Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan:DOS/Alureon.K Detected [Solved]


  • This topic is locked This topic is locked

#1
veritas6715

veritas6715

    Member

  • Member
  • PipPip
  • 24 posts
Hey guys - I installed windows updates and at the end of the install, I closed the window. I came back a few minutes later and I couldn't connect to the internet. I restarted my computer and Windows defender told me that Trojan:DOS/Alureon.K had been "partially removed" but other steps needed to be taken. The tech guy I work with thought an AVG scan would be sufficient, and when nothing was detected he said I should be fine. I've read what this trojan does on forums and it's definitely not something I want missed. Can you guys please help me out here? Thank you!!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep but first I will need to take a look

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    %systemdrive%\$Recycle.Bin|@;true;true;true
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
veritas6715

veritas6715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here are the OTL logs.

OTL logfile created on: 9/12/2012 1:49:43 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\jpunzi.CSSI\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.67% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 124.81 Gb Free Space | 83.74% Space Free | Partition Type: NTFS
Drive N: | 1115.59 Gb Total Space | 1003.22 Gb Free Space | 89.93% Space Free | Partition Type: NTFS
Drive P: | 1115.59 Gb Total Space | 1003.22 Gb Free Space | 89.93% Space Free | Partition Type: NTFS
Drive R: | 1115.59 Gb Total Space | 1003.22 Gb Free Space | 89.93% Space Free | Partition Type: NTFS
Drive X: | 1115.59 Gb Total Space | 1003.22 Gb Free Space | 89.93% Space Free | Partition Type: NTFS

Computer Name: JPUNZI | User Name: jpunzi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/12 13:30:40 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jpunzi.CSSI\Desktop\OTL.exe
PRC - [2012/09/10 13:47:58 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/05 06:35:39 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/05 06:35:37 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/05 06:35:42 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/05 06:35:40 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/09/05 06:35:39 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
MOD - [2012/09/05 06:35:37 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/03/11 14:55:40 | 000,088,656 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


========== Services (SafeList) ==========

SRV - [2012/09/10 13:47:58 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/05 06:35:39 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/05 06:35:40 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/27 18:08:39 | 000,104,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/01/15 21:12:39 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/01/15 21:10:51 | 004,609,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E CC 2A 9D 66 87 CD 01 [binary data]
IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-08-02 11:52:05&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-478473752-1907724523-775204578-1122\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.932
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.2
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: [email protected]:12.2.5.32
FF - prefs.js..keyword.URL: "https://isearch.avg....fr&d=2012-08-02 11:52:05&v=12.2.5.32&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.32\ [2012/09/05 06:35:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/27 16:14:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Mozilla Firefox\components [2012/09/07 08:22:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Mozilla Firefox\plugins

[2012/08/30 18:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Mozilla\Extensions
[2012/08/30 18:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Mozilla\Firefox\Profiles\c5dkol3d.default\extensions
[2012/08/30 18:18:30 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Mozilla\Firefox\Profiles\c5dkol3d.default\extensions\[email protected]
[2012/07/31 10:30:21 | 000,330,316 | ---- | M] () (No name found) -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Mozilla\Firefox\Profiles\c5dkol3d.default\extensions\[email protected]
[2012/07/31 10:09:34 | 000,042,336 | ---- | M] () (No name found) -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Mozilla\Firefox\Profiles\c5dkol3d.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012/09/05 06:35:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\12.2.5.32

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-478473752-1907724523-775204578-1122\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-478473752-1907724523-775204578-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1343418683968 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.242.0.12 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cssi.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E730D5D-1AD3-4423-84BE-32FBB22FF2EC}: DhcpNameServer = 71.242.0.12 71.252.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/27 12:03:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/12 13:48:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\jpunzi.CSSI\Desktop\aswMBR.exe
[2012/09/12 13:30:40 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jpunzi.CSSI\Desktop\OTL.exe
[2012/09/10 13:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/10 13:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/10 11:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/09/07 08:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Mozilla Firefox
[2012/09/05 06:35:40 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/09/04 11:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\CutePDF Writer
[2012/08/31 11:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Sun
[2012/08/31 06:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Mozilla
[2012/08/31 06:51:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jpunzi.CSSI\PrivacIE
[2012/08/31 06:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Temp
[2012/08/31 06:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Adobe
[2012/08/30 18:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Thunderbird
[2012/08/30 18:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Adobe
[2012/08/30 18:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\AVG Secure Search
[2012/08/30 18:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\ICAClient
[2012/08/30 18:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Macromedia
[2012/08/30 18:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Mozilla
[2012/08/30 18:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\OpenOffice.org
[2012/08/30 18:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Symantec
[2012/08/30 18:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Sun
[2012/08/30 18:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\attachments
[2012/08/30 18:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\CCH PDFs
[2012/08/30 18:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Daily New Bond
[2012/08/30 18:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Dimeo CCH
[2012/08/30 18:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Dimeo Month End
[2012/08/30 18:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Excel Completed
[2012/08/30 18:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Exercises
[2012/08/30 18:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Excel Files
[2012/08/30 18:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\IWM
[2012/08/30 18:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Molewski Performance
[2012/08/30 18:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\My Pictures
[2012/08/30 18:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\RemoteConnections
[2012/08/30 18:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Reps
[2012/08/30 18:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Rules
[2012/08/30 18:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Time Sheets
[2012/08/30 17:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\My Documents\Downloads
[2012/08/30 17:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Thunderbird
[2012/08/30 14:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\AVG2012
[2012/08/30 14:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\AVG Secure Search
[2012/08/30 14:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Identities
[2012/08/30 14:32:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\My Documents\My Pictures
[2012/08/30 14:32:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\My Documents\My Music
[2012/08/30 14:32:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jpunzi.CSSI\IETldCache
[2012/08/30 14:32:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Microsoft
[2012/08/30 14:32:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jpunzi.CSSI\SendTo
[2012/08/30 14:32:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jpunzi.CSSI\Recent
[2012/08/30 14:32:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jpunzi.CSSI\Application Data
[2012/08/30 14:32:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Startup
[2012/08/30 14:32:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\Start Menu
[2012/08/30 14:32:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\My Documents
[2012/08/30 14:32:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\Favorites
[2012/08/30 14:32:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Accessories
[2012/08/30 14:32:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jpunzi.CSSI\Cookies
[2012/08/30 14:32:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jpunzi.CSSI\Templates
[2012/08/30 14:32:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jpunzi.CSSI\PrintHood
[2012/08/30 14:32:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jpunzi.CSSI\NetHood
[2012/08/30 14:32:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings
[2012/08/30 14:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Local Settings\Application Data\Microsoft
[2012/08/30 14:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jpunzi.CSSI\Desktop
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/12 13:48:51 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\jpunzi.CSSI\Desktop\aswMBR.exe
[2012/09/12 13:30:40 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jpunzi.CSSI\Desktop\OTL.exe
[2012/09/12 13:09:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/12 13:09:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/12 11:01:44 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/09/12 10:51:25 | 094,624,612 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/09/12 10:40:25 | 000,286,551 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Flash.pdf
[2012/09/12 08:31:23 | 000,179,234 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Report - 091112final.pdf
[2012/09/11 12:02:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/11 08:35:03 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Shortcut to Team5-Daily-TeamMetrics2012.lnk
[2012/09/10 11:33:12 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/09/05 06:35:40 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/09/04 17:01:57 | 000,181,134 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Report - 083112final.pdf
[2012/09/04 11:19:53 | 000,034,202 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/09/04 07:33:46 | 006,571,016 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\attachments.zip
[2012/08/31 06:53:14 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/31 06:53:14 | 000,001,139 | ---- | M] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Mozilla Firefox.lnk
[2012/08/30 14:17:35 | 000,003,080 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/08/29 15:23:30 | 000,001,740 | -H-- | M] () -- C:\Documents and Settings\jpunzi.CSSI\My Documents\Default.rdp
[2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/08/17 06:59:11 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/16 15:35:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/12 11:01:44 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/09/12 08:31:21 | 000,179,234 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Report - 091112final.pdf
[2012/09/11 12:02:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/11 08:35:03 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Shortcut to Team5-Daily-TeamMetrics2012.lnk
[2012/09/04 14:31:39 | 000,181,134 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Report - 083112final.pdf
[2012/09/04 07:33:45 | 006,571,016 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\attachments.zip
[2012/08/31 06:53:14 | 000,001,157 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/30 18:18:36 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/08/30 18:06:24 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Shortcut to RTS Daily Unrecon.lnk
[2012/08/30 18:06:24 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\settings.inf
[2012/08/30 18:06:23 | 000,040,674 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\serializedRules.dat
[2012/08/30 18:06:22 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\RulesManager.lnk
[2012/08/30 18:06:21 | 000,092,276 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Rules.zip
[2012/08/30 18:06:19 | 000,001,010 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Round Table Remote.lnk
[2012/08/30 18:06:12 | 000,155,224 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\RealId_Card.pdf
[2012/08/30 18:06:11 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\joejun.pri
[2012/08/30 18:06:11 | 000,001,139 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Mozilla Firefox.lnk
[2012/08/30 18:06:11 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\North Star info.lnk
[2012/08/30 18:06:07 | 000,000,987 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\IWM info.lnk
[2012/08/30 18:06:06 | 000,286,551 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\Flash.pdf
[2012/08/30 18:05:54 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\FAMCO Remote.lnk
[2012/08/30 18:05:52 | 000,091,898 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\DIMEO INI.zip
[2012/08/30 18:05:50 | 000,124,233 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\coffebacon.jpg
[2012/08/30 18:05:50 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\CompiledRules.dll
[2012/08/30 18:05:34 | 000,107,812 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\bryan630.pdf
[2012/08/30 18:05:33 | 000,107,610 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\bryan331.pdf
[2012/08/30 18:05:32 | 000,110,874 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\bryan1231.pdf
[2012/08/30 18:05:30 | 000,046,472 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\bryaj401-march.pdf
[2012/08/30 18:05:29 | 000,046,512 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\bryaj401-dec.pdf
[2012/08/30 18:05:28 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Desktop\baton
[2012/08/30 17:58:34 | 000,001,145 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/30 17:58:25 | 000,001,740 | -H-- | C] () -- C:\Documents and Settings\jpunzi.CSSI\My Documents\Default.rdp
[2012/08/30 14:32:42 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/30 14:32:42 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Internet Explorer.lnk
[2012/08/30 14:32:41 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/08/30 14:32:35 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Outlook Express.lnk
[2012/08/30 14:32:10 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Remote Assistance.lnk
[2012/08/30 14:32:10 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\jpunzi.CSSI\Start Menu\Programs\Windows Media Player.lnk
[2012/07/31 11:12:34 | 000,088,656 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/07/31 07:59:26 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\SN0ELMON.dat
[2012/07/31 07:59:17 | 000,172,128 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2012/07/31 07:58:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2012/07/27 18:39:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/07/27 17:26:28 | 000,003,080 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/07/27 12:45:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/27 12:23:28 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/07/27 12:05:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/27 11:59:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/07/27 05:57:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/07/27 05:55:58 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/26 22:26:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/01/26 22:26:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/12/17 16:00:46 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

========== LOP Check ==========

[2012/08/30 13:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2012
[2012/08/02 11:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.CSSI-TQ0\Application Data\AVG Secure Search
[2012/08/02 12:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.CSSI-TQ0\Application Data\AVG2012
[2012/07/30 08:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.CSSI-TQ0\Application Data\Oracle
[2012/09/05 06:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/08/02 13:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/08/02 07:28:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/12 13:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/07/27 16:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe Punzi\Application Data\Thunderbird
[2012/08/03 08:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi\Application Data\AVG Secure Search
[2012/08/02 13:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi\Application Data\AVG2012
[2012/08/06 13:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi\Application Data\ICAClient
[2012/07/31 08:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi\Application Data\OpenOffice.org
[2012/07/27 17:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi\Application Data\Thunderbird
[2012/08/30 18:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\AVG Secure Search
[2012/08/30 14:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\AVG2012
[2012/08/30 18:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\ICAClient
[2012/08/30 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\OpenOffice.org
[2012/08/30 18:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jpunzi.CSSI\Application Data\Thunderbird

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 08:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 08:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 08:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 08:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 01:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 08:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 08:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 08:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 08:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 08:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 08:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 08:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 08:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 08:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 08:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 08:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 08:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 08:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 08:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 08:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 08:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 08:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 08:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 08:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 08:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 08:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 08:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: QMGR.DLL >
[2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2008/04/14 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/07/27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2012/07/27 12:03:11 | 000,001,602 | ---- | M] () MD5=8DE16C7125620D21C6481D3E4EB39715 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2012/04/19 08:43:10 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/04/19 08:43:10 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/04/13 06:55:44 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = RpcSs [binary data] -- [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0" = Root\LEGACY_BITS\0000
"Count" = 1
"NextInstance" = 1

< End of report >

Attached Files


  • 0

#4
veritas6715

veritas6715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ASWMBR Log - Thank you!

Attached Files


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 10 MB offset 312560640

Looks like we have a remnant here

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#6
veritas6715

veritas6715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
14:06:34.0875 2520 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:06:35.0109 2520 ============================================================
14:06:35.0109 2520 Current date / time: 2012/09/12 14:06:35.0109
14:06:35.0109 2520 SystemInfo:
14:06:35.0109 2520
14:06:35.0109 2520 OS Version: 5.1.2600 ServicePack: 3.0
14:06:35.0109 2520 Product type: Workstation
14:06:35.0109 2520 ComputerName: JPUNZI
14:06:35.0109 2520 UserName: jpunzi
14:06:35.0109 2520 Windows directory: C:\WINDOWS
14:06:35.0109 2520 System windows directory: C:\WINDOWS
14:06:35.0109 2520 Processor architecture: Intel x86
14:06:35.0109 2520 Number of processors: 2
14:06:35.0109 2520 Page size: 0x1000
14:06:35.0109 2520 Boot type: Normal boot
14:06:35.0109 2520 ============================================================
14:06:36.0453 2520 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:06:36.0453 2520 ============================================================
14:06:36.0453 2520 \Device\Harddisk0\DR0:
14:06:36.0453 2520 MBR partitions:
14:06:36.0453 2520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
14:06:36.0453 2520 ============================================================
14:06:36.0500 2520 C: <-> \Device\Harddisk0\DR0\Partition1
14:06:36.0500 2520 ============================================================
14:06:36.0500 2520 Initialize success
14:06:36.0500 2520 ============================================================
14:06:57.0921 2748 ============================================================
14:06:57.0921 2748 Scan started
14:06:57.0921 2748 Mode: Manual; SigCheck; TDLFS;
14:06:57.0921 2748 ============================================================
14:06:58.0281 2748 ================ Scan system memory ========================
14:06:58.0281 2748 System memory - ok
14:06:58.0281 2748 ================ Scan services =============================
14:06:58.0359 2748 Abiosdsk - ok
14:06:58.0359 2748 abp480n5 - ok
14:06:58.0421 2748 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:06:58.0687 2748 ACPI - ok
14:06:58.0703 2748 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:06:58.0781 2748 ACPIEC - ok
14:06:58.0796 2748 adpu160m - ok
14:06:58.0828 2748 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:06:58.0937 2748 aec - ok
14:06:58.0984 2748 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:06:59.0062 2748 AFD - ok
14:06:59.0062 2748 Aha154x - ok
14:06:59.0062 2748 aic78u2 - ok
14:06:59.0062 2748 aic78xx - ok
14:06:59.0109 2748 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:06:59.0187 2748 Alerter - ok
14:06:59.0218 2748 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:06:59.0281 2748 ALG - ok
14:06:59.0296 2748 AliIde - ok
14:06:59.0296 2748 amsint - ok
14:06:59.0328 2748 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:06:59.0375 2748 AppMgmt - ok
14:06:59.0375 2748 asc - ok
14:06:59.0375 2748 asc3350p - ok
14:06:59.0390 2748 asc3550 - ok
14:06:59.0421 2748 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:06:59.0515 2748 AsyncMac - ok
14:06:59.0578 2748 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:06:59.0671 2748 atapi - ok
14:06:59.0671 2748 Atdisk - ok
14:06:59.0734 2748 [ 281D26DF656E53DAB568214EE282EC46 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:06:59.0796 2748 Ati HotKey Poller - ok
14:06:59.0968 2748 [ C2B6F2161ABD498D2B453050FFC81812 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:07:00.0265 2748 ati2mtag - ok
14:07:00.0312 2748 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:07:00.0375 2748 Atmarpc - ok
14:07:00.0421 2748 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:07:00.0515 2748 AudioSrv - ok
14:07:00.0562 2748 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:07:00.0656 2748 audstub - ok
14:07:00.0921 2748 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
14:07:01.0078 2748 AVGIDSAgent - ok
14:07:01.0140 2748 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
14:07:01.0156 2748 AVGIDSDriver - ok
14:07:01.0218 2748 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
14:07:01.0234 2748 AVGIDSFilter - ok
14:07:01.0281 2748 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
14:07:01.0296 2748 AVGIDSHX - ok
14:07:01.0359 2748 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
14:07:01.0375 2748 AVGIDSShim - ok
14:07:01.0437 2748 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:07:01.0453 2748 Avgldx86 - ok
14:07:01.0515 2748 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:07:01.0531 2748 Avgmfx86 - ok
14:07:01.0562 2748 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:07:01.0562 2748 Avgrkx86 - ok
14:07:01.0609 2748 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:07:01.0625 2748 Avgtdix - ok
14:07:01.0687 2748 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
14:07:01.0703 2748 avgtp - ok
14:07:01.0765 2748 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:07:01.0781 2748 avgwd - ok
14:07:01.0843 2748 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:07:01.0937 2748 Beep - ok
14:07:02.0125 2748 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:07:02.0250 2748 BITS - ok
14:07:02.0312 2748 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:07:02.0484 2748 Browser - ok
14:07:02.0593 2748 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:07:02.0718 2748 cbidf2k - ok
14:07:02.0718 2748 cd20xrnt - ok
14:07:02.0765 2748 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:07:02.0875 2748 Cdaudio - ok
14:07:02.0937 2748 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:07:03.0062 2748 Cdfs - ok
14:07:03.0125 2748 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:07:03.0250 2748 Cdrom - ok
14:07:03.0250 2748 Changer - ok
14:07:03.0312 2748 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:07:03.0484 2748 CiSvc - ok
14:07:03.0531 2748 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:07:03.0640 2748 ClipSrv - ok
14:07:03.0656 2748 CmdIde - ok
14:07:03.0656 2748 COMSysApp - ok
14:07:03.0656 2748 Cpqarray - ok
14:07:03.0734 2748 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:07:03.0843 2748 CryptSvc - ok
14:07:03.0843 2748 dac2w2k - ok
14:07:03.0843 2748 dac960nt - ok
14:07:03.0984 2748 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:07:04.0156 2748 DcomLaunch - ok
14:07:04.0250 2748 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:07:04.0359 2748 Dhcp - ok
14:07:04.0453 2748 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:07:04.0593 2748 Disk - ok
14:07:04.0593 2748 dmadmin - ok
14:07:05.0031 2748 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:07:06.0000 2748 dmboot - ok
14:07:06.0093 2748 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:07:06.0203 2748 dmio - ok
14:07:06.0343 2748 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:07:06.0468 2748 dmload - ok
14:07:06.0531 2748 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:07:06.0640 2748 dmserver - ok
14:07:06.0828 2748 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:07:06.0984 2748 DMusic - ok
14:07:07.0046 2748 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:07:07.0203 2748 Dnscache - ok
14:07:07.0468 2748 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:07:07.0562 2748 Dot3svc - ok
14:07:07.0562 2748 dpti2o - ok
14:07:07.0578 2748 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:07:07.0656 2748 drmkaud - ok
14:07:07.0703 2748 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:07:07.0812 2748 EapHost - ok
14:07:07.0875 2748 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:07:07.0984 2748 ERSvc - ok
14:07:08.0046 2748 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:07:08.0093 2748 Eventlog - ok
14:07:08.0375 2748 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:07:08.0453 2748 EventSystem - ok
14:07:08.0500 2748 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:07:08.0593 2748 Fastfat - ok
14:07:08.0640 2748 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:07:08.0703 2748 FastUserSwitchingCompatibility - ok
14:07:08.0781 2748 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:07:08.0875 2748 Fdc - ok
14:07:08.0921 2748 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:07:09.0015 2748 Fips - ok
14:07:09.0062 2748 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:07:09.0171 2748 Flpydisk - ok
14:07:09.0203 2748 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:07:09.0312 2748 FltMgr - ok
14:07:09.0343 2748 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:07:09.0437 2748 Fs_Rec - ok
14:07:09.0484 2748 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:07:09.0578 2748 Ftdisk - ok
14:07:09.0609 2748 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:07:09.0703 2748 Gpc - ok
14:07:09.0750 2748 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:07:09.0843 2748 HDAudBus - ok
14:07:09.0953 2748 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:07:10.0046 2748 helpsvc - ok
14:07:10.0093 2748 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:07:10.0187 2748 HidServ - ok
14:07:10.0234 2748 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:07:10.0343 2748 hidusb - ok
14:07:10.0359 2748 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:07:10.0437 2748 hkmsvc - ok
14:07:10.0437 2748 hpn - ok
14:07:10.0500 2748 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:07:10.0515 2748 HTTP - ok
14:07:10.0562 2748 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:07:10.0656 2748 HTTPFilter - ok
14:07:10.0656 2748 i2omgmt - ok
14:07:10.0656 2748 i2omp - ok
14:07:10.0703 2748 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:07:10.0812 2748 i8042prt - ok
14:07:10.0828 2748 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:07:10.0937 2748 Imapi - ok
14:07:10.0984 2748 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:07:11.0078 2748 ImapiService - ok
14:07:11.0078 2748 ini910u - ok
14:07:11.0218 2748 [ B1A809E7FE19BECD5ACA61F0E7088C8C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:07:11.0453 2748 IntcAzAudAddService - ok
14:07:11.0468 2748 IntelIde - ok
14:07:11.0546 2748 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:07:11.0656 2748 intelppm - ok
14:07:11.0671 2748 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:07:11.0750 2748 Ip6Fw - ok
14:07:11.0765 2748 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:07:11.0859 2748 IpFilterDriver - ok
14:07:11.0875 2748 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:07:11.0953 2748 IpInIp - ok
14:07:11.0984 2748 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:07:12.0093 2748 IpNat - ok
14:07:12.0140 2748 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:07:12.0234 2748 IPSec - ok
14:07:12.0265 2748 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:07:12.0296 2748 IRENUM - ok
14:07:12.0343 2748 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:07:12.0437 2748 isapnp - ok
14:07:12.0562 2748 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:07:12.0578 2748 JavaQuickStarterService - ok
14:07:12.0625 2748 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:07:12.0734 2748 Kbdclass - ok
14:07:12.0765 2748 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:07:12.0843 2748 kbdhid - ok
14:07:12.0843 2748 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:07:12.0937 2748 kmixer - ok
14:07:12.0984 2748 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:07:13.0078 2748 KSecDD - ok
14:07:13.0140 2748 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
14:07:13.0218 2748 LanmanServer - ok
14:07:13.0281 2748 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:07:13.0359 2748 lanmanworkstation - ok
14:07:13.0359 2748 lbrtfdc - ok
14:07:13.0421 2748 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:07:13.0531 2748 LmHosts - ok
14:07:13.0546 2748 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:07:13.0625 2748 Messenger - ok
14:07:13.0671 2748 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:07:13.0765 2748 mnmdd - ok
14:07:13.0781 2748 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:07:13.0859 2748 mnmsrvc - ok
14:07:13.0875 2748 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:07:13.0953 2748 Modem - ok
14:07:13.0984 2748 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:07:14.0078 2748 Mouclass - ok
14:07:14.0109 2748 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:07:14.0203 2748 mouhid - ok
14:07:14.0250 2748 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:07:14.0343 2748 MountMgr - ok
14:07:14.0359 2748 mraid35x - ok
14:07:14.0390 2748 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:07:14.0484 2748 MRxDAV - ok
14:07:14.0546 2748 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:07:14.0640 2748 MRxSmb - ok
14:07:14.0687 2748 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:07:14.0765 2748 MSDTC - ok
14:07:14.0796 2748 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:07:14.0906 2748 Msfs - ok
14:07:14.0906 2748 MSIServer - ok
14:07:14.0937 2748 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:07:15.0015 2748 MSKSSRV - ok
14:07:15.0015 2748 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:07:15.0093 2748 MSPCLOCK - ok
14:07:15.0109 2748 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:07:15.0171 2748 MSPQM - ok
14:07:15.0218 2748 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:07:15.0328 2748 mssmbios - ok
14:07:15.0359 2748 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:07:15.0375 2748 Mup - ok
14:07:15.0421 2748 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:07:15.0546 2748 napagent - ok
14:07:15.0578 2748 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:07:15.0671 2748 NDIS - ok
14:07:15.0718 2748 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:07:15.0781 2748 NdisTapi - ok
14:07:15.0843 2748 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:07:15.0937 2748 Ndisuio - ok
14:07:15.0984 2748 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:07:16.0093 2748 NdisWan - ok
14:07:16.0125 2748 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:07:16.0187 2748 NDProxy - ok
14:07:16.0250 2748 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:07:16.0359 2748 NetBIOS - ok
14:07:16.0390 2748 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:07:16.0500 2748 NetBT - ok
14:07:16.0515 2748 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:07:16.0593 2748 NetDDE - ok
14:07:16.0609 2748 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:07:16.0687 2748 NetDDEdsdm - ok
14:07:16.0734 2748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:07:16.0828 2748 Netlogon - ok
14:07:16.0875 2748 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:07:16.0984 2748 Netman - ok
14:07:17.0015 2748 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:07:17.0062 2748 Nla - ok
14:07:17.0093 2748 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:07:17.0187 2748 Npfs - ok
14:07:17.0250 2748 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:07:17.0375 2748 Ntfs - ok
14:07:17.0406 2748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:07:17.0484 2748 NtLmSsp - ok
14:07:17.0515 2748 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:07:17.0593 2748 NtmsSvc - ok
14:07:17.0625 2748 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:07:17.0718 2748 Null - ok
14:07:17.0734 2748 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:07:17.0812 2748 NwlnkFlt - ok
14:07:17.0828 2748 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:07:17.0906 2748 NwlnkFwd - ok
14:07:18.0046 2748 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:07:18.0062 2748 ose - ok
14:07:18.0265 2748 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:07:18.0484 2748 osppsvc - ok
14:07:18.0515 2748 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
14:07:18.0609 2748 Parport - ok
14:07:18.0640 2748 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:07:18.0750 2748 PartMgr - ok
14:07:18.0765 2748 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:07:18.0843 2748 ParVdm - ok
14:07:18.0890 2748 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:07:19.0000 2748 PCI - ok
14:07:19.0000 2748 PCIDump - ok
14:07:19.0031 2748 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:07:19.0109 2748 PCIIde - ok
14:07:19.0156 2748 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:07:19.0218 2748 Pcmcia - ok
14:07:19.0234 2748 PDCOMP - ok
14:07:19.0234 2748 PDFRAME - ok
14:07:19.0234 2748 PDRELI - ok
14:07:19.0234 2748 PDRFRAME - ok
14:07:19.0250 2748 perc2 - ok
14:07:19.0250 2748 perc2hib - ok
14:07:19.0281 2748 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:07:19.0296 2748 PlugPlay - ok
14:07:19.0296 2748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:07:19.0375 2748 PolicyAgent - ok
14:07:19.0390 2748 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:07:19.0484 2748 PptpMiniport - ok
14:07:19.0515 2748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:07:19.0578 2748 ProtectedStorage - ok
14:07:19.0593 2748 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:07:19.0703 2748 PSched - ok
14:07:19.0734 2748 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:07:19.0828 2748 Ptilink - ok
14:07:19.0828 2748 ql1080 - ok
14:07:19.0843 2748 Ql10wnt - ok
14:07:19.0843 2748 ql12160 - ok
14:07:19.0843 2748 ql1240 - ok
14:07:19.0843 2748 ql1280 - ok
14:07:19.0875 2748 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:07:19.0953 2748 RasAcd - ok
14:07:19.0984 2748 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:07:20.0062 2748 RasAuto - ok
14:07:20.0093 2748 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:07:20.0187 2748 Rasl2tp - ok
14:07:20.0218 2748 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:07:20.0328 2748 RasMan - ok
14:07:20.0359 2748 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:07:20.0453 2748 RasPppoe - ok
14:07:20.0484 2748 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:07:20.0578 2748 Raspti - ok
14:07:20.0625 2748 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:07:20.0718 2748 Rdbss - ok
14:07:20.0750 2748 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:07:20.0812 2748 RDPCDD - ok
14:07:20.0875 2748 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:07:20.0984 2748 rdpdr - ok
14:07:21.0015 2748 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:07:21.0093 2748 RDPWD - ok
14:07:21.0140 2748 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:07:21.0218 2748 RDSessMgr - ok
14:07:21.0250 2748 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:07:21.0359 2748 redbook - ok
14:07:21.0375 2748 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:07:21.0453 2748 RemoteAccess - ok
14:07:21.0500 2748 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:07:21.0609 2748 RemoteRegistry - ok
14:07:21.0640 2748 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:07:21.0703 2748 RpcLocator - ok
14:07:21.0750 2748 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:07:21.0765 2748 RpcSs - ok
14:07:21.0812 2748 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:07:21.0890 2748 RSVP - ok
14:07:21.0937 2748 [ BADABE0940C01619E8510B90FB314929 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:07:21.0953 2748 RTLE8023xp - ok
14:07:21.0984 2748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:07:22.0046 2748 SamSs - ok
14:07:22.0093 2748 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:07:22.0187 2748 SCardSvr - ok
14:07:22.0234 2748 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:07:22.0328 2748 Schedule - ok
14:07:22.0343 2748 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:07:22.0375 2748 Secdrv - ok
14:07:22.0421 2748 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:07:22.0531 2748 seclogon - ok
14:07:22.0546 2748 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:07:22.0656 2748 SENS - ok
14:07:22.0687 2748 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:07:22.0781 2748 serenum - ok
14:07:22.0812 2748 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:07:22.0906 2748 Serial - ok
14:07:22.0937 2748 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:07:23.0031 2748 Sfloppy - ok
14:07:23.0078 2748 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:07:23.0171 2748 SharedAccess - ok
14:07:23.0203 2748 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:07:23.0218 2748 ShellHWDetection - ok
14:07:23.0218 2748 Simbad - ok
14:07:23.0218 2748 Sparrow - ok
14:07:23.0234 2748 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:07:23.0328 2748 splitter - ok
14:07:23.0375 2748 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:07:23.0390 2748 Spooler - ok
14:07:23.0453 2748 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:07:23.0515 2748 sr - ok
14:07:23.0546 2748 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:07:23.0578 2748 srservice - ok
14:07:23.0640 2748 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:07:23.0718 2748 Srv - ok
14:07:23.0781 2748 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:07:23.0843 2748 SSDPSRV - ok
14:07:23.0890 2748 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:07:23.0968 2748 stisvc - ok
14:07:23.0984 2748 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:07:24.0093 2748 swenum - ok
14:07:24.0125 2748 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:07:24.0218 2748 swmidi - ok
14:07:24.0234 2748 SwPrv - ok
14:07:24.0234 2748 symc810 - ok
14:07:24.0234 2748 symc8xx - ok
14:07:24.0312 2748 [ 7E3A39F208D93F7D443794DB9AEFBE44 ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
14:07:24.0328 2748 SymEvent - ok
14:07:24.0328 2748 sym_hi - ok
14:07:24.0343 2748 sym_u3 - ok
14:07:24.0375 2748 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:07:24.0468 2748 sysaudio - ok
14:07:24.0515 2748 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:07:24.0593 2748 SysmonLog - ok
14:07:24.0656 2748 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:07:24.0718 2748 TapiSrv - ok
14:07:24.0750 2748 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:07:24.0765 2748 Tcpip - ok
14:07:24.0812 2748 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:07:24.0890 2748 TDPIPE - ok
14:07:24.0890 2748 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:07:24.0968 2748 TDTCP - ok
14:07:25.0015 2748 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:07:25.0109 2748 TermDD - ok
14:07:25.0156 2748 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:07:25.0250 2748 TermService - ok
14:07:25.0281 2748 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:07:25.0296 2748 Themes - ok
14:07:25.0328 2748 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:07:25.0359 2748 TlntSvr - ok
14:07:25.0375 2748 TosIde - ok
14:07:25.0406 2748 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:07:25.0500 2748 TrkWks - ok
14:07:25.0531 2748 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:07:25.0625 2748 Udfs - ok
14:07:25.0625 2748 ultra - ok
14:07:25.0671 2748 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:07:25.0781 2748 Update - ok
14:07:25.0796 2748 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:07:25.0843 2748 upnphost - ok
14:07:25.0859 2748 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:07:25.0937 2748 UPS - ok
14:07:25.0968 2748 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:07:26.0062 2748 usbccgp - ok
14:07:26.0109 2748 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:07:26.0203 2748 usbehci - ok
14:07:26.0234 2748 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:07:26.0343 2748 usbhub - ok
14:07:26.0390 2748 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:07:26.0484 2748 usbuhci - ok
14:07:26.0531 2748 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:07:26.0625 2748 VgaSave - ok
14:07:26.0625 2748 ViaIde - ok
14:07:26.0671 2748 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:07:26.0765 2748 VolSnap - ok
14:07:26.0796 2748 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:07:26.0843 2748 VSS - ok
14:07:26.0953 2748 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
14:07:26.0984 2748 vToolbarUpdater12.2.6 - ok
14:07:27.0046 2748 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
14:07:27.0156 2748 W32Time - ok
14:07:27.0187 2748 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:07:27.0281 2748 Wanarp - ok
14:07:27.0281 2748 WDICA - ok
14:07:27.0328 2748 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:07:27.0437 2748 wdmaud - ok
14:07:27.0484 2748 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:07:27.0578 2748 WebClient - ok
14:07:27.0671 2748 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:07:27.0734 2748 winmgmt - ok
14:07:27.0781 2748 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
14:07:27.0859 2748 WmdmPmSN - ok
14:07:27.0906 2748 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:07:27.0984 2748 Wmi - ok
14:07:28.0000 2748 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:07:28.0093 2748 WmiApSrv - ok
14:07:28.0125 2748 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:07:28.0234 2748 wscsvc - ok
14:07:28.0265 2748 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:07:28.0375 2748 wuauserv - ok
14:07:28.0421 2748 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:07:28.0531 2748 WZCSVC - ok
14:07:28.0546 2748 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:07:28.0625 2748 xmlprov - ok
14:07:28.0625 2748 ================ Scan global ===============================
14:07:28.0671 2748 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:07:28.0734 2748 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:07:28.0750 2748 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:07:28.0765 2748 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:07:28.0765 2748 [Global] - ok
14:07:28.0765 2748 ================ Scan MBR ==================================
14:07:28.0796 2748 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:07:29.0171 2748 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:07:29.0171 2748 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:07:29.0171 2748 ================ Scan VBR ==================================
14:07:29.0171 2748 [ 8B62B5984D7DE58D225A94CF008A87C7 ] \Device\Harddisk0\DR0\Partition1
14:07:29.0171 2748 \Device\Harddisk0\DR0\Partition1 - ok
14:07:29.0171 2748 ============================================================
14:07:29.0171 2748 Scan finished
14:07:29.0171 2748 ============================================================
14:07:29.0281 2148 Detected object count: 1
14:07:29.0281 2148 Actual detected object count: 1
14:07:53.0671 2148 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:07:53.0671 2148 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run TDSSKiller one more time with the same parameters
When you see this then select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

Once done let me know how the system is behaving please, any problems
  • 0

#8
veritas6715

veritas6715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Everything seems to be running perfectly well. Is that it?
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#10
veritas6715

veritas6715

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I have taken those steps. Thank you so much!! :) Do I need to create new system restore points?
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OTL cleared all the bad restore points and set a fresh one for you
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP