:57.0753 1300 dmio - ok
02:00:57.0824 1300 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:00:58.0134 1300 dmload - ok
02:00:58.0184 1300 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
02:00:58.0464 1300 dmserver - ok
02:00:58.0555 1300 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
02:00:58.0795 1300 DMusic - ok
02:00:58.0865 1300 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
02:00:59.0125 1300 Dnscache - ok
02:00:59.0176 1300 dpti2o - ok
02:00:59.0246 1300 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
02:00:59.0486 1300 drmkaud - ok
02:00:59.0516 1300 e5f36169 - ok
02:00:59.0606 1300 emupia (a9d94b89372f3f9609a1a5eec631a260) C:\WINDOWS\system32\drivers\emupia2k.sys
02:00:59.0646 1300 emupia - ok
02:00:59.0686 1300 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
02:00:59.0947 1300 ERSvc - ok
02:01:00.0007 1300 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
02:01:00.0397 1300 Eventlog - ok
02:01:00.0497 1300 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\System32\es.dll
02:01:00.0768 1300 EventSystem - ok
02:01:00.0858 1300 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
02:01:01.0108 1300 Fastfat - ok
02:01:01.0208 1300 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
02:01:01.0489 1300 FastUserSwitchingCompatibility - ok
02:01:01.0579 1300 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:01:01.0829 1300 Fdc - ok
02:01:01.0899 1300 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
02:01:02.0220 1300 FETNDIS - ok
02:01:02.0310 1300 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
02:01:02.0610 1300 Fips - ok
02:01:02.0651 1300 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:01:02.0911 1300 Flpydisk - ok
02:01:02.0981 1300 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
02:01:03.0251 1300 FltMgr - ok
02:01:03.0301 1300 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:01:03.0622 1300 Fs_Rec - ok
02:01:03.0712 1300 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:01:04.0022 1300 Ftdisk - ok
02:01:04.0073 1300 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
02:01:04.0323 1300 gameenum - ok
02:01:04.0383 1300 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
02:01:04.0473 1300 GEARAspiWDM - ok
02:01:04.0593 1300 getPlus® Helper (35a1f815962f3552066c6be4c969d297) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
02:01:04.0653 1300 getPlus® Helper - ok
02:01:04.0713 1300 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:01:04.0964 1300 Gpc - ok
02:01:05.0124 1300 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys
02:01:05.0204 1300 ha10kx2k - ok
02:01:05.0344 1300 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:01:05.0635 1300 helpsvc - ok
02:01:05.0665 1300 HidServ - ok
02:01:05.0725 1300 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:01:06.0045 1300 hidusb - ok
02:01:06.0075 1300 hpn - ok
02:01:06.0176 1300 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
02:01:06.0426 1300 HTTP - ok
02:01:06.0486 1300 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
02:01:06.0726 1300 HTTPFilter - ok
02:01:06.0776 1300 i2omgmt - ok
02:01:06.0837 1300 i2omp - ok
02:01:06.0927 1300 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:01:07.0167 1300 i8042prt - ok
02:01:07.0367 1300 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
02:01:07.0387 1300 IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:01:07.0387 1300 IDriverT - detected UnsignedFile.Multi.Generic (1)
02:01:07.0467 1300 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:01:07.0718 1300 Imapi - ok
02:01:07.0828 1300 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
02:01:08.0088 1300 ImapiService - ok
02:01:08.0168 1300 ini910u - ok
02:01:08.0249 1300 IntelIde - ok
02:01:08.0329 1300 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:01:08.0549 1300 intelppm - ok
02:01:08.0599 1300 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
02:01:08.0829 1300 ip6fw - ok
02:01:08.0899 1300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:01:09.0170 1300 IpFilterDriver - ok
02:01:09.0270 1300 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:01:09.0520 1300 IpInIp - ok
02:01:09.0601 1300 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:01:09.0851 1300 IpNat - ok
02:01:09.0991 1300 iPod Service (ed81ac5676fa647904c240aaadd83ca8) C:\Program Files\iPod\bin\iPodService.exe
02:01:10.0031 1300 iPod Service ( UnsignedFile.Multi.Generic ) - warning
02:01:10.0031 1300 iPod Service - detected UnsignedFile.Multi.Generic (1)
02:01:10.0121 1300 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:01:10.0382 1300 IPSec - ok
02:01:10.0432 1300 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:01:10.0672 1300 IRENUM - ok
02:01:10.0752 1300 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:01:11.0063 1300 isapnp - ok
02:01:11.0223 1300 JavaQuickStarterService (d98896a4264cdcbe77d513892e8892df) C:\Program Files\Java\jre6\bin\jqs.exe
02:01:11.0243 1300 JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - warning
02:01:11.0243 1300 JavaQuickStarterService - detected UnsignedFile.Multi.Generic (1)
02:01:11.0303 1300 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:01:11.0543 1300 Kbdclass - ok
02:01:11.0623 1300 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
02:01:11.0874 1300 kmixer - ok
02:01:11.0934 1300 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
02:01:12.0194 1300 KSecDD - ok
02:01:12.0334 1300 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
02:01:12.0565 1300 lanmanserver - ok
02:01:12.0655 1300 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
02:01:12.0905 1300 lanmanworkstation - ok
02:01:12.0965 1300 lbrtfdc - ok
02:01:13.0116 1300 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
02:01:13.0366 1300 LmHosts - ok
02:01:13.0656 1300 MDM (498689a056809b70e4f0c6e05ea9b340) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
02:01:13.0716 1300 MDM ( UnsignedFile.Multi.Generic ) - warning
02:01:13.0716 1300 MDM - detected UnsignedFile.Multi.Generic (1)
02:01:13.0787 1300 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
02:01:13.0877 1300 mdmxsdk - ok
02:01:13.0937 1300 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
02:01:14.0167 1300 Messenger - ok
02:01:14.0277 1300 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
02:01:14.0307 1300 Microsoft Office Groove Audit Service - ok
02:01:14.0347 1300 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:01:14.0648 1300 mnmdd - ok
02:01:14.0748 1300 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
02:01:14.0998 1300 mnmsrvc - ok
02:01:15.0088 1300 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
02:01:15.0329 1300 Modem - ok
02:01:15.0409 1300 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
02:01:15.0729 1300 MODEMCSA - ok
02:01:15.0789 1300 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:01:16.0030 1300 Mouclass - ok
02:01:16.0080 1300 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:01:16.0390 1300 mouhid - ok
02:01:16.0470 1300 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
02:01:16.0731 1300 MountMgr - ok
02:01:16.0781 1300 mraid35x - ok
02:01:16.0871 1300 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:01:17.0121 1300 MRxDAV - ok
02:01:17.0272 1300 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:01:17.0542 1300 MRxSmb - ok
02:01:17.0622 1300 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
02:01:17.0852 1300 MSDTC - ok
02:01:17.0942 1300 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
02:01:18.0203 1300 Msfs - ok
02:01:18.0253 1300 MSIServer - ok
02:01:18.0333 1300 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:01:18.0583 1300 MSKSSRV - ok
02:01:18.0704 1300 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:01:18.0954 1300 MSPCLOCK - ok
02:01:19.0014 1300 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
02:01:19.0284 1300 MSPQM - ok
02:01:19.0345 1300 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:01:19.0595 1300 mssmbios - ok
02:01:19.0685 1300 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
02:01:20.0005 1300 ms_mpu401 - ok
02:01:20.0066 1300 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
02:01:20.0336 1300 Mup - ok
02:01:20.0406 1300 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
02:01:20.0666 1300 NDIS - ok
02:01:20.0757 1300 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:01:21.0077 1300 NdisTapi - ok
02:01:21.0127 1300 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:01:21.0397 1300 Ndisuio - ok
02:01:21.0458 1300 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:01:21.0698 1300 NdisWan - ok
02:01:21.0788 1300 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
02:01:22.0098 1300 NDProxy - ok
02:01:22.0149 1300 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:01:22.0409 1300 NetBIOS - ok
02:01:22.0499 1300 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:01:22.0719 1300 NetBT - ok
02:01:22.0830 1300 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
02:01:23.0040 1300 NetDDE - ok
02:01:23.0100 1300 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
02:01:23.0330 1300 NetDDEdsdm - ok
02:01:23.0430 1300 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
02:01:23.0671 1300 Netlogon - ok
02:01:23.0741 1300 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
02:01:24.0001 1300 Netman - ok
02:01:24.0101 1300 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
02:01:24.0342 1300 Nla - ok
02:01:24.0562 1300 nmservice (d19952d40e7188a728d502993d37353f) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
02:01:24.0592 1300 nmservice ( UnsignedFile.Multi.Generic ) - warning
02:01:24.0592 1300 nmservice - detected UnsignedFile.Multi.Generic (1)
02:01:24.0672 1300 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
02:01:24.0923 1300 Npfs - ok
02:01:25.0073 1300 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
02:01:25.0363 1300 Ntfs - ok
02:01:25.0423 1300 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
02:01:25.0664 1300 NtLmSsp - ok
02:01:25.0764 1300 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
02:01:26.0034 1300 NtmsSvc - ok
02:01:26.0074 1300 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:01:26.0385 1300 Null - ok
02:01:26.0815 1300 nv (be10db9ad60d5814aeff31d976b99448) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:01:27.0176 1300 nv - ok
02:01:27.0366 1300 NVSvc (a3b67aa9f60533557fd9141bca9fa4a9) C:\WINDOWS\system32\nvsvc32.exe
02:01:27.0406 1300 NVSvc - ok
02:01:27.0516 1300 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:01:27.0817 1300 NwlnkFlt - ok
02:01:27.0867 1300 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:01:28.0177 1300 NwlnkFwd - ok
02:01:28.0408 1300 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:01:28.0448 1300 odserv - ok
02:01:28.0528 1300 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:01:28.0578 1300 ose - ok
02:01:28.0678 1300 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys
02:01:28.0718 1300 ossrv - ok
02:01:28.0848 1300 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
02:01:29.0068 1300 Parport - ok
02:01:29.0109 1300 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
02:01:29.0399 1300 PartMgr - ok
02:01:29.0469 1300 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:01:29.0790 1300 ParVdm - ok
02:01:29.0890 1300 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
02:01:30.0130 1300 PCI - ok
02:01:30.0200 1300 PCIDump - ok
02:01:30.0230 1300 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:01:30.0581 1300 PCIIde - ok
02:01:30.0671 1300 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:01:30.0921 1300 Pcmcia - ok
02:01:31.0071 1300 PCPitstop Scheduling (a2ac545ab59ab2a564058b9a60f6456f) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
02:01:31.0091 1300 PCPitstop Scheduling - ok
02:01:31.0141 1300 PDCOMP - ok
02:01:31.0202 1300 PDFRAME - ok
02:01:31.0252 1300 PDRELI - ok
02:01:31.0282 1300 PDRFRAME - ok
02:01:31.0312 1300 perc2 - ok
02:01:31.0362 1300 perc2hib - ok
02:01:31.0572 1300 pgfilter (2ee7f9a01fac4d7c5516a5c3ce130fd7) C:\Program Files\PeerGuardian2\pgfilter.sys
02:01:31.0602 1300 pgfilter ( UnsignedFile.Multi.Generic ) - warning
02:01:31.0602 1300 pgfilter - detected UnsignedFile.Multi.Generic (1)
02:01:31.0662 1300 phmcd (16b9f7516ec157854be4f1f83913c553) C:\WINDOWS\system32\DRIVERS\phmcd.sys
02:01:31.0672 1300 phmcd - ok
02:01:31.0772 1300 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
02:01:32.0023 1300 PlugPlay - ok
02:01:32.0093 1300 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
02:01:32.0133 1300 pnarp - ok
02:01:32.0163 1300 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
02:01:32.0423 1300 PolicyAgent - ok
02:01:32.0473 1300 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:01:32.0724 1300 PptpMiniport - ok
02:01:32.0784 1300 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
02:01:33.0014 1300 ProtectedStorage - ok
02:01:33.0054 1300 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
02:01:33.0315 1300 PSched - ok
02:01:33.0385 1300 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
02:01:33.0405 1300 PSI - ok
02:01:33.0465 1300 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:01:33.0765 1300 Ptilink - ok
02:01:33.0805 1300 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
02:01:33.0835 1300 purendis - ok
02:01:33.0935 1300 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:01:33.0956 1300 PxHelp20 - ok
02:01:33.0976 1300 ql1080 - ok
02:01:34.0036 1300 Ql10wnt - ok
02:01:34.0066 1300 ql12160 - ok
02:01:34.0116 1300 ql1240 - ok
02:01:34.0166 1300 ql1280 - ok
02:01:34.0226 1300 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:01:34.0556 1300 RasAcd - ok
02:01:34.0616 1300 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
02:01:34.0887 1300 RasAuto - ok
02:01:34.0937 1300 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:01:35.0197 1300 Rasl2tp - ok
02:01:35.0307 1300 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
02:01:35.0568 1300 RasMan - ok
02:01:35.0638 1300 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:01:35.0888 1300 RasPppoe - ok
02:01:35.0968 1300 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:01:36.0289 1300 Raspti - ok
02:01:36.0389 1300 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:01:36.0639 1300 Rdbss - ok
02:01:36.0730 1300 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:01:37.0030 1300 RDPCDD - ok
02:01:37.0170 1300 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
02:01:37.0431 1300 RDPWD - ok
02:01:37.0521 1300 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
02:01:37.0771 1300 RDSessMgr - ok
02:01:37.0821 1300 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:01:38.0081 1300 redbook - ok
02:01:38.0152 1300 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
02:01:38.0502 1300 RemoteAccess - ok
02:01:38.0582 1300 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
02:01:38.0672 1300 RimUsb - ok
02:01:38.0742 1300 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
02:01:38.0792 1300 RimVSerPort - ok
02:01:38.0843 1300 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
02:01:39.0143 1300 ROOTMODEM - ok
02:01:39.0263 1300 Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
02:01:39.0283 1300 Roxio UPnP Renderer 9 - ok
02:01:39.0393 1300 Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
02:01:39.0433 1300 Roxio Upnp Server 9 - ok
02:01:39.0644 1300 RoxLiveShare9 (272572b93ede9d44e8330a03d1b83092) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
02:01:39.0674 1300 RoxLiveShare9 - ok
02:01:39.0854 1300 RoxMediaDB9 (6ba45db2953d0fc7c8107b2e3024cb89) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
02:01:39.0944 1300 RoxMediaDB9 - ok
02:01:40.0004 1300 RoxWatch9 (c48eabb051422eb38adc9eabd47640b9) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
02:01:40.0054 1300 RoxWatch9 - ok
02:01:40.0225 1300 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
02:01:40.0485 1300 RpcLocator - ok
02:01:40.0645 1300 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\System32\rpcss.dll
02:01:40.0916 1300 RpcSs - ok
02:01:41.0006 1300 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
02:01:41.0326 1300 RSVP - ok
02:01:41.0426 1300 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
02:01:41.0637 1300 rtl8139 - ok
02:01:41.0687 1300 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
02:01:41.0927 1300 SamSs - ok
02:01:42.0057 1300 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:01:42.0077 1300 SASDIFSV - ok
02:01:42.0107 1300 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:01:42.0127 1300 SASKUTIL - ok
02:01:42.0237 1300 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
02:01:42.0488 1300 SCardSvr - ok
02:01:42.0578 1300 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
02:01:42.0828 1300 Schedule - ok
02:01:42.0958 1300 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:01:43.0009 1300 Secdrv ( UnsignedFile.Multi.Generic ) - warning
02:01:43.0009 1300 Secdrv - detected UnsignedFile.Multi.Generic (1)
02:01:43.0059 1300 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
02:01:43.0319 1300 seclogon - ok
02:01:43.0499 1300 Secunia PSI Agent (16319d96489671faf2ac5ba70228fef9) C:\Program Files\Secunia\PSI\PSIA.exe
02:01:43.0579 1300 Secunia PSI Agent ( UnsignedFile.Multi.Generic ) - warning
02:01:43.0579 1300 Secunia PSI Agent - detected UnsignedFile.Multi.Generic (1)
02:01:43.0690 1300 Secunia Update Agent (79d03af945db492304ac40e361544311) C:\Program Files\Secunia\PSI\sua.exe
02:01:43.0720 1300 Secunia Update Agent ( UnsignedFile.Multi.Generic ) - warning
02:01:43.0720 1300 Secunia Update Agent - detected UnsignedFile.Multi.Generic (1)
02:01:43.0770 1300 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
02:01:44.0020 1300 SENS - ok
02:01:44.0130 1300 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:01:44.0370 1300 serenum - ok
02:01:44.0471 1300 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
02:01:44.0711 1300 Serial - ok
02:01:44.0771 1300 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:01:45.0021 1300 Sfloppy - ok
02:01:45.0112 1300 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
02:01:45.0382 1300 SharedAccess - ok
02:01:45.0482 1300 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
02:01:45.0712 1300 ShellHWDetection - ok
02:01:45.0742 1300 Simbad - ok
02:01:45.0793 1300 Sparrow - ok
02:01:45.0843 1300 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
02:01:46.0093 1300 splitter - ok
02:01:46.0153 1300 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
02:01:46.0393 1300 Spooler - ok
02:01:46.0484 1300 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
02:01:46.0714 1300 sr - ok
02:01:46.0834 1300 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
02:01:47.0074 1300 srservice - ok
02:01:47.0155 1300 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
02:01:47.0375 1300 Srv - ok
02:01:47.0455 1300 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
02:01:47.0715 1300 SSDPSRV - ok
02:01:47.0805 1300 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
02:01:48.0096 1300 stisvc - ok
02:01:48.0196 1300 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:01:48.0436 1300 swenum - ok
02:01:48.0547 1300 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
02:01:48.0867 1300 swmidi - ok
02:01:48.0917 1300 SwPrv - ok
02:01:48.0977 1300 symc810 - ok
02:01:49.0027 1300 symc8xx - ok
02:01:49.0057 1300 sym_hi - ok
02:01:49.0107 1300 sym_u3 - ok
02:01:49.0167 1300 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
02:01:49.0428 1300 sysaudio - ok
02:01:49.0528 1300 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
02:01:49.0788 1300 SysmonLog - ok
02:01:49.0888 1300 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
02:01:50.0149 1300 TapiSrv - ok
02:01:50.0249 1300 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:01:50.0529 1300 Tcpip - ok
02:01:50.0609 1300 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:01:50.0850 1300 TDPIPE - ok
02:01:50.0880 1300 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
02:01:51.0150 1300 TDTCP - ok
02:01:51.0220 1300 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:01:51.0461 1300 TermDD - ok
02:01:51.0571 1300 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
02:01:51.0791 1300 TermService - ok
02:01:51.0881 1300 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
02:01:52.0112 1300 Themes - ok
02:01:52.0162 1300 TosIde - ok
02:01:52.0252 1300 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
02:01:52.0502 1300 TrkWks - ok
02:01:52.0612 1300 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
02:01:52.0612 1300 TVICHW32 ( UnsignedFile.Multi.Generic ) - warning
02:01:52.0622 1300 TVICHW32 - detected UnsignedFile.Multi.Generic (1)
02:01:52.0672 1300 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
02:01:52.0913 1300 uagp35 - ok
02:01:53.0013 1300 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
02:01:53.0253 1300 Udfs - ok
02:01:53.0283 1300 ultra - ok
02:01:53.0383 1300 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
02:01:53.0624 1300 Update - ok
02:01:53.0734 1300 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
02:01:53.0974 1300 upnphost - ok
02:01:54.0054 1300 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
02:01:54.0305 1300 UPS - ok
02:01:54.0415 1300 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
02:01:54.0475 1300 USBAAPL - ok
02:01:54.0565 1300 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:01:54.0806 1300 usbccgp - ok
02:01:54.0896 1300 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:01:55.0136 1300 usbehci - ok
02:01:55.0196 1300 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:01:55.0436 1300 usbhub - ok
02:01:55.0496 1300 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:01:55.0737 1300 usbprint - ok
02:01:55.0817 1300 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:01:56.0037 1300 usbscan - ok
02:01:56.0157 1300 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
02:01:56.0167 1300 usbsermpt ( UnsignedFile.Multi.Generic ) - warning
02:01:56.0167 1300 usbsermpt - detected UnsignedFile.Multi.Generic (1)
02:01:56.0248 1300 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:01:56.0488 1300 USBSTOR - ok
02:01:56.0538 1300 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:01:56.0788 1300 usbuhci - ok
02:01:56.0878 1300 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
02:01:57.0109 1300 VgaSave - ok
02:01:57.0169 1300 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
02:01:57.0399 1300 viaagp - ok
02:01:57.0429 1300 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
02:01:57.0680 1300 ViaIde - ok
02:01:57.0750 1300 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
02:01:57.0990 1300 VolSnap - ok
02:01:58.0080 1300 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
02:01:58.0341 1300 VSS - ok
02:01:58.0431 1300 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
02:01:58.0661 1300 W32Time - ok
02:01:58.0731 1300 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:01:58.0982 1300 Wanarp - ok
02:01:59.0012 1300 WDICA - ok
02:01:59.0082 1300 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
02:01:59.0342 1300 wdmaud - ok
02:01:59.0402 1300 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
02:01:59.0652 1300 WebClient - ok
02:01:59.0813 1300 Winachcf (e3df12ce194d1da6ca7fdc0d8fbcb55e) C:\WINDOWS\system32\DRIVERS\winachcf.sys
02:01:59.0893 1300 Winachcf - ok
02:02:00.0013 1300 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
02:02:00.0253 1300 winmgmt - ok
02:02:00.0394 1300 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
02:02:00.0734 1300 WmdmPmSN - ok
02:02:00.0874 1300 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
02:02:01.0115 1300 WmiApSrv - ok
02:02:01.0335 1300 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
02:02:01.0475 1300 WMPNetworkSvc - ok
02:02:01.0575 1300 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:02:01.0595 1300 WpdUsb - ok
02:02:01.0695 1300 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
02:02:01.0936 1300 wscsvc - ok
02:02:01.0976 1300 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
02:02:02.0236 1300 wuauserv - ok
02:02:02.0346 1300 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:02:02.0416 1300 WudfPf - ok
02:02:02.0507 1300 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:02:02.0527 1300 WudfRd - ok
02:02:02.0607 1300 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
02:02:02.0657 1300 WudfSvc - ok
02:02:02.0767 1300 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
02:02:03.0037 1300 WZCSVC - ok
02:02:03.0107 1300 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
02:02:03.0358 1300 xmlprov - ok
02:02:03.0558 1300 YahooAUService (f2375729b44769b20a26b9c402c7e781) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
02:02:03.0598 1300 YahooAUService ( UnsignedFile.Multi.Generic ) - warning
02:02:03.0598 1300 YahooAUService - detected UnsignedFile.Multi.Generic (1)
02:02:03.0728 1300 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:02:04.0580 1300 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
02:02:04.0600 1300 \Device\Harddisk0\DR0 - detected TDSS File System (1)
02:02:04.0670 1300 Boot (0x1200) (4f93683189d6a4f532cdc7faa5f675b7) \Device\Harddisk0\DR0\Partition0
02:02:04.0670 1300 \Device\Harddisk0\DR0\Partition0 - ok
02:02:04.0700 1300 ============================================================
02:02:04.0700 1300 Scan finished
02:02:04.0700 1300 ============================================================
02:02:04.0880 1528 Detected object count: 17
02:02:04.0880 1528 Actual detected object count: 17
02:02:16.0667 1528 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0667 1528 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0667 1528 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0667 1528 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0747 1528 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0747 1528 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0747 1528 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0747 1528 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0747 1528 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0747 1528 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0777 1528 iPod Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0777 1528 iPod Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0777 1528 JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0777 1528 JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0797 1528 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0797 1528 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0797 1528 nmservice ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0797 1528 nmservice ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0827 1528 pgfilter ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0827 1528 pgfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0827 1528 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0827 1528 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0847 1528 Secunia PSI Agent ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0847 1528 Secunia PSI Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0847 1528 Secunia Update Agent ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0847 1528 Secunia Update Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0877 1528 TVICHW32 ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0877 1528 TVICHW32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0877 1528 usbsermpt ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0877 1528 usbsermpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0897 1528 YahooAUService ( UnsignedFile.Multi.Generic ) - skipped by user
02:02:16.0897 1528 YahooAUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:02:16.0897 1528 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
02:02:16.0897 1528 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
ComboFix 12-06-14.05 - Aaron 06/15/2012 2:13.12.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.766.486 [GMT -5:00]
Running from: c:\documents and settings\Aaron\Desktop\Gotcha.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\avisynth.dll
c:\windows\system32\devil.dll
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\xmldm
c:\windows\system32\xmldm\2480_FF_0000009381.key
c:\windows\system32\xmldm\2480_FF_0000009382.htm
c:\windows\system32\xmldm\2480_FF_0000009383.frm
c:\windows\system32\xmldm\2480_FF_0000009384.pst
c:\windows\system32\xmldm\2480_FF_0000009385.htm
c:\windows\system32\xmldm\2480_FF_0000009386.key
c:\windows\system32\xmldm\2480_FF_0000009387.htm
c:\windows\system32\xmldm\2480_FF_0000009388.key
c:\windows\system32\xmldm\2480_FF_0000009389.htm
c:\windows\system32\xmldm\2480_FF_0000009390.key
c:\windows\system32\xmldm\2480_FF_0000009391.htm
c:\windows\system32\xmldm\2480_FF_0000009392.key
c:\windows\system32\xmldm\2480_FF_0000009393.htm
c:\windows\system32\xmldm\2480_FF_0000009394.key
c:\windows\system32\xmldm\2480_FF_0000009395.htm
c:\windows\system32\xmldm\2480_FF_0000009396.key
c:\windows\system32\xmldm\2480_FF_0000009397.htm
c:\windows\system32\xmldm\2480_FF_0000009398.key
c:\windows\system32\xmldm\2480_FF_0000009399.htm
c:\windows\system32\xmldm\2480_FF_0000009400.key
c:\windows\system32\xmldm\2480_FF_0000009401.htm
c:\windows\system32\xmldm\2480_FF_0000009402.key
c:\windows\system32\xmldm\2480_FF_0000009403.htm
c:\windows\system32\xmldm\2480_FF_0000009404.key
c:\windows\system32\xmldm\2480_FF_0000009405.pst
c:\windows\system32\xmldm\2480_FF_0000009406_ifrm.htm
c:\windows\system32\xmldm\2480_FF_0000009407.htm
c:\windows\system32\xmldm\2480_FF_0000009408.key
c:\windows\system32\xmldm\2480_FF_0000009409.frm
c:\windows\system32\xmldm\2480_FF_0000009410.frm
c:\windows\system32\xmldm\2480_FF_0000009411.frm
c:\windows\system32\xmldm\2480_FF_0000009412.frm
c:\windows\system32\xmldm\2480_FF_0000009413.frm
c:\windows\system32\xmldm\2480_FF_0000009414.frm
c:\windows\system32\xmldm\2480_FF_0000009415.frm
c:\windows\system32\xmldm\2480_FF_0000009416.pst
c:\windows\system32\xmldm\2480_FF_0000009417.htm
c:\windows\system32\xmldm\2480_FF_0000009418.key
c:\windows\system32\xmldm\2488_FF_0000009139_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009140_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009141_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009142_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009143_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009144_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009145_ifrm.htm
c:\windows\system32\xmldm\2488_FF_0000009146.htm
c:\windows\system32\xmldm\2488_FF_0000009147.key
c:\windows\system32\xmldm\2488_FF_0000009148.frm
c:\windows\system32\xmldm\2596_FF_0000009571.key
c:\windows\system32\xmldm\2596_FF_0000009572.frm
c:\windows\system32\xmldm\2596_FF_0000009573.pst
c:\windows\system32\xmldm\2596_FF_0000009574.key
c:\windows\system32\xmldm\2636_FF_0000009149.key
c:\windows\system32\xmldm\2636_FF_0000009150.htm
c:\windows\system32\xmldm\2636_FF_0000009151.key
c:\windows\system32\xmldm\2636_FF_0000009152_ifrm.htm
c:\windows\system32\xmldm\2636_FF_0000009153.key
c:\windows\system32\xmldm\2636_FF_0000009154.frm
c:\windows\system32\xmldm\2636_FF_0000009155.frm
c:\windows\system32\xmldm\2636_FF_0000009156.pst
c:\windows\system32\xmldm\2636_FF_0000009157.key
c:\windows\system32\xmldm\2636_FF_0000009158.key
c:\windows\system32\xmldm\2636_FF_0000009159.frm
c:\windows\system32\xmldm\2636_FF_0000009160.frm
c:\windows\system32\xmldm\2636_FF_0000009161.key
c:\windows\system32\xmldm\2636_FF_0000009162.htm
c:\windows\system32\xmldm\2636_FF_0000009163.frm
c:\windows\system32\xmldm\2636_FF_0000009164.frm
c:\windows\system32\xmldm\2636_FF_0000009165.pst
c:\windows\system32\xmldm\2636_FF_0000009166.htm
c:\windows\system32\xmldm\2636_FF_0000009167.key
c:\windows\system32\xmldm\2636_FF_0000009168.frm
c:\windows\system32\xmldm\2636_FF_0000009169.pst
c:\windows\system32\xmldm\2636_FF_0000009170.htm
c:\windows\system32\xmldm\2636_FF_0000009171.key
c:\windows\system32\xmldm\2636_FF_0000009172.htm
c:\windows\system32\xmldm\2636_FF_0000009173.htm
c:\windows\system32\xmldm\2636_FF_0000009174.key
c:\windows\system32\xmldm\2636_FF_0000009175_ifrm.htm
c:\windows\system32\xmldm\2636_FF_0000009176.htm
c:\windows\system32\xmldm\2636_FF_0000009177.key
c:\windows\system32\xmldm\2636_FF_0000009178.frm
c:\windows\system32\xmldm\2636_FF_0000009179_ifrm.htm
c:\windows\system32\xmldm\2636_FF_0000009180.htm
c:\windows\system32\xmldm\2636_FF_0000009181.key
c:\windows\system32\xmldm\2636_FF_0000009182.frm
c:\windows\system32\xmldm\2636_FF_0000009183.htm
c:\windows\system32\xmldm\2636_FF_0000009184_ifrm.htm
c:\windows\system32\xmldm\2636_FF_0000009185.htm
c:\windows\system32\xmldm\2636_FF_0000009186.key
c:\windows\system32\xmldm\2636_FF_0000009187.frm
c:\windows\system32\xmldm\2636_FF_0000009188.htm
c:\windows\system32\xmldm\2636_FF_0000009189_ifrm.htm
c:\windows\system32\xmldm\2636_FF_0000009190.htm
c:\windows\system32\xmldm\2636_FF_0000009191.key
c:\windows\system32\xmldm\2636_FF_0000009192.frm
c:\windows\system32\xmldm\2808_FF_0000009369.htm
c:\windows\system32\xmldm\2808_FF_0000009370.key
c:\windows\system32\xmldm\3104_FF_0000009371_ifrm.htm
c:\windows\system32\xmldm\3104_FF_0000009372.htm
c:\windows\system32\xmldm\3104_FF_0000009373.key
c:\windows\system32\xmldm\3104_FF_0000009374_ifrm.htm
c:\windows\system32\xmldm\3104_FF_0000009375.key
c:\windows\system32\xmldm\3104_FF_0000009376.frm
c:\windows\system32\xmldm\3104_FF_0000009377.frm
c:\windows\system32\xmldm\3104_FF_0000009378.pst
c:\windows\system32\xmldm\3104_FF_0000009379.key
c:\windows\system32\xmldm\3104_FF_0000009380.key
c:\windows\system32\xmldm\332_FF_0000009419.key
c:\windows\system32\xmldm\332_FF_0000009420.frm
c:\windows\system32\xmldm\332_FF_0000009421.frm
c:\windows\system32\xmldm\332_FF_0000009422.pst
c:\windows\system32\xmldm\332_FF_0000009423.key
c:\windows\system32\xmldm\332_FF_0000009424.frm
c:\windows\system32\xmldm\332_FF_0000009425.frm
c:\windows\system32\xmldm\332_FF_0000009426.pst
c:\windows\system32\xmldm\332_FF_0000009427.key
c:\windows\system32\xmldm\332_FF_0000009428.frm
c:\windows\system32\xmldm\332_FF_0000009429.frm
c:\windows\system32\xmldm\332_FF_0000009430.pst
c:\windows\system32\xmldm\332_FF_0000009431.key
c:\windows\system32\xmldm\332_FF_0000009432.frm
c:\windows\system32\xmldm\332_FF_0000009433.frm
c:\windows\system32\xmldm\332_FF_0000009434.pst
c:\windows\system32\xmldm\332_FF_0000009435.key
c:\windows\system32\xmldm\332_FF_0000009436.frm
c:\windows\system32\xmldm\332_FF_0000009437.key
c:\windows\system32\xmldm\332_FF_0000009438.pst
c:\windows\system32\xmldm\332_FF_0000009439.pst
c:\windows\system32\xmldm\332_FF_0000009440.key
c:\windows\system32\xmldm\332_FF_0000009441.frm
c:\windows\system32\xmldm\332_FF_0000009442.htm
c:\windows\system32\xmldm\332_FF_0000009443.key
c:\windows\system32\xmldm\332_FF_0000009444.frm
c:\windows\system32\xmldm\332_FF_0000009445.pst
c:\windows\system32\xmldm\332_FF_0000009446.htm
c:\windows\system32\xmldm\332_FF_0000009447.key
c:\windows\system32\xmldm\332_FF_0000009448.key
c:\windows\system32\xmldm\332_FF_0000009449.frm
c:\windows\system32\xmldm\332_FF_0000009450.pst
c:\windows\system32\xmldm\332_FF_0000009451.key
c:\windows\system32\xmldm\332_FF_0000009452.frm
c:\windows\system32\xmldm\332_FF_0000009453.frm
c:\windows\system32\xmldm\332_FF_0000009454.pst
c:\windows\system32\xmldm\332_FF_0000009455.key
c:\windows\system32\xmldm\332_FF_0000009456.frm
c:\windows\system32\xmldm\332_FF_0000009457.frm
c:\windows\system32\xmldm\332_FF_0000009458.frm
c:\windows\system32\xmldm\332_FF_0000009459.pst
c:\windows\system32\xmldm\332_FF_0000009460.key
c:\windows\system32\xmldm\332_FF_0000009461.frm
c:\windows\system32\xmldm\332_FF_0000009462.frm
c:\windows\system32\xmldm\332_FF_0000009463.pst
c:\windows\system32\xmldm\332_FF_0000009464.key
c:\windows\system32\xmldm\332_FF_0000009465.frm
c:\windows\system32\xmldm\332_FF_0000009466.key
c:\windows\system32\xmldm\332_FF_0000009467.pst
c:\windows\system32\xmldm\332_FF_0000009468.pst
c:\windows\system32\xmldm\332_FF_0000009469.key
c:\windows\system32\xmldm\332_FF_0000009470.key
c:\windows\system32\xmldm\332_FF_0000009471.htm
c:\windows\system32\xmldm\332_FF_0000009472.frm
c:\windows\system32\xmldm\332_FF_0000009473.pst
c:\windows\system32\xmldm\332_FF_0000009474.key
c:\windows\system32\xmldm\332_FF_0000009475.key
c:\windows\system32\xmldm\332_FF_0000009476.key
c:\windows\system32\xmldm\332_FF_0000009477.key
c:\windows\system32\xmldm\332_FF_0000009478.key
c:\windows\system32\xmldm\332_FF_0000009479.key
c:\windows\system32\xmldm\332_FF_0000009480.key
c:\windows\system32\xmldm\332_FF_0000009481.key
c:\windows\system32\xmldm\332_FF_0000009482.key
c:\windows\system32\xmldm\332_FF_0000009483.frm
c:\windows\system32\xmldm\332_FF_0000009484.frm
c:\windows\system32\xmldm\332_FF_0000009485.frm
c:\windows\system32\xmldm\332_FF_0000009486.frm
c:\windows\system32\xmldm\332_FF_0000009487.frm
c:\windows\system32\xmldm\332_FF_0000009488.frm
c:\windows\system32\xmldm\332_FF_0000009489.frm
c:\windows\system32\xmldm\332_FF_0000009490.frm
c:\windows\system32\xmldm\332_FF_0000009491.frm
c:\windows\system32\xmldm\332_FF_0000009492.frm
c:\windows\system32\xmldm\332_FF_0000009493.frm
c:\windows\system32\xmldm\332_FF_0000009494.frm
c:\windows\system32\xmldm\332_FF_0000009495.frm
c:\windows\system32\xmldm\332_FF_0000009496.frm
c:\windows\system32\xmldm\332_FF_0000009497.frm
c:\windows\system32\xmldm\332_FF_0000009498.frm
c:\windows\system32\xmldm\332_FF_0000009499.frm
c:\windows\system32\xmldm\332_FF_0000009500.frm
c:\windows\system32\xmldm\332_FF_0000009501.frm
c:\windows\system32\xmldm\332_FF_0000009502.frm
c:\windows\system32\xmldm\332_FF_0000009503.frm
c:\windows\system32\xmldm\332_FF_0000009504.frm
c:\windows\system32\xmldm\332_FF_0000009505.frm
c:\windows\system32\xmldm\332_FF_0000009506.frm
c:\windows\system32\xmldm\332_FF_0000009507.frm
c:\windows\system32\xmldm\332_FF_0000009508.frm
c:\windows\system32\xmldm\332_FF_0000009509.frm
c:\windows\system32\xmldm\332_FF_0000009510.frm
c:\windows\system32\xmldm\332_FF_0000009511.frm
c:\windows\system32\xmldm\332_FF_0000009512.frm
c:\windows\system32\xmldm\332_FF_0000009513.frm
c:\windows\system32\xmldm\332_FF_0000009514.frm
c:\windows\system32\xmldm\332_FF_0000009515.frm
c:\windows\system32\xmldm\332_FF_0000009516.frm
c:\windows\system32\xmldm\332_FF_0000009517.frm
c:\windows\system32\xmldm\332_FF_0000009518.frm
c:\windows\system32\xmldm\332_FF_0000009519.frm
c:\windows\system32\xmldm\332_FF_0000009520.frm
c:\windows\system32\xmldm\332_FF_0000009521.frm
c:\windows\system32\xmldm\332_FF_0000009522.frm
c:\windows\system32\xmldm\332_FF_0000009523.frm
c:\windows\system32\xmldm\332_FF_0000009524.frm
c:\windows\system32\xmldm\332_FF_0000009525.frm
c:\windows\system32\xmldm\332_FF_0000009526.frm
c:\windows\system32\xmldm\332_FF_0000009527.frm
c:\windows\system32\xmldm\332_FF_0000009528.frm
c:\windows\system32\xmldm\332_FF_0000009529.frm
c:\windows\system32\xmldm\332_FF_0000009530.frm
c:\windows\system32\xmldm\332_FF_0000009531.frm
c:\windows\system32\xmldm\332_FF_0000009532.frm
c:\windows\system32\xmldm\332_FF_0000009533.frm
c:\windows\system32\xmldm\332_FF_0000009534.frm
c:\windows\system32\xmldm\332_FF_0000009535.pst
c:\windows\system32\xmldm\332_FF_0000009536.key
c:\windows\system32\xmldm\332_FF_0000009537.key
c:\windows\system32\xmldm\332_FF_0000009538.key
c:\windows\system32\xmldm\332_FF_0000009539.htm
c:\windows\system32\xmldm\332_FF_0000009540.key
c:\windows\system32\xmldm\332_FF_0000009541.htm
c:\windows\system32\xmldm\332_FF_0000009542.key
c:\windows\system32\xmldm\332_FF_0000009543_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009544.htm
c:\windows\system32\xmldm\332_FF_0000009545_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009546.key
c:\windows\system32\xmldm\332_FF_0000009547_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009548_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009549.pst
c:\windows\system32\xmldm\332_FF_0000009550_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009551.key
c:\windows\system32\xmldm\332_FF_0000009552.frm
c:\windows\system32\xmldm\332_FF_0000009553.pst
c:\windows\system32\xmldm\332_FF_0000009554_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009555.pst
c:\windows\system32\xmldm\332_FF_0000009556_ifrm.htm
c:\windows\system32\xmldm\332_FF_0000009557.key
c:\windows\system32\xmldm\332_FF_0000009558.frm
c:\windows\system32\xmldm\3328_FF_0000009197_ifrm.htm
c:\windows\system32\xmldm\3328_FF_0000009198.key
c:\windows\system32\xmldm\3328_FF_0000009199.frm
c:\windows\system32\xmldm\3328_FF_0000009200.frm
c:\windows\system32\xmldm\3328_FF_0000009201.pst
c:\windows\system32\xmldm\3328_FF_0000009202.key
c:\windows\system32\xmldm\3328_FF_0000009203.key
c:\windows\system32\xmldm\3880_FF_0000009559.key
c:\windows\system32\xmldm\3880_FF_0000009560.frm
c:\windows\system32\xmldm\3880_FF_0000009561.pst
c:\windows\system32\xmldm\3880_FF_0000009562.key
c:\windows\system32\xmldm\3880_FF_0000009563.key
c:\windows\system32\xmldm\3880_FF_0000009564.key
c:\windows\system32\xmldm\3880_FF_0000009565.key
c:\windows\system32\xmldm\3880_FF_0000009566.frm
c:\windows\system32\xmldm\3880_FF_0000009567.key
c:\windows\system32\xmldm\3880_FF_0000009568.pst
c:\windows\system32\xmldm\3880_FF_0000009569.pst
c:\windows\system32\xmldm\3880_FF_0000009570.key
c:\windows\system32\xmldm\3988_FF_0000009355.htm
c:\windows\system32\xmldm\3988_FF_0000009356.frm
c:\windows\system32\xmldm\3988_FF_0000009357.pst
c:\windows\system32\xmldm\3988_FF_0000009358.htm
c:\windows\system32\xmldm\3988_FF_0000009359.frm
c:\windows\system32\xmldm\3988_FF_0000009360.frm
c:\windows\system32\xmldm\3988_FF_0000009361.frm
c:\windows\system32\xmldm\3988_FF_0000009362.pst
c:\windows\system32\xmldm\3988_FF_0000009363.htm
c:\windows\system32\xmldm\3988_FF_0000009364.htm
c:\windows\system32\xmldm\3988_FF_0000009365.key
c:\windows\system32\xmldm\3988_FF_0000009366_ifrm.htm
c:\windows\system32\xmldm\3988_FF_0000009367.htm
c:\windows\system32\xmldm\3988_FF_0000009368.key
c:\windows\system32\xmldm\4028_FF_0000009204.htm
c:\windows\system32\xmldm\4028_FF_0000009205.key
c:\windows\system32\xmldm\4028_FF_0000009206.frm
c:\windows\system32\xmldm\4028_FF_0000009207.pst
c:\windows\system32\xmldm\4028_FF_0000009208.htm
c:\windows\system32\xmldm\4028_FF_0000009209.key
c:\windows\system32\xmldm\4028_FF_0000009210.htm
c:\windows\system32\xmldm\4028_FF_0000009211.key
c:\windows\system32\xmldm\4028_FF_0000009212.htm
c:\windows\system32\xmldm\4028_FF_0000009213.key
c:\windows\system32\xmldm\4028_FF_0000009214.htm
c:\windows\system32\xmldm\4028_FF_0000009215.key
c:\windows\system32\xmldm\4028_FF_0000009216_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009217.htm
c:\windows\system32\xmldm\4028_FF_0000009218.key
c:\windows\system32\xmldm\4028_FF_0000009219.frm
c:\windows\system32\xmldm\4028_FF_0000009220.htm
c:\windows\system32\xmldm\4028_FF_0000009221.key
c:\windows\system32\xmldm\4028_FF_0000009222.frm
c:\windows\system32\xmldm\4028_FF_0000009223.pst
c:\windows\system32\xmldm\4028_FF_0000009224.htm
c:\windows\system32\xmldm\4028_FF_0000009225.key
c:\windows\system32\xmldm\4028_FF_0000009226.htm
c:\windows\system32\xmldm\4028_FF_0000009227.key
c:\windows\system32\xmldm\4028_FF_0000009228.htm
c:\windows\system32\xmldm\4028_FF_0000009229.key
c:\windows\system32\xmldm\4028_FF_0000009230.htm
c:\windows\system32\xmldm\4028_FF_0000009231.key
c:\windows\system32\xmldm\4028_FF_0000009232_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009233.htm
c:\windows\system32\xmldm\4028_FF_0000009234.key
c:\windows\system32\xmldm\4028_FF_0000009235.frm
c:\windows\system32\xmldm\4028_FF_0000009236.pst
c:\windows\system32\xmldm\4028_FF_0000009237_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009238.htm
c:\windows\system32\xmldm\4028_FF_0000009239.key
c:\windows\system32\xmldm\4028_FF_0000009240.frm
c:\windows\system32\xmldm\4028_FF_0000009241.htm
c:\windows\system32\xmldm\4028_FF_0000009242.key
c:\windows\system32\xmldm\4028_FF_0000009243_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009244_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009245.htm
c:\windows\system32\xmldm\4028_FF_0000009246.key
c:\windows\system32\xmldm\4028_FF_0000009247.frm
c:\windows\system32\xmldm\4028_FF_0000009248_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009249_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009250.htm
c:\windows\system32\xmldm\4028_FF_0000009251.key
c:\windows\system32\xmldm\4028_FF_0000009252_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009253_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009254.htm
c:\windows\system32\xmldm\4028_FF_0000009255.key
c:\windows\system32\xmldm\4028_FF_0000009256_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009257_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009258.htm
c:\windows\system32\xmldm\4028_FF_0000009259.key
c:\windows\system32\xmldm\4028_FF_0000009260_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009261.htm
c:\windows\system32\xmldm\4028_FF_0000009262.key
c:\windows\system32\xmldm\4028_FF_0000009263.frm
c:\windows\system32\xmldm\4028_FF_0000009264_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009265_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009266.htm
c:\windows\system32\xmldm\4028_FF_0000009267.key
c:\windows\system32\xmldm\4028_FF_0000009268.frm
c:\windows\system32\xmldm\4028_FF_0000009269_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009270_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009271.key
c:\windows\system32\xmldm\4028_FF_0000009272.htm
c:\windows\system32\xmldm\4028_FF_0000009273.frm
c:\windows\system32\xmldm\4028_FF_0000009274.frm
c:\windows\system32\xmldm\4028_FF_0000009275.frm
c:\windows\system32\xmldm\4028_FF_0000009276_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009277_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009278.htm
c:\windows\system32\xmldm\4028_FF_0000009279.key
c:\windows\system32\xmldm\4028_FF_0000009280.frm
c:\windows\system32\xmldm\4028_FF_0000009281_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009282_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009283.htm
c:\windows\system32\xmldm\4028_FF_0000009284.key
c:\windows\system32\xmldm\4028_FF_0000009285.frm
c:\windows\system32\xmldm\4028_FF_0000009286.pst
c:\windows\system32\xmldm\4028_FF_0000009287.htm
c:\windows\system32\xmldm\4028_FF_0000009288.key
c:\windows\system32\xmldm\4028_FF_0000009289.key
c:\windows\system32\xmldm\4028_FF_0000009290.htm
c:\windows\system32\xmldm\4028_FF_0000009291.htm
c:\windows\system32\xmldm\4028_FF_0000009292.htm
c:\windows\system32\xmldm\4028_FF_0000009293.key
c:\windows\system32\xmldm\4028_FF_0000009294.htm
c:\windows\system32\xmldm\4028_FF_0000009295.key
c:\windows\system32\xmldm\4028_FF_0000009296_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009297_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009298.htm
c:\windows\system32\xmldm\4028_FF_0000009299.key
c:\windows\system32\xmldm\4028_FF_0000009300.frm
c:\windows\system32\xmldm\4028_FF_0000009301_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009302_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009303.htm
c:\windows\system32\xmldm\4028_FF_0000009304.key
c:\windows\system32\xmldm\4028_FF_0000009305_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009306.htm
c:\windows\system32\xmldm\4028_FF_0000009307.key
c:\windows\system32\xmldm\4028_FF_0000009308.frm
c:\windows\system32\xmldm\4028_FF_0000009309.frm
c:\windows\system32\xmldm\4028_FF_0000009310.frm
c:\windows\system32\xmldm\4028_FF_0000009311.pst
c:\windows\system32\xmldm\4028_FF_0000009312_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009313_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009314.htm
c:\windows\system32\xmldm\4028_FF_0000009315.key
c:\windows\system32\xmldm\4028_FF_0000009316.frm
c:\windows\system32\xmldm\4028_FF_0000009317_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009318_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009319.htm
c:\windows\system32\xmldm\4028_FF_0000009320.key
c:\windows\system32\xmldm\4028_FF_0000009321_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009322_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009323.htm
c:\windows\system32\xmldm\4028_FF_0000009324.key
c:\windows\system32\xmldm\4028_FF_0000009325_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009326.frm
c:\windows\system32\xmldm\4028_FF_0000009327.frm
c:\windows\system32\xmldm\4028_FF_0000009328.pst
c:\windows\system32\xmldm\4028_FF_0000009329_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009330_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009331.htm
c:\windows\system32\xmldm\4028_FF_0000009332.key
c:\windows\system32\xmldm\4028_FF_0000009333.frm
c:\windows\system32\xmldm\4028_FF_0000009334_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009335_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009336.htm
c:\windows\system32\xmldm\4028_FF_0000009337.key
c:\windows\system32\xmldm\4028_FF_0000009338_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009339_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009340.htm
c:\windows\system32\xmldm\4028_FF_0000009341.key
c:\windows\system32\xmldm\4028_FF_0000009342_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009343.frm
c:\windows\system32\xmldm\4028_FF_0000009344.pst
c:\windows\system32\xmldm\4028_FF_0000009345_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009346_ifrm.htm
c:\windows\system32\xmldm\4028_FF_0000009347.htm
c:\windows\system32\xmldm\4028_FF_0000009348.key
c:\windows\system32\xmldm\4028_FF_0000009349.frm
c:\windows\system32\xmldm\456_FF_0000009193_ifrm.htm
c:\windows\system32\xmldm\456_FF_0000009194_ifrm.htm
c:\windows\system32\xmldm\456_FF_0000009195_ifrm.htm
c:\windows\system32\xmldm\456_FF_0000009196_ifrm.htm
c:\windows\system32\xmldm\684_FF_0000009350.key
c:\windows\system32\xmldm\684_FF_0000009351.frm
c:\windows\system32\xmldm\684_FF_0000009352.frm
c:\windows\system32\xmldm\684_FF_0000009353_ifrm.htm
c:\windows\system32\xmldm\684_FF_0000009354_ifrm.htm
c:\windows\system32\xmldm\912_FF_0000009132_ifrm.htm
c:\windows\system32\xmldm\912_FF_0000009133.key
c:\windows\system32\xmldm\912_FF_0000009134.frm
c:\windows\system32\xmldm\912_FF_0000009135.frm
c:\windows\system32\xmldm\912_FF_0000009136.pst
c:\windows\system32\xmldm\912_FF_0000009137.key
c:\windows\system32\xmldm\912_FF_0000009138.key
.
Infected copy of c:\windows\system32\msiexec.exe was found and disinfected
Restored copy from - c:\windows\$MSI31Uninstall_KB893803v2$\msiexec.exe
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\wuauclt.exe
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . is infected!!
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\iPod\bin\iPodService.exe . . . is infected!!
c:\program files\iPod\bin\iPodService.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Java\jre6\bin\jqs.exe . . . is infected!!
c:\program files\Java\jre6\bin\jqs.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe . . . is infected!!
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe . . . is infected!!
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Secunia\PSI\PSIA.exe . . . is infected!!
c:\program files\Secunia\PSI\PSIA.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Secunia\PSI\sua.exe . . . is infected!!
c:\program files\Secunia\PSI\sua.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . . . is infected!!
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 06:55 . 2012-06-15 06:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-15 06:23 . 2012-06-15 06:23 -------- d-----w- C:\_OTL
2012-06-04 23:39 . 2012-06-04 23:39 54016 ----a-w- c:\windows\system32\drivers\lkkjeunt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 06:57 . 2002-08-29 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-04 20:56 . 2009-06-23 03:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-16 20:45 . 2009-09-16 20:45 13056 ----a-w- c:\program files\Common Files\ogehumym.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-08_21.04.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-14 19:09 . 2011-05-10 13:06 42496 c:\windows\system32\ReinstallBackups\0007\DriverFiles\usbaapl.sys
- 2002-08-29 12:00 . 2011-04-08 23:32 59440 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2012-04-01 14:13 59440 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2004-08-04 05:56 77312 c:\windows\system32\msiexec.exe
+ 2011-12-14 19:09 . 2011-05-10 13:06 42496 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys
+ 2011-12-14 19:09 . 2011-05-10 13:06 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys
+ 2011-08-31 05:05 . 2011-08-31 05:05 73064 c:\windows\system32\dnssd.dll
+ 2011-08-31 05:05 . 2011-08-31 05:05 83816 c:\windows\system32\dns-sd.exe
+ 2007-02-11 22:15 . 2012-06-13 19:09 4036 c:\windows\system32\d3d9caps.dat
- 2007-02-11 22:15 . 2011-08-08 20:01 4036 c:\windows\system32\d3d9caps.dat
+ 2011-05-14 07:17 . 2011-05-14 07:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 07:12 . 2011-05-14 07:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 07:11 . 2011-05-14 07:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
- 2002-08-29 12:00 . 2011-04-08 23:32 395200 c:\windows\system32\perfh009.dat
+ 2002-08-29 12:00 . 2012-04-01 14:13 395200 c:\windows\system32\perfh009.dat
+ 2011-08-31 05:05 . 2011-08-31 05:05 178536 c:\windows\system32\dnssdX.dll
+ 2011-12-14 20:14 . 2011-12-14 20:14 380928 c:\windows\Installer\{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}\iTunesIco.exe
+ 2011-12-14 19:09 . 2011-05-10 13:06 4517664 c:\windows\system32\ReinstallBackups\0007\DriverFiles\usbaaplrc.dll
+ 2011-12-14 19:09 . 2011-05-10 13:06 4517664 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaaplrc.dll
+ 2011-12-14 19:09 . 2010-04-20 01:29 1461992 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll
+ 2011-12-14 19:09 . 2011-12-14 19:09 1717248 c:\windows\Installer\574d99.msi
+ 2011-12-14 19:07 . 2011-12-14 19:07 2002432 c:\windows\Installer\574d3f.msi
+ 2011-12-14 19:02 . 2011-12-14 19:02 1530368 c:\windows\Installer\574cf3.msi
+ 2011-12-14 20:14 . 2011-12-14 20:14 5651456 c:\windows\Installer\28c58e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="c:\program files\Real\RealOne Player\realplay.exe" [2006-07-15 1003520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-15 151597]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"FLMOFFICE4DMOUSE"="c:\program files\Micro Innovations\Optical Scroll\mouse32a.exe" [2006-09-23 356352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin F6D4050 Enhanced Wireless USB Adapter Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin F6D4050 Enhanced Wireless USB Adapter Utility.lnk
backup=c:\windows\pss\Belkin F6D4050 Enhanced Wireless USB Adapter Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast!AVSControlService"=2 (0x2)
"avast!Antivirus"=2 (0x2)
"XobniService"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"getPlus® Helper"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Documents and Settings\\Aaron\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2/1/2010 8:31 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2/1/2010 8:31 PM 5248]
R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [4/8/2008 1:41 PM 44696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S1 e5f36169;e5f36169;c:\windows\system32\drivers\e5f36169.sys --> c:\windows\system32\drivers\e5f36169.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [7/20/2009 11:22 PM 90352]
S4 Secunia PSI Agent;Secunia PSI Agent;"c:\program files\Secunia\PSI\PSIA.exe" --start-service --> c:\program files\Secunia\PSI\PSIA.exe [?]
S4 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004Core.job
- c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-08 21:28]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1580818891-1060284298-1004UA.job
- c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-08 21:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\3r45f5wu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter:
[email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5017
FF - Ext: Move Media Player:
[email protected] - c:\documents and settings\Aaron\Application Data\Move Networks
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\windows\system32\5017
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-36506585.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-06-15 02:30
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2????wd??w????????\???\??????????????w-??w\???\???????pI`??????C@?\???\??????s????\??????s\????&2?A??s?&2??C@?x???`|?w\?????@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-1580818891-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{660F3A60-2CC8-29F5-9985-3A8379FFC639}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2120)
c:\windows\system32\msi.dll
c:\program files\Micro Innovations\Optical Scroll\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Real\Update_OB\realevent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-15 02:37:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 07:37
ComboFix2.txt 2011-08-08 21:11
ComboFix3.txt 2011-05-25 01:16
ComboFix4.txt 2011-05-19 05:26
ComboFix5.txt 2012-06-15 07:10
.
Pre-Run: 6,948,990,976 bytes free
Post-Run: 6,934,331,392 bytes free
.
- - End Of File - - 4E28FBB56E689ED13D3919DE859ACC5B