Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

**INFECTED** Win32:Hrupka-D and...


  • This topic is locked This topic is locked

#1
blah12

blah12

    Member

  • Member
  • PipPip
  • 32 posts
Pretty sure it's a rootkit. Someone smart PLEASE HELP.

Symptoms:

Stuttering audio, mouse pointer briefly sticks at a regular interval.

History:

Reinstalled Windows XP several times after attempting system restore. In the past a system restore had resolved the audio stutter problem temporarily, but it would always later resurface. Reinstalling windows also temporarily would solve the problem, but again it would always resurface later.

Recently I was working at my DAW. The behavior of the computer started to become erratic (I just assumed it was from high memory usage.) Then moments later there was a split second power surge (even the lamp in the room went out,) and after restarting my computer the audio was stuttering, and long with regular stutter in the mouse movement. I performed two system restores, and failing to resolve the issue re installed windows from the hard drive partition. Five times. The symptoms are showing no sign of going away anytime soon. Also my anti-virus, and other programs are showing a virus on my system.

I would assume that it could be the sound card, but no because it has done this before and discontinued the symptoms after a system restore. Also observe this data from my freshly reinstalled windows:

(in a possibly related issue my wireless mouse just quit working. could be a hardware issue. could be this as well as it stopped working after this: Trojan.Win32.Adware
Quarantine {87D80214-5A91-4C8B-959D-DB22549D255A} completed.)

MalwareBytes found nothing

AVAST:

Process 1988 [explorer.exe], memory block 0x0000000 Severity: High Threat: Win32:Malware-gen
Process 2196 [rundll32.exe], memory block 0x0000000 Severity: Medium Threat: Win32:RunDLLMod [susp]
Process 3596 [netwaiting.exe], memory block 0x0000000 Severity: Medium Threat: Win32:WrongInf-D [susp]

aswMBR:

21:24:57.890 File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1\A0000215.exe **INFECTED** Win32:Hrupka-D [Cryp]

VIPRER:


[CLEANING:] Item: C:\Program Files\DIGStream\digstream.exe, ID: 4
Trojan.Win32.Adware
Quarantine {87D80214-5A91-4C8B-959D-DB22549D255A} completed.
Clean Completed.
Clean time: 00:00:02
1 threats were cleaned.




OTL logfile created on: 9/13/2012 11:36:38 PM - Run 1

OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 541.57 Mb Available Physical Memory | 52.97% Memory free
2.40 Gb Paging File | 2.04 Gb Available in Paging File | 84.87% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.58 Gb Total Space | 77.67 Gb Free Space | 89.71% Space Free | Partition Type: NTFS

Computer Name: DDXXQ1B1 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/13 23:36:04 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001
PRC - [2012/09/13 21:53:45 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2006/05/24 10:52:13 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/04/06 15:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/01/02 10:13:52 | 001,126,400 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
PRC - [2005/12/28 13:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 12:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/12/28 12:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/28 12:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/16 15:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/31 11:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/08/12 15:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/12/02 19:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/09/10 03:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/13 23:36:04 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Temp\clclean.0001.dir.0001\~df394b.tmp
MOD - [2012/09/13 15:55:05 | 001,810,944 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12091301\algo.dll
MOD - [2006/04/06 15:59:08 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/03/03 04:18:08 | 001,355,938 | ---- | M] () -- C:\WINDOWS\system32\CTMBHA.DLL
MOD - [2005/12/28 13:11:34 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/28 13:11:34 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/28 13:11:34 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/11/16 11:05:08 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/08/30 00:13:42 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2005/08/16 22:02:56 | 001,257,472 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2005/08/16 22:02:56 | 001,224,704 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2005/08/16 22:02:54 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2005/08/16 22:02:54 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005/08/16 22:02:54 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2005/08/16 22:02:54 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2005/08/16 22:02:54 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2005/08/16 22:00:04 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2005/08/05 15:01:54 | 000,282,112 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/08/10 06:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2004/08/10 06:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/09/10 03:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
MOD - [2003/03/20 17:11:02 | 000,073,728 | ---- | M] () -- C:\Program Files\Creative\VoiceCenter\AEWave.ax


========== Services (SafeList) ==========

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006/05/24 10:52:13 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/28 13:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/05/25 13:14:24 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2006/02/16 00:39:00 | 001,421,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/04 01:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/12/28 14:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/04 10:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 10:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/25 03:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 04:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 04:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1466
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/13 13:34:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/13 13:11:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/13 13:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2012/09/13 13:11:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/13 13:34:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe ()
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [HTAReg] C:\Program Files\Creative\Sound Blaster Audigy ADVANCED MB\Product Registration\English\HTAReg.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03C02C4E-EFB1-445B-8BBE-D35D513ECBB1}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/13 22:32:13 | 000,101,112 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/09/13 22:32:13 | 000,042,864 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/09/13 22:32:04 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/09/13 21:56:59 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.com
[2012/09/13 21:56:10 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.scr
[2012/09/13 21:53:45 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/09/13 20:25:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Chris\Desktop\aswMBR.exe
[2012/09/13 20:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\TrendMicro AntiThreat Toolkit
[2012/09/13 20:04:30 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/09/13 19:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2012/09/13 19:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/13 19:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/13 19:52:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/13 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/13 19:23:39 | 006,798,312 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Chris\Desktop\attk_far_gui_x86.exe
[2012/09/13 19:23:15 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\Desktop\mbam-setup-1.62.0.1300.exe
[2012/09/13 19:06:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Administrative Tools
[2012/09/13 14:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2012/09/13 14:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\McAfee.com Personal Firewall
[2012/09/13 14:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2012/09/13 14:02:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Application Data\Gtek
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Macromedia
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Intel
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Identities
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Corel
[2012/09/13 14:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\ATI
[2012/09/13 14:02:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\Application Data\Microsoft
[2012/09/13 14:02:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\Cookies
[2012/09/13 14:02:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Application Data
[2012/09/13 14:02:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Favorites
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Sun
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Musicmatch
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\BVRP Software
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ATI
[2012/09/13 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ApplicationHistory
[2012/09/13 14:02:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\SendTo
[2012/09/13 14:02:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Pictures
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Music
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents
[2012/09/13 14:02:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Accessories
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Templates
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\PrintHood
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\NetHood
[2012/09/13 14:02:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Chris\Local Settings
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Wildtangent
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\VoiceCenter
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Dell Accessories
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Dell
[2012/09/13 14:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2012/09/13 13:34:43 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/09/13 13:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/09/13 13:34:42 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/09/13 13:34:41 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/09/13 13:34:40 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/09/13 13:34:40 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/09/13 13:34:38 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/09/13 13:34:38 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/09/13 13:34:37 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/09/13 13:34:02 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/09/13 13:34:02 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/09/13 13:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/13 13:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/13 13:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Downloads
[2012/09/13 13:20:01 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/09/13 13:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla
[2012/09/13 13:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Mozilla
[2012/09/13 13:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/13 23:36:23 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/13 23:35:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/13 23:30:26 | 000,921,654 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\viprerescue log.bmp
[2012/09/13 22:31:35 | 118,116,352 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\VIPRERescue13044.exe
[2012/09/13 21:57:00 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.com
[2012/09/13 21:56:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.scr
[2012/09/13 21:53:45 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/09/13 21:41:33 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\MBR.dat
[2012/09/13 20:26:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Chris\Desktop\aswMBR.exe
[2012/09/13 20:23:56 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/09/13 20:04:12 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2012/09/13 19:53:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/13 19:24:09 | 006,798,312 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Chris\Desktop\attk_far_gui_x86.exe
[2012/09/13 19:23:38 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\Desktop\mbam-setup-1.62.0.1300.exe
[2012/09/13 14:48:53 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Avast Results.bmp
[2012/09/13 14:02:46 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2012/09/13 14:02:34 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/13 14:02:28 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Windows Media Player.lnk
[2012/09/13 14:02:26 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/09/13 14:01:11 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/09/13 14:01:06 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2012/09/13 14:01:05 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\ISP signup reminder 1.job
[2012/09/13 13:59:22 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/13 13:37:52 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/13 13:34:43 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/09/13 13:32:29 | 093,654,616 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe
[2012/09/13 13:22:00 | 000,033,024 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2012/09/13 13:20:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/13 13:18:53 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2012/09/13 13:11:34 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/13 13:11:34 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/13 13:07:46 | 000,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/13 13:07:46 | 000,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/21 05:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/13 23:30:26 | 000,921,654 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\viprerescue log.bmp
[2012/09/13 22:10:23 | 118,116,352 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\VIPRERescue13044.exe
[2012/09/13 20:46:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\MBR.dat
[2012/09/13 20:04:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2012/09/13 19:52:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/13 14:48:52 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Avast Results.bmp
[2012/09/13 14:02:28 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Windows Media Player.lnk
[2012/09/13 14:02:08 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2012/09/13 14:02:08 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk
[2012/09/13 14:02:08 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/09/13 14:02:08 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/09/13 14:02:08 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/13 14:02:08 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/09/13 14:02:07 | 000,001,298 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Media Center.lnk
[2012/09/13 14:02:07 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/13 14:02:06 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\fusioncache.dat
[2012/09/13 14:02:05 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Remote Assistance.lnk
[2012/09/13 14:02:05 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Windows Media Player.lnk
[2012/09/13 14:02:05 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Internet Explorer.lnk
[2012/09/13 14:02:05 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Outlook Express.lnk
[2012/09/13 14:01:05 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\ISP signup reminder 1.job
[2012/09/13 13:59:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/13 13:34:43 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/09/13 13:34:38 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/13 13:26:36 | 093,654,616 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\avast_free_antivirus_setup.exe
[2012/09/13 13:18:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2012/09/13 13:11:34 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/13 13:11:34 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/13 13:11:33 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2006/05/24 10:50:06 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== LOP Check ==========

[2012/09/13 13:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2006/05/24 11:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/09/13 23:36:23 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/09/13 14:01:05 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ok so on the laptop everything apparently has a "stutter," or sticks. For example when scrolling down a web page the motion of the page sticks for a brief second at a regular interval.

stutter might not be the best word. the process of the computer lags for a split second interval at a predictable time. which wouldn't seem like a big deal aside from being extremely annoying, but i use my computer primarily for audio recording, and the system behavior is completely unacceptable, and renders the computer perform to incapacitated status. i have to get this fixed.

and for some reason i can not download and install adobe flash player with adobes flash player down loader and installer.
  • 0

#3
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Service Pack Advice:

At present it appears your machine has only SP2 installed:-

Windows XP Media Center Edition Service Pack 2

Support for the aforementioned has been withdrawn by Microsoft:-

Support for Windows XP with Service Pack 2 (SP2) ended on July 13, 2010


Source.

Do not attempt to install Service Pack 3 at this time as that will in all likely hood create more problems rather than solve anything.

We will address this in due course OK...

Scan with DDS:

Please download DDS and save it to your Desktop from here.

Alternate downloads are here or here.

  • Disable any script blocker, and then double click on DDS to run the tool.
  • When done, DDS will open two logs:
  • DDS.txt <-- Will be opened
  • Attach.txt <-- Will be minimized
  • Save both reports to your desktop.
  • Please post the contents of these two Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Both DDS logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#4
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi Dakeyras. Thanks for helping.

The computers performance is the same. Still stuttering audio; lagging mouse ect. No new symptoms that I am aware of with the exception that AVAST is now saying it has 13 infections when before it said it only had 3 infections.

DDS.TXT

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Chris at 11:12:18 on 2012-09-17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.428 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\clclean.0001
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\nsb518.tmp\MBR.DAT
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar =
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = <local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [<NO NAME>]
mRun: [BuildBU] c:\dell\bldbubg.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [HTAReg] "c:\program files\creative\sound blaster audigy advanced mb\product registration\english\HTAReg.exe" /Reboot=1
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{03C02C4E-EFB1-445B-8BBE-D35D513ECBB1} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\z4r2bh9e.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-9-13 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-9-13 355632]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-9-13 101112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-9-13 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-13 44808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-13 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-13 676936]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-13 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-16 129976]
.
=============== Created Last 30 ================
.
2012-09-16 16:12:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-16 16:11:57 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-09-16 16:11:57 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-09-16 16:11:56 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-09-16 16:11:56 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-09-16 16:11:56 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-09-16 16:11:55 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-09-16 16:11:55 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-09-16 16:11:54 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-09-16 16:11:54 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-09-14 16:17:31 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 16:17:31 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 06:52:25 -------- d-----w- c:\documents and settings\chris\local settings\application data\Adobe
2012-09-14 06:50:33 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-09-14 06:50:33 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-09-14 04:51:42 1409 ----a-w- c:\windows\QTFont.for
2012-09-14 02:32:13 42864 ----a-w- c:\windows\system32\sbbd.exe
2012-09-14 02:32:13 101112 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-09-14 02:32:04 -------- d-----w- C:\VIPRERESCUE
2012-09-14 00:04:30 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-13 23:52:21 -------- d-----w- c:\documents and settings\chris\application data\Malwarebytes
2012-09-13 23:52:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-13 23:52:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 23:52:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-13 18:03:15 -------- d-----w- c:\documents and settings\chris\application data\McAfee.com Personal Firewall
2012-09-13 17:59:16 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-09-13 17:59:13 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-09-13 17:59:06 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-09-13 17:59:01 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-09-13 17:58:57 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-09-13 17:34:40 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-13 17:34:02 41224 ----a-w- c:\windows\avastSS.scr
2012-09-13 17:33:40 -------- d-----w- c:\program files\AVAST Software
2012-09-13 17:33:40 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-09-13 17:10:22 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
.
==================== Find3M ====================
.
.
============= FINISH: 11:12:36.10 ===============

Attached Files


  • 0

#5
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ATTACH.TXT

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/13/2012 2:01:10 PM
System Uptime: 9/14/2012 11:02:06 AM (72 hours ago)
.
Motherboard: Dell Inc. | | 0XD720
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | Microprocessor | 1662/133mhz
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | Microprocessor | 1662/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 87 GiB total, 76.911 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 9/13/2012 2:01:15 PM - System Checkpoint
RP2: 9/13/2012 1:33:40 PM - avast! Free Antivirus Setup
RP3: 9/14/2012 3:05:03 PM - System Checkpoint
RP4: 9/15/2012 10:51:38 PM - System Checkpoint
RP5: 9/16/2012 11:43:43 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 11 Plugin
Adobe Reader 6.0.1
Andrea VoiceCenter
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
Broadcom Management Programs
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Creative MediaSource
Dell Digital Jukebox Driver
Dell Game Console
Dell Support 3.1
Dell System Restore
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EducateU
ESPNMotion
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB912024)
Intel® PROSet/Wireless Software
Internet Service Offers Launcher
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.65.0.1400
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Money 2006
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets & Trips 2006
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mPfWiz
mProSafe
mSSO
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
NetZeroInstallers
Otto
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer Basic
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Sonic Copy Module
Sonic DLA
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Synaptics Pointing Device Driver
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB912945)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Works Upgrade
.
==== Event Viewer Messages From Past Week ========
.
9/13/2012 9:38:56 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
9/13/2012 7:52:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 APPDRV aswSP aswTdi Fips intelppm
9/13/2012 7:51:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/13/2012 11:30:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/13/2012 1:19:04 PM, error: Service Control Manager [7034] - The McAfee.com McShield service terminated unexpectedly. It has done this 1 time(s).
9/13/2012 1:17:05 PM, error: Service Control Manager [7034] - The Creative Labs Licensing Service service terminated unexpectedly. It has done this 1 time(s).
9/13/2012 1:16:58 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
9/13/2012 1:16:31 PM, error: Service Control Manager [7034] - The McAfee SpamKiller Server service terminated unexpectedly. It has done this 1 time(s).
9/13/2012 1:16:15 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
9/13/2012 1:16:10 PM, error: Service Control Manager [7034] - The McAfee WSC Integration service terminated unexpectedly. It has done this 1 time(s).
9/13/2012 1:16:10 PM, error: Service Control Manager [7034] - The McAfee Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
9/13/2012 1:16:10 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
.
==== End Of File ===========================
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Thanks for helping.

You're welcome!

The computers performance is the same. Still stuttering audio; lagging mouse ect. No new symptoms that I am aware of with the exception that AVAST is now saying it has 13 infections when before it said it only had 3 infections.

OK and thanks for the update...

It appears some remnants of the formally installed McAfee VirusScan are still present, so we will address that. Some software is out of date but we will deal with them at the same time we do SP3.

I have a fair few tasks outlined below, just take your time and all should go well. Absolutely any problems encountered just stop what you are doing and inform myself straight away please.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double-click on erunt-setup.exe to install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

McaFee Cleanup:

  • Please download the McAfee Removal Tooland save to your desktop.
  • Double click on MCPR.exe to launch the application.
  • Follow the prompts >> and finally click on Restart >> Yes.
Download/Run ComboFix:

Please visit this web-page for download links, and instructions for running the tool:

How to use ComboFix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall and Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

Or if you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • ComboFix Log.
  • Malwarebytes Anti-Malware Log.

  • 0

#7
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
It's still messed up :/

LOG.TXT

ComboFix 12-09-16.01 - Chris 09/17/2012 15:39:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.306 [GMT -4:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Chris\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Chris\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wt
c:\windows\wt\data.wts
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdcaps.ded
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.jar
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html
c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt
c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded
c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-17 19:11 . 2012-09-17 19:12 -------- d-----w- c:\program files\ERUNT
2012-09-16 16:12 . 2012-09-17 19:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-14 16:17 . 2012-09-14 16:17 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 16:17 . 2012-09-14 16:17 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 06:52 . 2012-09-14 06:52 -------- d-----w- c:\program files\Common Files\Adobe
2012-09-14 06:50 . 2004-08-04 03:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-09-14 06:50 . 2004-08-04 03:07 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-09-14 04:51 . 2012-09-14 04:51 1409 ----a-w- c:\windows\QTFont.for
2012-09-14 02:32 . 2012-05-25 17:14 42864 ----a-w- c:\windows\system32\sbbd.exe
2012-09-14 02:32 . 2012-05-25 17:14 101112 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-09-14 02:32 . 2012-09-14 03:20 -------- d-----w- C:\VIPRERESCUE
2012-09-14 00:04 . 2012-09-14 00:23 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-09-13 23:52 . 2012-09-13 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-13 23:52 . 2012-09-13 23:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-13 23:52 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 18:02 . 2012-09-13 18:02 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2012-09-13 18:01 . 2012-09-13 23:44 -------- d-----w- c:\documents and settings\Chris
2012-09-13 18:01 . 2006-05-24 15:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Corel
2012-09-13 18:01 . 2006-05-24 15:01 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Gtek
2012-09-13 18:01 . 2006-05-24 14:55 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI
2012-09-13 17:59 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-09-13 17:59 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-09-13 17:59 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-09-13 17:59 . 2004-08-04 04:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-09-13 17:58 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-09-13 17:34 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-13 17:34 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-13 17:34 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-13 17:34 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-13 17:34 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-13 17:34 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-13 17:34 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-13 17:34 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-13 17:34 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-13 17:34 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-13 17:33 . 2012-09-13 17:33 -------- d-----w- c:\program files\AVAST Software
2012-09-13 17:33 . 2012-09-13 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-09-13 17:10 . 2004-08-04 03:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-17 19:26 . 2012-09-13 17:11 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"MBMon"="CTMBHA.DLL" [2006-03-03 1355938]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 61440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"HTAReg"="c:\program files\Creative\Sound Blaster Audigy ADVANCED MB\Product Registration\English\HTAReg.exe" [2005-10-21 512094]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-24 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/13/2012 1:34 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/13/2012 1:34 PM 355632]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [9/13/2012 10:32 PM 101112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/13/2012 1:34 PM 21256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/13/2012 7:53 PM 399432]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/13/2012 7:52 PM 676936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/13/2012 7:52 PM 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/16/2012 12:12 PM 114144]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-13 09:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\z4r2bh9e.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-17 15:43
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-09-17 15:44:42
ComboFix-quarantined-files.txt 2012-09-17 19:44
.
Pre-Run: 82,566,955,008 bytes free
Post-Run: 82,544,959,488 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1F9D978498DF936E108A18744F6DC49E

Attached Files


  • 0

#8
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.17.08

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Chris :: DDXXQ1B1 [administrator]

Protection: Disabled

9/17/2012 3:52:47 PM
mbam-log-2012-09-17 (15-52-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201708
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#9
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

It's still messed up :/

OK, acknowledged.

No need to attach any logs please unless I request otherwise, thank you.

Do you have the XP Installation CD-ROM on hand in-case we need to make use of it?

In the meantime carry out the below for me please as follows and post the resulting logs etc...

Check Hard Disk For Errors:

Click on Start >> Run.., then copy/paste the following command into the box and click on OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Double-click on TDSSKiller.exe to launch it.
  • When the window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signitures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
  • 0

#10
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I discovered what seems to be another symptom. After downloading those applications the computer froze (not the mouse pointer, but i couldn't click on anything) for a pretty long time. I've seen much worst, but it shouldn't have been doing that. Uh. It might have froze when the download dialog box opened. Not real sure, and maybe it completely froze for 30 seconds? It also froze when I downloaded the other applications earlier (combo.fix, and the other one,) and so I guess that could be a symptom?

I have a Dell Inspiron e1505. It has a completely separate Hard Disk partition with a factory installed copy of windows xp on it. Ctrl F11 on the start up screen initializes a windows "reinstall" lol. I do not have a windows disk; i don't think it came with one, but wouldn't know. It was my brothers computer he gave it to me. I can reinstall windows if needed; unless DOS "blows up" I guess. Thanks again by the way for helping here.

And I wouldn't know if it could be related, but now, and occasionally my computer won't connect to this website saying something like, "firefox can not find server. Connection timed out." Yeah, and pages are loading as HTML or sometimes
not at all. I had to use internet explorer to access the
site, and update my post. It appears to be HTML in explorer
as well (could because the browser is out dated though?"
Well I have no clue as to why Firefox started doing this. It
seems unrelated to running those programs, as I did so a couple
hours ago, and it just started doing this. Massive lag. Hard to read.
and type.

CHKDSK:

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
Deleting index entry JOURNA~1 in index $I30 of file 42605.

Errors found. CHKDSK cannot continue in read-only mode.

TDSSKiller

19:21:21.0125 1308 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:21:41.0578 1308 ============================================================
19:21:41.0578 1308 Current date / time: 2012/09/17 19:21:41.0578
19:21:41.0578 1308 SystemInfo:
19:21:41.0578 1308
19:21:41.0578 1308 OS Version: 5.1.2600 ServicePack: 2.0
19:21:41.0578 1308 Product type: Workstation
19:21:41.0578 1308 ComputerName: DDXXQ1B1
19:21:41.0578 1308 UserName: Chris
19:21:41.0578 1308 Windows directory: C:\WINDOWS
19:21:41.0578 1308 System windows directory: C:\WINDOWS
19:21:41.0578 1308 Processor architecture: Intel x86
19:21:41.0578 1308 Number of processors: 2
19:21:41.0578 1308 Page size: 0x1000
19:21:41.0578 1308 Boot type: Normal boot
19:21:41.0578 1308 ============================================================
19:21:43.0390 1308 Drive \Device\Harddisk0\DR0 - Size: 0x16F0649400 (91.76 Gb), SectorSize: 0x200, Cylinders: 0x2ECA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:21:43.0484 1308 ============================================================
19:21:43.0484 1308 \Device\Harddisk0\DR0:
19:21:43.0484 1308 MBR partitions:
19:21:43.0484 1308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xAD27CA6
19:21:43.0484 1308 ============================================================
19:21:43.0531 1308 C: <-> \Device\Harddisk0\DR0\Partition1
19:21:43.0531 1308 ============================================================
19:21:43.0531 1308 Initialize success
19:21:43.0531 1308 ============================================================
19:22:58.0203 2848 ============================================================
19:22:58.0203 2848 Scan started
19:22:58.0203 2848 Mode: Manual; SigCheck; TDLFS;
19:22:58.0203 2848 ============================================================
19:22:58.0406 2848 ================ Scan system memory ========================
19:22:59.0578 2848 System memory - ok
19:22:59.0578 2848 ================ Scan services =============================
19:22:59.0734 2848 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
19:22:59.0953 2848 Aavmker4 - ok
19:22:59.0953 2848 Abiosdsk - ok
19:23:00.0031 2848 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:23:01.0421 2848 abp480n5 - ok
19:23:01.0453 2848 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:23:01.0656 2848 ACPI - ok
19:23:01.0687 2848 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:23:01.0828 2848 ACPIEC - ok
19:23:01.0875 2848 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:23:02.0000 2848 adpu160m - ok
19:23:02.0046 2848 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:23:02.0187 2848 aec - ok
19:23:02.0218 2848 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:23:02.0234 2848 AegisP ( UnsignedFile.Multi.Generic ) - warning
19:23:02.0234 2848 AegisP - detected UnsignedFile.Multi.Generic (1)
19:23:02.0250 2848 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:23:02.0375 2848 AFD - ok
19:23:02.0406 2848 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:23:02.0546 2848 agp440 - ok
19:23:02.0578 2848 [ 67288B07D6ABA6C1267B626E67BC56FD ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:23:02.0703 2848 agpCPQ - ok
19:23:02.0718 2848 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:23:02.0781 2848 Aha154x - ok
19:23:02.0812 2848 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:23:02.0937 2848 aic78u2 - ok
19:23:02.0968 2848 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:23:03.0093 2848 aic78xx - ok
19:23:03.0125 2848 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:23:03.0250 2848 Alerter - ok
19:23:03.0265 2848 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
19:23:03.0328 2848 ALG - ok
19:23:03.0343 2848 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
19:23:03.0484 2848 AliIde - ok
19:23:03.0515 2848 [ F312B7CEF21EFF52FA23056B9D815FAD ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:23:03.0687 2848 alim1541 - ok
19:23:03.0718 2848 [ 675C16A3C1F8482F85EE4A97FC0DDE3D ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:23:03.0843 2848 amdagp - ok
19:23:03.0859 2848 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
19:23:03.0921 2848 amsint - ok
19:23:03.0968 2848 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
19:23:03.0968 2848 APPDRV ( UnsignedFile.Multi.Generic ) - warning
19:23:03.0968 2848 APPDRV - detected UnsignedFile.Multi.Generic (1)
19:23:03.0984 2848 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:23:04.0046 2848 AppMgmt - ok
19:23:04.0046 2848 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:23:04.0203 2848 Arp1394 - ok
19:23:04.0218 2848 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
19:23:04.0343 2848 asc - ok
19:23:04.0343 2848 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:23:04.0406 2848 asc3350p - ok
19:23:04.0406 2848 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:23:04.0531 2848 asc3550 - ok
19:23:04.0640 2848 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
19:23:04.0656 2848 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
19:23:04.0656 2848 aspnet_state - detected UnsignedFile.Multi.Generic (1)
19:23:04.0687 2848 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:23:04.0687 2848 aswFsBlk - ok
19:23:04.0734 2848 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
19:23:04.0750 2848 aswMon2 - ok
19:23:04.0765 2848 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
19:23:04.0781 2848 AswRdr - ok
19:23:04.0812 2848 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
19:23:04.0875 2848 aswSnx - ok
19:23:04.0906 2848 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
19:23:04.0937 2848 aswSP - ok
19:23:04.0968 2848 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
19:23:04.0984 2848 aswTdi - ok
19:23:05.0000 2848 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:23:05.0140 2848 AsyncMac - ok
19:23:05.0171 2848 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:23:05.0312 2848 atapi - ok
19:23:05.0328 2848 Atdisk - ok
19:23:05.0390 2848 [ 954C1D5B84D1CF925999A4C27E2AB34D ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:23:05.0437 2848 Ati HotKey Poller - ok
19:23:05.0515 2848 [ BEBEB471617782D138B6F92E7C3FAB1C ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:23:05.0625 2848 ati2mtag - ok
19:23:05.0640 2848 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:23:05.0781 2848 Atmarpc - ok
19:23:05.0828 2848 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:23:05.0968 2848 AudioSrv - ok
19:23:05.0984 2848 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:23:06.0125 2848 audstub - ok
19:23:06.0187 2848 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:23:06.0203 2848 avast! Antivirus - ok
19:23:06.0218 2848 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:23:06.0281 2848 bcm4sbxp - ok
19:23:06.0312 2848 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:23:06.0453 2848 Beep - ok
19:23:06.0484 2848 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
19:23:06.0640 2848 BITS - ok
19:23:06.0687 2848 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
19:23:06.0828 2848 Browser - ok
19:23:06.0921 2848 catchme - ok
19:23:06.0953 2848 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:23:07.0093 2848 cbidf - ok
19:23:07.0109 2848 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:23:07.0234 2848 cbidf2k - ok
19:23:07.0281 2848 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:23:07.0328 2848 cd20xrnt - ok
19:23:07.0328 2848 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:23:07.0468 2848 Cdaudio - ok
19:23:07.0484 2848 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:23:07.0625 2848 Cdfs - ok
19:23:07.0656 2848 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:23:07.0796 2848 Cdrom - ok
19:23:07.0812 2848 Changer - ok
19:23:07.0843 2848 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:23:07.0984 2848 CiSvc - ok
19:23:07.0984 2848 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:23:08.0125 2848 ClipSrv - ok
19:23:08.0140 2848 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:23:08.0265 2848 CmBatt - ok
19:23:08.0281 2848 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:23:08.0406 2848 CmdIde - ok
19:23:08.0406 2848 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:23:08.0531 2848 Compbatt - ok
19:23:08.0531 2848 COMSysApp - ok
19:23:08.0578 2848 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:23:08.0718 2848 Cpqarray - ok
19:23:08.0765 2848 [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
19:23:08.0781 2848 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:23:08.0781 2848 Creative Labs Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:23:08.0796 2848 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
19:23:08.0812 2848 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
19:23:08.0812 2848 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
19:23:08.0828 2848 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:23:08.0953 2848 CryptSvc - ok
19:23:08.0968 2848 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
19:23:09.0000 2848 ctsfm2k - ok
19:23:09.0031 2848 [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
19:23:09.0062 2848 CTUSFSYN - ok
19:23:09.0093 2848 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:23:09.0250 2848 dac2w2k - ok
19:23:09.0250 2848 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:23:09.0390 2848 dac960nt - ok
19:23:09.0453 2848 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:23:09.0609 2848 DcomLaunch - ok
19:23:09.0640 2848 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:23:09.0781 2848 Dhcp - ok
19:23:09.0796 2848 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:23:09.0921 2848 Disk - ok
19:23:09.0921 2848 dmadmin - ok
19:23:09.0968 2848 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:23:10.0156 2848 dmboot - ok
19:23:10.0171 2848 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:23:10.0312 2848 dmio - ok
19:23:10.0343 2848 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:23:10.0468 2848 dmload - ok
19:23:10.0484 2848 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
19:23:10.0625 2848 dmserver - ok
19:23:10.0687 2848 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:23:10.0859 2848 DMusic - ok
19:23:10.0890 2848 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:23:11.0031 2848 Dnscache - ok
19:23:11.0046 2848 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:23:11.0171 2848 dpti2o - ok
19:23:11.0187 2848 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:23:11.0343 2848 drmkaud - ok
19:23:11.0390 2848 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
19:23:11.0406 2848 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
19:23:11.0406 2848 drvmcdb - detected UnsignedFile.Multi.Generic (1)
19:23:11.0421 2848 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
19:23:11.0421 2848 drvnddm ( UnsignedFile.Multi.Generic ) - warning
19:23:11.0421 2848 drvnddm - detected UnsignedFile.Multi.Generic (1)
19:23:11.0437 2848 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:23:11.0578 2848 E100B - ok
19:23:11.0640 2848 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
19:23:11.0687 2848 ehRecvr - ok
19:23:11.0687 2848 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
19:23:11.0734 2848 ehSched - ok
19:23:11.0781 2848 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:23:11.0906 2848 ERSvc - ok
19:23:11.0937 2848 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
19:23:12.0078 2848 Eventlog - ok
19:23:12.0093 2848 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll
19:23:12.0234 2848 EventSystem - ok
19:23:12.0296 2848 [ ED9C755312F29D55B8C815EEC7115635 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
19:23:12.0312 2848 EvtEng ( UnsignedFile.Multi.Generic ) - warning
19:23:12.0312 2848 EvtEng - detected UnsignedFile.Multi.Generic (1)
19:23:12.0343 2848 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:23:12.0484 2848 Fastfat - ok
19:23:12.0531 2848 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:23:12.0656 2848 FastUserSwitchingCompatibility - ok
19:23:12.0703 2848 [ FCBD571FA0EE8DC238944AE5FAB74461 ] Fax C:\WINDOWS\system32\fxssvc.exe
19:23:12.0828 2848 Fax - ok
19:23:12.0843 2848 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:23:13.0000 2848 Fdc - ok
19:23:13.0015 2848 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:23:13.0171 2848 Fips - ok
19:23:13.0187 2848 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:23:13.0343 2848 Flpydisk - ok
19:23:13.0359 2848 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:23:13.0484 2848 FltMgr - ok
19:23:13.0515 2848 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:23:13.0625 2848 Fs_Rec - ok
19:23:13.0640 2848 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:23:13.0765 2848 Ftdisk - ok
19:23:13.0781 2848 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:23:13.0906 2848 Gpc - ok
19:23:13.0968 2848 [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:23:14.0015 2848 HDAudBus - ok
19:23:14.0062 2848 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:23:14.0250 2848 helpsvc - ok
19:23:14.0281 2848 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:23:14.0453 2848 HidServ - ok
19:23:14.0468 2848 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:23:14.0609 2848 HidUsb - ok
19:23:14.0625 2848 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
19:23:14.0781 2848 hpn - ok
19:23:14.0796 2848 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
19:23:14.0828 2848 HSFHWAZL - ok
19:23:14.0890 2848 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:23:15.0000 2848 HSF_DPV - ok
19:23:15.0031 2848 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:23:15.0156 2848 HTTP - ok
19:23:15.0187 2848 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:23:15.0328 2848 HTTPFilter - ok
19:23:15.0359 2848 [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
19:23:15.0484 2848 i2omgmt - ok
19:23:15.0484 2848 [ ED6BF9E441FDEA13292A6D30A64A24C3 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:23:15.0609 2848 i2omp - ok
19:23:15.0625 2848 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:23:15.0765 2848 i8042prt - ok
19:23:15.0781 2848 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:23:15.0906 2848 Imapi - ok
19:23:15.0968 2848 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:23:16.0093 2848 ImapiService - ok
19:23:16.0109 2848 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:23:16.0250 2848 ini910u - ok
19:23:16.0265 2848 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:23:16.0390 2848 IntelIde - ok
19:23:16.0421 2848 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:23:16.0546 2848 intelppm - ok
19:23:16.0546 2848 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:23:16.0687 2848 Ip6Fw - ok
19:23:16.0703 2848 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:23:16.0828 2848 IpFilterDriver - ok
19:23:16.0843 2848 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:23:16.0984 2848 IpInIp - ok
19:23:17.0015 2848 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:23:17.0140 2848 IpNat - ok
19:23:17.0171 2848 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:23:17.0296 2848 IPSec - ok
19:23:17.0296 2848 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:23:17.0359 2848 IRENUM - ok
19:23:17.0375 2848 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:23:17.0515 2848 isapnp - ok
19:23:17.0515 2848 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:23:17.0656 2848 Kbdclass - ok
19:23:17.0687 2848 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:23:17.0828 2848 kbdhid - ok
19:23:17.0859 2848 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:23:17.0984 2848 kmixer - ok
19:23:17.0984 2848 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:23:18.0109 2848 KSecDD - ok
19:23:18.0156 2848 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:23:18.0296 2848 lanmanserver - ok
19:23:18.0359 2848 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:23:18.0484 2848 lanmanworkstation - ok
19:23:18.0484 2848 lbrtfdc - ok
19:23:18.0515 2848 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:23:18.0640 2848 LmHosts - ok
19:23:18.0671 2848 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:23:18.0687 2848 MBAMProtector - ok
19:23:18.0718 2848 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:23:18.0750 2848 MBAMScheduler - ok
19:23:18.0796 2848 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:23:18.0859 2848 MBAMService - ok
19:23:18.0906 2848 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
19:23:18.0937 2848 McrdSvc - ok
19:23:18.0984 2848 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:23:18.0984 2848 mdmxsdk - ok
19:23:19.0015 2848 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:23:19.0140 2848 Messenger - ok
19:23:19.0171 2848 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
19:23:19.0234 2848 MHN - ok
19:23:19.0250 2848 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:23:19.0281 2848 MHNDRV - ok
19:23:19.0312 2848 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:23:19.0453 2848 mnmdd - ok
19:23:19.0484 2848 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:23:19.0625 2848 mnmsrvc - ok
19:23:19.0640 2848 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:23:19.0750 2848 Modem - ok
19:23:19.0843 2848 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
19:23:20.0000 2848 monfilt - ok
19:23:20.0015 2848 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:23:20.0140 2848 Mouclass - ok
19:23:20.0156 2848 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:23:20.0296 2848 mouhid - ok
19:23:20.0312 2848 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:23:20.0468 2848 MountMgr - ok
19:23:20.0515 2848 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:23:20.0531 2848 MozillaMaintenance - ok
19:23:20.0562 2848 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:23:20.0718 2848 mraid35x - ok
19:23:20.0750 2848 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:23:20.0890 2848 MRxDAV - ok
19:23:20.0953 2848 [ 5DDC9A1B2EB5A4BF010CE8C019A18C1F ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:23:21.0062 2848 MRxSmb - ok
19:23:21.0125 2848 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:23:21.0250 2848 MSDTC - ok
19:23:21.0250 2848 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:23:21.0390 2848 Msfs - ok
19:23:21.0390 2848 MSIServer - ok
19:23:21.0437 2848 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:23:21.0562 2848 MSKSSRV - ok
19:23:21.0562 2848 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:23:21.0687 2848 MSPCLOCK - ok
19:23:21.0687 2848 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:23:21.0796 2848 MSPQM - ok
19:23:21.0828 2848 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:23:21.0953 2848 mssmbios - ok
19:23:21.0968 2848 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:23:22.0109 2848 Mup - ok
19:23:22.0125 2848 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:23:22.0234 2848 NDIS - ok
19:23:22.0281 2848 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:23:22.0406 2848 NdisTapi - ok
19:23:22.0421 2848 [ EEFA1CE63805D2145978621BE5C6D955 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:23:22.0562 2848 Ndisuio - ok
19:23:22.0562 2848 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:23:22.0687 2848 NdisWan - ok
19:23:22.0687 2848 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:23:22.0828 2848 NDProxy - ok
19:23:22.0843 2848 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:23:22.0968 2848 NetBIOS - ok
19:23:22.0984 2848 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:23:23.0109 2848 NetBT - ok
19:23:23.0156 2848 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:23:23.0312 2848 NetDDE - ok
19:23:23.0312 2848 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:23:23.0437 2848 NetDDEdsdm - ok
19:23:23.0468 2848 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:23:23.0593 2848 Netlogon - ok
19:23:23.0640 2848 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
19:23:23.0781 2848 Netman - ok
19:23:23.0828 2848 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:23:23.0984 2848 NIC1394 - ok
19:23:24.0031 2848 [ 11D8A00C7EFF1AAEC8E8464769C84A3D ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
19:23:24.0062 2848 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning
19:23:24.0062 2848 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1)
19:23:24.0093 2848 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
19:23:24.0234 2848 Nla - ok
19:23:24.0265 2848 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:23:24.0390 2848 Npfs - ok
19:23:24.0406 2848 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:23:24.0578 2848 Ntfs - ok
19:23:24.0593 2848 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:23:24.0718 2848 NtLmSsp - ok
19:23:24.0765 2848 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:23:24.0953 2848 NtmsSvc - ok
19:23:24.0968 2848 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:23:25.0093 2848 Null - ok
19:23:25.0171 2848 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:23:25.0453 2848 nv - ok
19:23:25.0500 2848 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:23:25.0625 2848 NwlnkFlt - ok
19:23:25.0640 2848 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:23:25.0750 2848 NwlnkFwd - ok
19:23:25.0781 2848 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:23:25.0906 2848 ohci1394 - ok
19:23:25.0937 2848 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
19:23:25.0937 2848 omci ( UnsignedFile.Multi.Generic ) - warning
19:23:25.0937 2848 omci - detected UnsignedFile.Multi.Generic (1)
19:23:25.0953 2848 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
19:23:25.0968 2848 ossrv - ok
19:23:26.0015 2848 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:23:26.0125 2848 Parport - ok
19:23:26.0140 2848 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:23:26.0250 2848 PartMgr - ok
19:23:26.0281 2848 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:23:26.0406 2848 ParVdm - ok
19:23:26.0406 2848 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:23:26.0546 2848 PCI - ok
19:23:26.0546 2848 PCIDump - ok
19:23:26.0562 2848 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:23:26.0671 2848 PCIIde - ok
19:23:26.0703 2848 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:23:26.0828 2848 Pcmcia - ok
19:23:26.0828 2848 PDCOMP - ok
19:23:26.0843 2848 PDFRAME - ok
19:23:26.0843 2848 PDRELI - ok
19:23:26.0843 2848 PDRFRAME - ok
19:23:26.0890 2848 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
19:23:27.0031 2848 perc2 - ok
19:23:27.0062 2848 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:23:27.0171 2848 perc2hib - ok
19:23:27.0218 2848 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
19:23:27.0375 2848 PlugPlay - ok
19:23:27.0375 2848 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:23:27.0546 2848 PolicyAgent - ok
19:23:27.0562 2848 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:23:27.0703 2848 PptpMiniport - ok
19:23:27.0703 2848 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:23:27.0859 2848 ProtectedStorage - ok
19:23:27.0859 2848 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:23:27.0984 2848 PSched - ok
19:23:28.0000 2848 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:23:28.0109 2848 Ptilink - ok
19:23:28.0140 2848 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:23:28.0140 2848 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
19:23:28.0140 2848 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
19:23:28.0171 2848 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:23:28.0281 2848 ql1080 - ok
19:23:28.0281 2848 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:23:28.0421 2848 Ql10wnt - ok
19:23:28.0437 2848 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:23:28.0546 2848 ql12160 - ok
19:23:28.0562 2848 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:23:28.0671 2848 ql1240 - ok
19:23:28.0703 2848 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:23:28.0843 2848 ql1280 - ok
19:23:28.0875 2848 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:23:28.0984 2848 RasAcd - ok
19:23:29.0015 2848 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:23:29.0125 2848 RasAuto - ok
19:23:29.0156 2848 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:23:29.0281 2848 Rasl2tp - ok
19:23:29.0312 2848 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:23:29.0453 2848 RasMan - ok
19:23:29.0468 2848 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:23:29.0593 2848 RasPppoe - ok
19:23:29.0609 2848 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:23:29.0734 2848 Raspti - ok
19:23:29.0765 2848 [ 809CA45CAA9072B3176AD44579D7F688 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:23:29.0796 2848 Rdbss - ok
19:23:29.0796 2848 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:23:29.0906 2848 RDPCDD - ok
19:23:29.0937 2848 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:23:30.0062 2848 rdpdr - ok
19:23:30.0125 2848 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:23:30.0171 2848 RDPWD - ok
19:23:30.0218 2848 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:23:30.0359 2848 RDSessMgr - ok
19:23:30.0390 2848 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:23:30.0515 2848 redbook - ok
19:23:30.0531 2848 [ 6F81C8A63FB824EB8A2401AB45795553 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
19:23:30.0546 2848 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
19:23:30.0546 2848 RegSrvc - detected UnsignedFile.Multi.Generic (1)
19:23:30.0593 2848 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:23:30.0734 2848 RemoteAccess - ok
19:23:30.0765 2848 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:23:30.0890 2848 RemoteRegistry - ok
19:23:30.0937 2848 [ 24ED7AF20651F9FA1F249482E7C1F165 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
19:23:30.0968 2848 rimmptsk - ok
19:23:30.0968 2848 [ 1BDBA2D2D402415A78A4BA766DFE0F7B ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
19:23:30.0984 2848 rimsptsk - ok
19:23:31.0000 2848 [ F774ECD11A064F0DEBB2D4395418153C ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
19:23:31.0031 2848 rismxdp - ok
19:23:31.0078 2848 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
19:23:31.0203 2848 RpcLocator - ok
19:23:31.0234 2848 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:23:31.0359 2848 RpcSs - ok
19:23:31.0390 2848 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:23:31.0531 2848 RSVP - ok
19:23:31.0609 2848 [ B792F2C647B1FC3E4987DE582EE00FE3 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
19:23:31.0671 2848 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
19:23:31.0671 2848 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
19:23:31.0671 2848 [ 2E4E912CE95F5EF4D4A5079F6CE367FC ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:23:31.0687 2848 s24trans ( UnsignedFile.Multi.Generic ) - warning
19:23:31.0687 2848 s24trans - detected UnsignedFile.Multi.Generic (1)
19:23:31.0703 2848 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
19:23:31.0812 2848 SamSs - ok
19:23:31.0859 2848 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys
19:23:31.0875 2848 SBRE - ok
19:23:31.0906 2848 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:23:32.0046 2848 SCardSvr - ok
19:23:32.0093 2848 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:23:32.0234 2848 Schedule - ok
19:23:32.0265 2848 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:23:32.0375 2848 sdbus - ok
19:23:32.0406 2848 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:23:32.0468 2848 Secdrv - ok
19:23:32.0484 2848 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
19:23:32.0625 2848 seclogon - ok
19:23:32.0625 2848 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
19:23:32.0765 2848 SENS - ok
19:23:32.0796 2848 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:23:32.0921 2848 serenum - ok
19:23:32.0937 2848 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:23:33.0046 2848 Serial - ok
19:23:33.0062 2848 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:23:33.0187 2848 Sfloppy - ok
19:23:33.0250 2848 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:23:33.0375 2848 SharedAccess - ok
19:23:33.0390 2848 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:23:33.0500 2848 ShellHWDetection - ok
19:23:33.0500 2848 Simbad - ok
19:23:33.0546 2848 [ 732D859B286DA692119F286B21A2A114 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:23:33.0671 2848 sisagp - ok
19:23:33.0687 2848 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:23:33.0734 2848 Sparrow - ok
19:23:33.0781 2848 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:23:33.0890 2848 splitter - ok
19:23:33.0921 2848 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:23:33.0968 2848 Spooler - ok
19:23:33.0984 2848 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:23:34.0046 2848 sr - ok
19:23:34.0093 2848 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
19:23:34.0156 2848 srservice - ok
19:23:34.0187 2848 [ 553007ECCE7F6565BBE645BEB66D3B69 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:23:34.0218 2848 Srv - ok
19:23:34.0234 2848 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:23:34.0250 2848 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
19:23:34.0250 2848 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
19:23:34.0265 2848 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:23:34.0312 2848 SSDPSRV - ok
19:23:34.0328 2848 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
19:23:34.0343 2848 ssrtln ( UnsignedFile.Multi.Generic ) - warning
19:23:34.0343 2848 ssrtln - detected UnsignedFile.Multi.Generic (1)
19:23:34.0421 2848 [ 2A2DC39623ADEF8AB3703AB9FAC4B440 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
19:23:34.0562 2848 STHDA - ok
19:23:34.0593 2848 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:23:34.0765 2848 stisvc - ok
19:23:34.0765 2848 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:23:34.0906 2848 swenum - ok
19:23:34.0921 2848 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:23:35.0046 2848 swmidi - ok
19:23:35.0046 2848 SwPrv - ok
19:23:35.0078 2848 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
19:23:35.0187 2848 symc810 - ok
19:23:35.0203 2848 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:23:35.0328 2848 symc8xx - ok
19:23:35.0328 2848 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:23:35.0453 2848 sym_hi - ok
19:23:35.0468 2848 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:23:35.0578 2848 sym_u3 - ok
19:23:35.0640 2848 [ 35D5B3632E0BCEBE27B391157DE05996 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:23:35.0671 2848 SynTP - ok
19:23:35.0671 2848 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:23:35.0812 2848 sysaudio - ok
19:23:35.0843 2848 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:23:35.0984 2848 SysmonLog - ok
19:23:36.0015 2848 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:23:36.0140 2848 TapiSrv - ok
19:23:36.0171 2848 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:23:36.0328 2848 Tcpip - ok
19:23:36.0359 2848 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:23:36.0531 2848 TDPIPE - ok
19:23:36.0531 2848 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:23:36.0656 2848 TDTCP - ok
19:23:36.0671 2848 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:23:36.0796 2848 TermDD - ok
19:23:36.0875 2848 [ C29A5286E64D97385178452D5F307B98 ] TermService C:\WINDOWS\System32\termsrv.dll
19:23:36.0921 2848 TermService - ok
19:23:36.0968 2848 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
19:23:36.0984 2848 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
19:23:36.0984 2848 tfsnboio - detected UnsignedFile.Multi.Generic (1)
19:23:36.0984 2848 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
19:23:37.0000 2848 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
19:23:37.0000 2848 tfsncofs - detected UnsignedFile.Multi.Generic (1)
19:23:37.0000 2848 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
19:23:37.0015 2848 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
19:23:37.0015 2848 tfsndrct - detected UnsignedFile.Multi.Generic (1)
19:23:37.0031 2848 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
19:23:37.0046 2848 tfsndres ( UnsignedFile.Multi.Generic ) - warning
19:23:37.0046 2848 tfsndres - detected UnsignedFile.Multi.Generic (1)
19:23:37.0046 2848 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
19:23:37.0078 2848 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
19:23:37.0078 2848 tfsnifs - detected UnsignedFile.Multi.Generic (1)
19:23:37.0078 2848 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
19:23:37.0093 2848 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
19:23:37.0093 2848 tfsnopio - detected UnsignedFile.Multi.Generic (1)
19:23:37.0093 2848 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
19:23:37.0093 2848 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
19:23:37.0093 2848 tfsnpool - detected UnsignedFile.Multi.Generic (1)
19:23:37.0109 2848 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
19:23:37.0109 2848 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
19:23:37.0109 2848 tfsnudf - detected UnsignedFile.Multi.Generic (1)
19:23:37.0125 2848 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
19:23:37.0140 2848 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
19:23:37.0140 2848 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
19:23:37.0156 2848 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:23:37.0281 2848 Themes - ok
19:23:37.0312 2848 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:23:37.0390 2848 TlntSvr - ok
19:23:37.0421 2848 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
19:23:37.0546 2848 TosIde - ok
19:23:37.0593 2848 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:23:37.0718 2848 TrkWks - ok
19:23:37.0765 2848 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:23:37.0890 2848 Udfs - ok
19:23:37.0937 2848 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
19:23:38.0015 2848 ultra - ok
19:23:38.0046 2848 [ 6634C460C56EC7E48D6BE20B745DC03A ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
19:23:38.0109 2848 UMWdf - ok
19:23:38.0125 2848 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:23:38.0250 2848 Update - ok
19:23:38.0296 2848 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
19:23:38.0359 2848 upnphost - ok
19:23:38.0375 2848 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
19:23:38.0515 2848 UPS - ok
19:23:38.0578 2848 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:23:38.0687 2848 usbaudio - ok
19:23:38.0703 2848 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:23:38.0828 2848 usbccgp - ok
19:23:38.0828 2848 [ 708579B01FED227AADB393CB0C3B4A2C ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:23:38.0921 2848 usbehci - ok
19:23:38.0937 2848 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:23:39.0078 2848 usbhub - ok
19:23:39.0109 2848 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:23:39.0218 2848 USBSTOR - ok
19:23:39.0234 2848 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:23:39.0359 2848 usbuhci - ok
19:23:39.0375 2848 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:23:39.0484 2848 VgaSave - ok
19:23:39.0515 2848 [ D92E7C8A30CFD14D8E15B5F7F032151B ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:23:39.0640 2848 viaagp - ok
19:23:39.0656 2848 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:23:39.0781 2848 ViaIde - ok
19:23:39.0796 2848 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:23:39.0921 2848 VolSnap - ok
19:23:39.0953 2848 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
19:23:40.0031 2848 VSS - ok
19:23:40.0093 2848 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] w32time C:\WINDOWS\system32\w32time.dll
19:23:40.0234 2848 w32time - ok
19:23:40.0296 2848 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
19:23:40.0468 2848 w39n51 - ok
19:23:40.0484 2848 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:23:40.0609 2848 Wanarp - ok
19:23:40.0609 2848 wanatw - ok
19:23:40.0625 2848 WDICA - ok
19:23:40.0640 2848 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:23:40.0781 2848 wdmaud - ok
19:23:40.0796 2848 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:23:40.0921 2848 WebClient - ok
19:23:40.0968 2848 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:23:41.0046 2848 winachsf - ok
19:23:41.0109 2848 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:23:41.0234 2848 winmgmt - ok
19:23:41.0312 2848 [ AFB5A2A79BB01699A269C316D8B9BEF1 ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
19:23:41.0328 2848 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
19:23:41.0328 2848 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
19:23:41.0359 2848 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:23:41.0421 2848 WmdmPmSN - ok
19:23:41.0468 2848 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
19:23:41.0656 2848 Wmi - ok
19:23:41.0671 2848 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:23:41.0796 2848 WmiApSrv - ok
19:23:41.0812 2848 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:23:41.0921 2848 WS2IFSL - ok
19:23:41.0968 2848 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:23:42.0093 2848 wscsvc - ok
19:23:42.0125 2848 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:23:42.0250 2848 wuauserv - ok
19:23:42.0281 2848 [ 247520EDED53A08AE89EA4FAE04F54D8 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:23:42.0343 2848 WZCSVC - ok
19:23:42.0375 2848 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:23:42.0531 2848 xmlprov - ok
19:23:42.0546 2848 ================ Scan global ===============================
19:23:42.0578 2848 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
19:23:42.0625 2848 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
19:23:42.0687 2848 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
19:23:42.0718 2848 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
19:23:42.0734 2848 [Global] - ok
19:23:42.0734 2848 ================ Scan MBR ==================================
19:23:42.0750 2848 [ ADD0A2ED42ADB47EC3F0ED3B9553B63A ] \Device\Harddisk0\DR0
19:23:43.0046 2848 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:23:43.0046 2848 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:23:43.0046 2848 ================ Scan VBR ==================================
19:23:43.0078 2848 [ 5262C442E599D690E765EB5881C30F48 ] \Device\Harddisk0\DR0\Partition1
19:23:43.0078 2848 \Device\Harddisk0\DR0\Partition1 - ok
19:23:43.0078 2848 ============================================================
19:23:43.0078 2848 Scan finished
19:23:43.0078 2848 ============================================================
19:23:43.0203 3424 Detected object count: 27
19:23:43.0203 3424 Actual detected object count: 27
19:24:52.0875 3424 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0875 3424 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0875 3424 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0875 3424 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0890 3424 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0890 3424 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0890 3424 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0890 3424 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0890 3424 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0890 3424 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0890 3424 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0890 3424 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0890 3424 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0890 3424 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0890 3424 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0890 3424 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0906 3424 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0906 3424 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0906 3424 omci ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0906 3424 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0906 3424 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0906 3424 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0906 3424 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0906 3424 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0906 3424 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0906 3424 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0906 3424 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0906 3424 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0906 3424 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0906 3424 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0921 3424 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0921 3424 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0921 3424 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0921 3424 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0921 3424 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0921 3424 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0921 3424 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0921 3424 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0921 3424 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0921 3424 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0921 3424 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0921 3424 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0937 3424 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0937 3424 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0937 3424 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0937 3424 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0937 3424 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0937 3424 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0937 3424 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0937 3424 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0937 3424 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:52.0937 3424 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:24:52.0937 3424 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:24:52.0937 3424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:32:11.0812 3332 Deinitialize success

Edited by blah12, 17 September 2012 - 08:35 PM.

  • 0

Advertisements


#11
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

A very concise update indeed(all noted), so thank you.

Please refrain from editing posts, if there is ever anything further you wish to impart just use a new post to do so.

Your machine is in a wee bit of a mess but I will try my best on your behalf to rectify the situation. For now we will just perform several tasks as follows...

Re-scan with TDSSKiller:

Please re-run TDSSKiller as outlined prior and use the Delete option for these entries only if they appear:

\Device\Harddisk0\DR0 ( TDSS File System )
\Device\Harddisk0\DR0 ( TDSS File System )


Reboot your machine if not prompted to do so and post the new log in your next reply.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

Click on Start >> Run and type cleanmgr in the box and press OK.
  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Yes.
Next:-
  • Click on Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Scan with FSS:

Please download Farbar Service Scanner and save to your Desktop.

  • Double-click on FSS.exe to start the program.
  • Select all availble options.
  • Then click on the Scan tab.
  • When the scan is complete, it will produce a log named FSS.txt.
  • Post the contents in your next reply.

  • 0

#12
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Before doing this I need to let you know: last night my computer stopped connecting to the internet altogether. neither explorer nor firefox would work although intel proset/wireless was showing that it was connected to the wireless network.

Well I started to panic because when I restarted the computer... ctrl F11 to access the hard drive partion no longer works. so since I couldn't get on the internet, and I couldn't reinstall windows I tried to do a system restore.

Reinstalling firefox ended up fixing the connectivity issue, but i'm thinking system restore wasn't a good idea. what should i do?
  • 0

#13
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
reinstalling firefox seems to have only been a temporary fix.

my connectivity is starting to "time out again." i'm guessing it will only be a matter of hours before I have to uninstall and reinstall firefox again.
  • 0

#14
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

I have read your two prior posts. I appreciate your concerns but there is a very good reason why I advise anyone I assist to refrain from self fixes as all that does is make it harder for myself all told.

i'm thinking system restore wasn't a good idea. what should i do?

Possibly, if the need we can undo that and fairly feasible all we have achieved so far is now un-done.

If the need we can start over. As a precaution create a new system restore point, then follow my prior advice in post #11. You may have to re-download TDSSKiller if it is no longer present after the System Roll-back.
  • 0

#15
blah12

blah12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Update: the internet connectivity issue seems to have gone away on it's own. prior to following the steps from post 11.

and is there supposed to be a log for CHKDSK?

TDSSKiller:

19:29:12.0531 3232 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:29:12.0843 3232 ============================================================
19:29:12.0843 3232 Current date / time: 2012/09/18 19:29:12.0843
19:29:12.0843 3232 SystemInfo:
19:29:12.0843 3232
19:29:12.0843 3232 OS Version: 5.1.2600 ServicePack: 2.0
19:29:12.0843 3232 Product type: Workstation
19:29:12.0843 3232 ComputerName: DDXXQ1B1
19:29:12.0843 3232 UserName: Chris
19:29:12.0843 3232 Windows directory: C:\WINDOWS
19:29:12.0843 3232 System windows directory: C:\WINDOWS
19:29:12.0843 3232 Processor architecture: Intel x86
19:29:12.0843 3232 Number of processors: 2
19:29:12.0843 3232 Page size: 0x1000
19:29:12.0843 3232 Boot type: Normal boot
19:29:12.0843 3232 ============================================================
19:29:14.0062 3232 Drive \Device\Harddisk0\DR0 - Size: 0x16F0649400 (91.76 Gb), SectorSize: 0x200, Cylinders: 0x2ECA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:29:14.0062 3232 ============================================================
19:29:14.0062 3232 \Device\Harddisk0\DR0:
19:29:14.0062 3232 MBR partitions:
19:29:14.0062 3232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xAD27CA6
19:29:14.0062 3232 ============================================================
19:29:14.0109 3232 C: <-> \Device\Harddisk0\DR0\Partition1
19:29:14.0109 3232 ============================================================
19:29:14.0109 3232 Initialize success
19:29:14.0109 3232 ============================================================
19:30:11.0187 1652 ============================================================
19:30:11.0187 1652 Scan started
19:30:11.0187 1652 Mode: Manual; SigCheck; TDLFS;
19:30:11.0187 1652 ============================================================
19:30:11.0546 1652 ================ Scan system memory ========================
19:30:12.0437 1652 System memory - ok
19:30:12.0437 1652 ================ Scan services =============================
19:30:12.0515 1652 Abiosdsk - ok
19:30:12.0562 1652 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:30:13.0593 1652 abp480n5 - ok
19:30:13.0656 1652 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:30:13.0843 1652 ACPI - ok
19:30:13.0859 1652 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:30:13.0953 1652 ACPIEC - ok
19:30:13.0968 1652 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:30:14.0093 1652 adpu160m - ok
19:30:14.0140 1652 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:30:14.0250 1652 aec - ok
19:30:14.0281 1652 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:30:14.0281 1652 AegisP ( UnsignedFile.Multi.Generic ) - warning
19:30:14.0281 1652 AegisP - detected UnsignedFile.Multi.Generic (1)
19:30:14.0296 1652 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:30:14.0406 1652 AFD - ok
19:30:14.0421 1652 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:30:14.0531 1652 agp440 - ok
19:30:14.0531 1652 [ 67288B07D6ABA6C1267B626E67BC56FD ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:30:14.0640 1652 agpCPQ - ok
19:30:14.0671 1652 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:30:14.0734 1652 Aha154x - ok
19:30:14.0734 1652 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:30:14.0843 1652 aic78u2 - ok
19:30:14.0875 1652 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:30:14.0984 1652 aic78xx - ok
19:30:15.0031 1652 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:30:15.0156 1652 Alerter - ok
19:30:15.0171 1652 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
19:30:15.0218 1652 ALG - ok
19:30:15.0218 1652 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
19:30:15.0328 1652 AliIde - ok
19:30:15.0343 1652 [ F312B7CEF21EFF52FA23056B9D815FAD ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:30:15.0453 1652 alim1541 - ok
19:30:15.0453 1652 [ 675C16A3C1F8482F85EE4A97FC0DDE3D ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:30:15.0578 1652 amdagp - ok
19:30:15.0578 1652 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
19:30:15.0625 1652 amsint - ok
19:30:15.0640 1652 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
19:30:15.0640 1652 APPDRV ( UnsignedFile.Multi.Generic ) - warning
19:30:15.0640 1652 APPDRV - detected UnsignedFile.Multi.Generic (1)
19:30:15.0656 1652 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:30:15.0703 1652 AppMgmt - ok
19:30:15.0703 1652 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:30:15.0812 1652 Arp1394 - ok
19:30:15.0812 1652 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
19:30:15.0921 1652 asc - ok
19:30:15.0921 1652 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:30:16.0000 1652 asc3350p - ok
19:30:16.0000 1652 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:30:16.0109 1652 asc3550 - ok
19:30:16.0187 1652 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
19:30:16.0203 1652 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
19:30:16.0203 1652 aspnet_state - detected UnsignedFile.Multi.Generic (1)
19:30:16.0218 1652 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:30:16.0312 1652 AsyncMac - ok
19:30:16.0359 1652 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:30:16.0468 1652 atapi - ok
19:30:16.0484 1652 Atdisk - ok
19:30:16.0531 1652 [ 954C1D5B84D1CF925999A4C27E2AB34D ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:30:16.0562 1652 Ati HotKey Poller - ok
19:30:16.0625 1652 [ BEBEB471617782D138B6F92E7C3FAB1C ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:30:16.0781 1652 ati2mtag - ok
19:30:16.0828 1652 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:30:16.0937 1652 Atmarpc - ok
19:30:16.0953 1652 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:30:17.0078 1652 AudioSrv - ok
19:30:17.0125 1652 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:30:17.0234 1652 audstub - ok
19:30:17.0265 1652 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:30:17.0281 1652 bcm4sbxp - ok
19:30:17.0312 1652 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:30:17.0421 1652 Beep - ok
19:30:17.0468 1652 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
19:30:17.0593 1652 BITS - ok
19:30:17.0609 1652 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
19:30:17.0734 1652 Browser - ok
19:30:17.0765 1652 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:30:17.0875 1652 cbidf - ok
19:30:17.0875 1652 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:30:17.0984 1652 cbidf2k - ok
19:30:17.0984 1652 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:30:18.0031 1652 cd20xrnt - ok
19:30:18.0046 1652 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:30:18.0156 1652 Cdaudio - ok
19:30:18.0171 1652 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:30:18.0281 1652 Cdfs - ok
19:30:18.0296 1652 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:30:18.0421 1652 Cdrom - ok
19:30:18.0437 1652 Changer - ok
19:30:18.0468 1652 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:30:18.0593 1652 CiSvc - ok
19:30:18.0609 1652 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:30:18.0718 1652 ClipSrv - ok
19:30:18.0765 1652 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:30:18.0859 1652 CmBatt - ok
19:30:18.0875 1652 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:30:18.0984 1652 CmdIde - ok
19:30:18.0984 1652 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:30:19.0109 1652 Compbatt - ok
19:30:19.0109 1652 COMSysApp - ok
19:30:19.0140 1652 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:30:19.0250 1652 Cpqarray - ok
19:30:19.0343 1652 [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
19:30:19.0343 1652 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:30:19.0343 1652 Creative Labs Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:30:19.0359 1652 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
19:30:19.0390 1652 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
19:30:19.0390 1652 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
19:30:19.0421 1652 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:30:19.0531 1652 CryptSvc - ok
19:30:19.0531 1652 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
19:30:19.0578 1652 ctsfm2k - ok
19:30:19.0593 1652 [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
19:30:19.0625 1652 CTUSFSYN - ok
19:30:19.0625 1652 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:30:19.0750 1652 dac2w2k - ok
19:30:19.0750 1652 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:30:19.0875 1652 dac960nt - ok
19:30:19.0921 1652 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:30:20.0046 1652 DcomLaunch - ok
19:30:20.0062 1652 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:30:20.0171 1652 Dhcp - ok
19:30:20.0187 1652 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:30:20.0296 1652 Disk - ok
19:30:20.0296 1652 dmadmin - ok
19:30:20.0343 1652 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:30:20.0593 1652 dmboot - ok
19:30:20.0625 1652 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:30:20.0734 1652 dmio - ok
19:30:20.0734 1652 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:30:20.0843 1652 dmload - ok
19:30:20.0875 1652 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
19:30:21.0000 1652 dmserver - ok
19:30:21.0015 1652 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:30:21.0156 1652 DMusic - ok
19:30:21.0171 1652 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:30:21.0296 1652 Dnscache - ok
19:30:21.0296 1652 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:30:21.0406 1652 dpti2o - ok
19:30:21.0406 1652 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:30:21.0515 1652 drmkaud - ok
19:30:21.0578 1652 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
19:30:21.0578 1652 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
19:30:21.0578 1652 drvmcdb - detected UnsignedFile.Multi.Generic (1)
19:30:21.0593 1652 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
19:30:21.0593 1652 drvnddm ( UnsignedFile.Multi.Generic ) - warning
19:30:21.0593 1652 drvnddm - detected UnsignedFile.Multi.Generic (1)
19:30:21.0609 1652 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:30:21.0734 1652 E100B - ok
19:30:21.0796 1652 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
19:30:21.0828 1652 ehRecvr - ok
19:30:21.0843 1652 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
19:30:21.0890 1652 ehSched - ok
19:30:21.0906 1652 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:30:22.0015 1652 ERSvc - ok
19:30:22.0031 1652 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
19:30:22.0156 1652 Eventlog - ok
19:30:22.0171 1652 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll
19:30:22.0296 1652 EventSystem - ok
19:30:22.0343 1652 [ ED9C755312F29D55B8C815EEC7115635 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
19:30:22.0359 1652 EvtEng ( UnsignedFile.Multi.Generic ) - warning
19:30:22.0359 1652 EvtEng - detected UnsignedFile.Multi.Generic (1)
19:30:22.0406 1652 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:30:22.0515 1652 Fastfat - ok
19:30:22.0562 1652 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:30:22.0671 1652 FastUserSwitchingCompatibility - ok
19:30:22.0718 1652 [ FCBD571FA0EE8DC238944AE5FAB74461 ] Fax C:\WINDOWS\system32\fxssvc.exe
19:30:22.0843 1652 Fax - ok
19:30:22.0859 1652 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:30:22.0968 1652 Fdc - ok
19:30:23.0000 1652 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:30:23.0109 1652 Fips - ok
19:30:23.0109 1652 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:30:23.0234 1652 Flpydisk - ok
19:30:23.0250 1652 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:30:23.0375 1652 FltMgr - ok
19:30:23.0390 1652 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:30:23.0500 1652 Fs_Rec - ok
19:30:23.0515 1652 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:30:23.0625 1652 Ftdisk - ok
19:30:23.0656 1652 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:30:23.0765 1652 Gpc - ok
19:30:23.0828 1652 [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:30:23.0875 1652 HDAudBus - ok
19:30:23.0921 1652 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:30:24.0046 1652 helpsvc - ok
19:30:24.0078 1652 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:30:24.0203 1652 HidServ - ok
19:30:24.0218 1652 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:30:24.0328 1652 HidUsb - ok
19:30:24.0359 1652 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
19:30:24.0468 1652 hpn - ok
19:30:24.0500 1652 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
19:30:24.0531 1652 HSFHWAZL - ok
19:30:24.0562 1652 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:30:24.0640 1652 HSF_DPV - ok
19:30:24.0671 1652 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:30:24.0796 1652 HTTP - ok
19:30:24.0828 1652 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:30:24.0968 1652 HTTPFilter - ok
19:30:25.0000 1652 [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
19:30:25.0109 1652 i2omgmt - ok
19:30:25.0125 1652 [ ED6BF9E441FDEA13292A6D30A64A24C3 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:30:25.0234 1652 i2omp - ok
19:30:25.0250 1652 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:30:25.0359 1652 i8042prt - ok
19:30:25.0359 1652 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:30:25.0468 1652 Imapi - ok
19:30:25.0515 1652 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:30:25.0625 1652 ImapiService - ok
19:30:25.0625 1652 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:30:25.0765 1652 ini910u - ok
19:30:25.0765 1652 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:30:25.0875 1652 IntelIde - ok
19:30:25.0906 1652 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:30:26.0015 1652 intelppm - ok
19:30:26.0015 1652 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:30:26.0156 1652 Ip6Fw - ok
19:30:26.0187 1652 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:30:26.0281 1652 IpFilterDriver - ok
19:30:26.0296 1652 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:30:26.0406 1652 IpInIp - ok
19:30:26.0421 1652 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:30:26.0546 1652 IpNat - ok
19:30:26.0562 1652 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:30:26.0671 1652 IPSec - ok
19:30:26.0671 1652 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:30:26.0718 1652 IRENUM - ok
19:30:26.0734 1652 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:30:26.0859 1652 isapnp - ok
19:30:26.0875 1652 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:30:26.0984 1652 Kbdclass - ok
19:30:27.0015 1652 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:30:27.0109 1652 kbdhid - ok
19:30:27.0125 1652 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:30:27.0265 1652 kmixer - ok
19:30:27.0265 1652 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:30:27.0375 1652 KSecDD - ok
19:30:27.0421 1652 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:30:27.0546 1652 lanmanserver - ok
19:30:27.0593 1652 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:30:27.0703 1652 lanmanworkstation - ok
19:30:27.0718 1652 lbrtfdc - ok
19:30:27.0734 1652 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:30:27.0843 1652 LmHosts - ok
19:30:27.0875 1652 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
19:30:27.0906 1652 McrdSvc - ok
19:30:27.0921 1652 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:30:27.0921 1652 mdmxsdk - ok
19:30:27.0953 1652 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:30:28.0078 1652 Messenger - ok
19:30:28.0093 1652 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
19:30:28.0156 1652 MHN - ok
19:30:28.0171 1652 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:30:28.0187 1652 MHNDRV - ok
19:30:28.0234 1652 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:30:28.0343 1652 mnmdd - ok
19:30:28.0375 1652 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:30:28.0500 1652 mnmsrvc - ok
19:30:28.0515 1652 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:30:28.0625 1652 Modem - ok
19:30:28.0734 1652 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
19:30:28.0906 1652 monfilt - ok
19:30:28.0937 1652 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:30:29.0046 1652 Mouclass - ok
19:30:29.0078 1652 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:30:29.0187 1652 mouhid - ok
19:30:29.0203 1652 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:30:29.0328 1652 MountMgr - ok
19:30:29.0375 1652 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:30:29.0390 1652 MozillaMaintenance - ok
19:30:29.0406 1652 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:30:29.0515 1652 mraid35x - ok
19:30:29.0531 1652 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:30:29.0656 1652 MRxDAV - ok
19:30:29.0718 1652 [ 5DDC9A1B2EB5A4BF010CE8C019A18C1F ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:30:29.0828 1652 MRxSmb - ok
19:30:29.0859 1652 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:30:29.0984 1652 MSDTC - ok
19:30:29.0984 1652 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:30:30.0093 1652 Msfs - ok
19:30:30.0093 1652 MSIServer - ok
19:30:30.0140 1652 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:30:30.0234 1652 MSKSSRV - ok
19:30:30.0250 1652 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:30:30.0359 1652 MSPCLOCK - ok
19:30:30.0359 1652 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:30:30.0468 1652 MSPQM - ok
19:30:30.0484 1652 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:30:30.0609 1652 mssmbios - ok
19:30:30.0656 1652 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:30:30.0890 1652 Mup - ok
19:30:30.0906 1652 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:30:31.0015 1652 NDIS - ok
19:30:31.0062 1652 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:30:31.0171 1652 NdisTapi - ok
19:30:31.0203 1652 [ EEFA1CE63805D2145978621BE5C6D955 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:30:31.0265 1652 Ndisuio - ok
19:30:31.0265 1652 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:30:31.0375 1652 NdisWan - ok
19:30:31.0390 1652 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:30:31.0484 1652 NDProxy - ok
19:30:31.0515 1652 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:30:31.0609 1652 NetBIOS - ok
19:30:31.0625 1652 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:30:31.0750 1652 NetBT - ok
19:30:31.0765 1652 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:30:31.0890 1652 NetDDE - ok
19:30:31.0890 1652 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:30:32.0000 1652 NetDDEdsdm - ok
19:30:32.0015 1652 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:30:32.0125 1652 Netlogon - ok
19:30:32.0140 1652 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
19:30:32.0265 1652 Netman - ok
19:30:32.0281 1652 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:30:32.0390 1652 NIC1394 - ok
19:30:32.0468 1652 [ 11D8A00C7EFF1AAEC8E8464769C84A3D ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
19:30:32.0484 1652 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning
19:30:32.0484 1652 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1)
19:30:32.0515 1652 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
19:30:32.0625 1652 Nla - ok
19:30:32.0656 1652 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:30:32.0781 1652 Npfs - ok
19:30:32.0812 1652 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:30:32.0984 1652 Ntfs - ok
19:30:33.0015 1652 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:30:33.0109 1652 NtLmSsp - ok
19:30:33.0156 1652 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:30:33.0296 1652 NtmsSvc - ok
19:30:33.0312 1652 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:30:33.0406 1652 Null - ok
19:30:33.0500 1652 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:30:33.0750 1652 nv - ok
19:30:33.0781 1652 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:30:33.0890 1652 NwlnkFlt - ok
19:30:33.0906 1652 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:30:34.0015 1652 NwlnkFwd - ok
19:30:34.0031 1652 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:30:34.0140 1652 ohci1394 - ok
19:30:34.0156 1652 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
19:30:34.0156 1652 omci ( UnsignedFile.Multi.Generic ) - warning
19:30:34.0156 1652 omci - detected UnsignedFile.Multi.Generic (1)
19:30:34.0171 1652 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
19:30:34.0187 1652 ossrv - ok
19:30:34.0203 1652 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:30:34.0296 1652 Parport - ok
19:30:34.0312 1652 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:30:34.0406 1652 PartMgr - ok
19:30:34.0453 1652 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:30:34.0562 1652 ParVdm - ok
19:30:34.0562 1652 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:30:34.0671 1652 PCI - ok
19:30:34.0671 1652 PCIDump - ok
19:30:34.0687 1652 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:30:34.0781 1652 PCIIde - ok
19:30:34.0812 1652 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:30:34.0921 1652 Pcmcia - ok
19:30:34.0937 1652 PDCOMP - ok
19:30:34.0937 1652 PDFRAME - ok
19:30:34.0937 1652 PDRELI - ok
19:30:34.0953 1652 PDRFRAME - ok
19:30:34.0968 1652 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
19:30:35.0093 1652 perc2 - ok
19:30:35.0109 1652 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:30:35.0218 1652 perc2hib - ok
19:30:35.0250 1652 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
19:30:35.0359 1652 PlugPlay - ok
19:30:35.0375 1652 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:30:35.0468 1652 PolicyAgent - ok
19:30:35.0484 1652 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:30:35.0593 1652 PptpMiniport - ok
19:30:35.0593 1652 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:30:35.0687 1652 ProtectedStorage - ok
19:30:35.0703 1652 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:30:35.0796 1652 PSched - ok
19:30:35.0812 1652 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:30:35.0906 1652 Ptilink - ok
19:30:35.0906 1652 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:30:35.0906 1652 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
19:30:35.0906 1652 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
19:30:35.0937 1652 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:30:36.0046 1652 ql1080 - ok
19:30:36.0046 1652 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:30:36.0171 1652 Ql10wnt - ok
19:30:36.0171 1652 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:30:36.0281 1652 ql12160 - ok
19:30:36.0281 1652 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:30:36.0390 1652 ql1240 - ok
19:30:36.0421 1652 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:30:36.0546 1652 ql1280 - ok
19:30:36.0562 1652 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:30:36.0656 1652 RasAcd - ok
19:30:36.0703 1652 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:30:36.0796 1652 RasAuto - ok
19:30:36.0828 1652 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:30:36.0937 1652 Rasl2tp - ok
19:30:36.0968 1652 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:30:37.0078 1652 RasMan - ok
19:30:37.0093 1652 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:30:37.0187 1652 RasPppoe - ok
19:30:37.0187 1652 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:30:37.0296 1652 Raspti - ok
19:30:37.0343 1652 [ 809CA45CAA9072B3176AD44579D7F688 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:30:37.0359 1652 Rdbss - ok
19:30:37.0359 1652 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:30:37.0453 1652 RDPCDD - ok
19:30:37.0468 1652 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:30:37.0578 1652 rdpdr - ok
19:30:37.0625 1652 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:30:37.0656 1652 RDPWD - ok
19:30:37.0765 1652 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:30:37.0859 1652 RDSessMgr - ok
19:30:37.0890 1652 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:30:38.0000 1652 redbook - ok
19:30:38.0015 1652 [ 6F81C8A63FB824EB8A2401AB45795553 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
19:30:38.0031 1652 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
19:30:38.0031 1652 RegSrvc - detected UnsignedFile.Multi.Generic (1)
19:30:38.0062 1652 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:30:38.0171 1652 RemoteAccess - ok
19:30:38.0203 1652 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:30:38.0312 1652 RemoteRegistry - ok
19:30:38.0359 1652 [ 24ED7AF20651F9FA1F249482E7C1F165 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
19:30:38.0406 1652 rimmptsk - ok
19:30:38.0406 1652 [ 1BDBA2D2D402415A78A4BA766DFE0F7B ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
19:30:38.0421 1652 rimsptsk - ok
19:30:38.0437 1652 [ F774ECD11A064F0DEBB2D4395418153C ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
19:30:38.0468 1652 rismxdp - ok
19:30:38.0500 1652 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
19:30:38.0609 1652 RpcLocator - ok
19:30:38.0640 1652 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:30:38.0750 1652 RpcSs - ok
19:30:38.0796 1652 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:30:38.0906 1652 RSVP - ok
19:30:38.0953 1652 [ B792F2C647B1FC3E4987DE582EE00FE3 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
19:30:39.0015 1652 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
19:30:39.0015 1652 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
19:30:39.0046 1652 [ 2E4E912CE95F5EF4D4A5079F6CE367FC ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
19:30:39.0062 1652 s24trans ( UnsignedFile.Multi.Generic ) - warning
19:30:39.0062 1652 s24trans - detected UnsignedFile.Multi.Generic (1)
19:30:39.0078 1652 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
19:30:39.0171 1652 SamSs - ok
19:30:39.0203 1652 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:30:39.0328 1652 SCardSvr - ok
19:30:39.0375 1652 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:30:39.0500 1652 Schedule - ok
19:30:39.0531 1652 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:30:39.0625 1652 sdbus - ok
19:30:39.0656 1652 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:30:39.0718 1652 Secdrv - ok
19:30:39.0734 1652 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
19:30:39.0843 1652 seclogon - ok
19:30:39.0875 1652 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
19:30:39.0984 1652 SENS - ok
19:30:40.0000 1652 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:30:40.0093 1652 serenum - ok
19:30:40.0125 1652 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:30:40.0218 1652 Serial - ok
19:30:40.0234 1652 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:30:40.0343 1652 Sfloppy - ok
19:30:40.0390 1652 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:30:40.0500 1652 SharedAccess - ok
19:30:40.0531 1652 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:30:40.0625 1652 ShellHWDetection - ok
19:30:40.0625 1652 Simbad - ok
19:30:40.0687 1652 [ 732D859B286DA692119F286B21A2A114 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:30:40.0796 1652 sisagp - ok
19:30:40.0828 1652 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:30:40.0890 1652 Sparrow - ok
19:30:40.0921 1652 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:30:41.0046 1652 splitter - ok
19:30:41.0078 1652 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:30:41.0109 1652 Spooler - ok
19:30:41.0125 1652 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:30:41.0171 1652 sr - ok
19:30:41.0218 1652 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
19:30:41.0265 1652 srservice - ok
19:30:41.0281 1652 [ 553007ECCE7F6565BBE645BEB66D3B69 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:30:41.0312 1652 Srv - ok
19:30:41.0343 1652 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:30:41.0343 1652 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
19:30:41.0343 1652 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
19:30:41.0375 1652 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:30:41.0421 1652 SSDPSRV - ok
19:30:41.0421 1652 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
19:30:41.0421 1652 ssrtln ( UnsignedFile.Multi.Generic ) - warning
19:30:41.0421 1652 ssrtln - detected UnsignedFile.Multi.Generic (1)
19:30:41.0500 1652 [ 2A2DC39623ADEF8AB3703AB9FAC4B440 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
19:30:41.0656 1652 STHDA - ok
19:30:41.0703 1652 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:30:41.0828 1652 stisvc - ok
19:30:41.0859 1652 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:30:41.0968 1652 swenum - ok
19:30:41.0984 1652 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:30:42.0093 1652 swmidi - ok
19:30:42.0093 1652 SwPrv - ok
19:30:42.0109 1652 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
19:30:42.0218 1652 symc810 - ok
19:30:42.0218 1652 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:30:42.0312 1652 symc8xx - ok
19:30:42.0328 1652 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:30:42.0421 1652 sym_hi - ok
19:30:42.0421 1652 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:30:42.0531 1652 sym_u3 - ok
19:30:42.0578 1652 [ 35D5B3632E0BCEBE27B391157DE05996 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:30:42.0593 1652 SynTP - ok
19:30:42.0609 1652 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:30:42.0718 1652 sysaudio - ok
19:30:42.0765 1652 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:30:42.0859 1652 SysmonLog - ok
19:30:42.0906 1652 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:30:43.0031 1652 TapiSrv - ok
19:30:43.0046 1652 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:30:43.0156 1652 Tcpip - ok
19:30:43.0187 1652 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:30:43.0296 1652 TDPIPE - ok
19:30:43.0296 1652 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:30:43.0406 1652 TDTCP - ok
19:30:43.0421 1652 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:30:43.0531 1652 TermDD - ok
19:30:43.0593 1652 [ C29A5286E64D97385178452D5F307B98 ] TermService C:\WINDOWS\System32\termsrv.dll
19:30:43.0625 1652 TermService - ok
19:30:43.0687 1652 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
19:30:43.0703 1652 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
19:30:43.0703 1652 tfsnboio - detected UnsignedFile.Multi.Generic (1)
19:30:43.0703 1652 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
19:30:43.0718 1652 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
19:30:43.0718 1652 tfsncofs - detected UnsignedFile.Multi.Generic (1)
19:30:43.0718 1652 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
19:30:43.0750 1652 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
19:30:43.0750 1652 tfsndrct - detected UnsignedFile.Multi.Generic (1)
19:30:43.0781 1652 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
19:30:43.0796 1652 tfsndres ( UnsignedFile.Multi.Generic ) - warning
19:30:43.0796 1652 tfsndres - detected UnsignedFile.Multi.Generic (1)
19:30:43.0796 1652 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
19:30:43.0812 1652 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
19:30:43.0812 1652 tfsnifs - detected UnsignedFile.Multi.Generic (1)
19:30:43.0812 1652 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
19:30:43.0828 1652 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
19:30:43.0828 1652 tfsnopio - detected UnsignedFile.Multi.Generic (1)
19:30:43.0843 1652 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
19:30:43.0843 1652 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
19:30:43.0843 1652 tfsnpool - detected UnsignedFile.Multi.Generic (1)
19:30:43.0843 1652 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
19:30:43.0843 1652 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
19:30:43.0859 1652 tfsnudf - detected UnsignedFile.Multi.Generic (1)
19:30:43.0859 1652 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
19:30:43.0859 1652 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
19:30:43.0859 1652 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
19:30:43.0875 1652 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:30:43.0984 1652 Themes - ok
19:30:44.0015 1652 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:30:44.0062 1652 TlntSvr - ok
19:30:44.0093 1652 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
19:30:44.0218 1652 TosIde - ok
19:30:44.0265 1652 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:30:44.0375 1652 TrkWks - ok
19:30:44.0421 1652 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:30:44.0531 1652 Udfs - ok
19:30:44.0562 1652 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
19:30:44.0609 1652 ultra - ok
19:30:44.0640 1652 [ 6634C460C56EC7E48D6BE20B745DC03A ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
19:30:44.0656 1652 UMWdf - ok
19:30:44.0687 1652 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:30:44.0796 1652 Update - ok
19:30:44.0812 1652 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
19:30:44.0859 1652 upnphost - ok
19:30:44.0890 1652 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
19:30:45.0015 1652 UPS - ok
19:30:45.0031 1652 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:30:45.0140 1652 usbccgp - ok
19:30:45.0171 1652 [ 708579B01FED227AADB393CB0C3B4A2C ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:30:45.0250 1652 usbehci - ok
19:30:45.0265 1652 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:30:45.0375 1652 usbhub - ok
19:30:45.0406 1652 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:30:45.0515 1652 USBSTOR - ok
19:30:45.0546 1652 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:30:45.0671 1652 usbuhci - ok
19:30:45.0671 1652 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:30:45.0765 1652 VgaSave - ok
19:30:45.0781 1652 [ D92E7C8A30CFD14D8E15B5F7F032151B ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:30:45.0890 1652 viaagp - ok
19:30:45.0921 1652 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:30:46.0015 1652 ViaIde - ok
19:30:46.0046 1652 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:30:46.0140 1652 VolSnap - ok
19:30:46.0187 1652 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
19:30:46.0250 1652 VSS - ok
19:30:46.0296 1652 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] w32time C:\WINDOWS\system32\w32time.dll
19:30:46.0390 1652 w32time - ok
19:30:46.0468 1652 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
19:30:46.0593 1652 w39n51 - ok
19:30:46.0609 1652 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:30:46.0718 1652 Wanarp - ok
19:30:46.0718 1652 wanatw - ok
19:30:46.0734 1652 WDICA - ok
19:30:46.0765 1652 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:30:46.0875 1652 wdmaud - ok
19:30:46.0890 1652 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:30:47.0000 1652 WebClient - ok
19:30:47.0046 1652 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:30:47.0125 1652 winachsf - ok
19:30:47.0218 1652 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:30:47.0312 1652 winmgmt - ok
19:30:47.0359 1652 [ AFB5A2A79BB01699A269C316D8B9BEF1 ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
19:30:47.0375 1652 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
19:30:47.0375 1652 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
19:30:47.0406 1652 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:30:47.0453 1652 WmdmPmSN - ok
19:30:47.0500 1652 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
19:30:47.0656 1652 Wmi - ok
19:30:47.0671 1652 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:30:47.0781 1652 WmiApSrv - ok
19:30:47.0828 1652 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:30:47.0937 1652 wscsvc - ok
19:30:47.0968 1652 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:30:48.0078 1652 wuauserv - ok
19:30:48.0109 1652 [ 247520EDED53A08AE89EA4FAE04F54D8 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:30:48.0187 1652 WZCSVC - ok
19:30:48.0203 1652 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:30:48.0328 1652 xmlprov - ok
19:30:48.0328 1652 ================ Scan global ===============================
19:30:48.0359 1652 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
19:30:48.0375 1652 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
19:30:48.0390 1652 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
19:30:48.0406 1652 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
19:30:48.0421 1652 [Global] - ok
19:30:48.0421 1652 ================ Scan MBR ==================================
19:30:48.0437 1652 [ ADD0A2ED42ADB47EC3F0ED3B9553B63A ] \Device\Harddisk0\DR0
19:30:48.0687 1652 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:30:48.0687 1652 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:30:48.0687 1652 ================ Scan VBR ==================================
19:30:48.0687 1652 [ 5262C442E599D690E765EB5881C30F48 ] \Device\Harddisk0\DR0\Partition1
19:30:48.0687 1652 \Device\Harddisk0\DR0\Partition1 - ok
19:30:48.0687 1652 ============================================================
19:30:48.0687 1652 Scan finished
19:30:48.0687 1652 ============================================================
19:30:48.0796 1872 Detected object count: 27
19:30:48.0796 1872 Actual detected object count: 27
19:31:41.0031 1872 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0031 1872 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0031 1872 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0031 1872 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0031 1872 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0031 1872 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0031 1872 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0031 1872 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0046 1872 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0046 1872 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0046 1872 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0046 1872 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0046 1872 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0046 1872 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0046 1872 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0046 1872 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0046 1872 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0046 1872 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0046 1872 omci ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0046 1872 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0046 1872 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0046 1872 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0062 1872 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0062 1872 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0062 1872 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0062 1872 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0062 1872 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0062 1872 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0062 1872 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0062 1872 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0062 1872 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0062 1872 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0062 1872 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0062 1872 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0078 1872 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0078 1872 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0078 1872 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0078 1872 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0078 1872 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0078 1872 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0078 1872 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0078 1872 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0078 1872 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0078 1872 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0078 1872 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0078 1872 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0078 1872 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0078 1872 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0093 1872 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0093 1872 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0093 1872 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:41.0093 1872 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:31:41.0156 1872 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
19:31:41.0156 1872 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
19:31:41.0156 1872 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
19:31:41.0203 1872 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:31:41.0203 1872 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:31:41.0203 1872 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:31:41.0265 1872 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:31:41.0296 1872 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:31:41.0312 1872 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:31:41.0328 1872 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:31:41.0328 1872 \Device\Harddisk0\DR0\TDLFS\dkmks.tmp - copied to quarantine
19:31:41.0328 1872 \Device\Harddisk0\DR0\TDLFS - deleted
19:31:41.0328 1872 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
19:33:30.0718 0656 Deinitialize success
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP