Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: srose on August 21, 2011, 08:31:29 AM
-
My computer is an older computer, but I did max the Ram out on it, but it still seems to run slow. Almost immidiatly as soon as you open a browser the fan comes on and 100% of the CPU will be running. Even when you close the browser it will take 5 to 10 min before the fan shuts off and the CPU usage comes down. I have taken a lot of programs off if I don't use them, and actually removed ones that I use not recognizing them. I run CCleaner, and have for years, I have the WOT set up to not go to sites that are not good, I have Microsoft essentials running and online armor set up. When I ran the super anti spy there were a few things but it still didn't speed anything up. When I ran the anti malware it showed nothing. I think it may be some programs competing against each other or something, can you please help me get my computer to run faster?
Here are my logs:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/20/2011 6:40:17 PM
mbam-log-2011-08-20 (18-40-17).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 252097
Time elapsed: 1 hour(s), 56 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/20/2011 at 02:44 PM
Application Version : 5.0.1118
Core Rules Database Version : 7585
Trace Rules Database Version: 5397
Scan type : Complete Scan
Total Scan Time : 01:33:18
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 529
Memory threats detected : 0
Registry items scanned : 38292
Registry threats detected : 0
File items scanned : 113967
File threats detected : 18
Adware.MyWebSearch/FunWebProducts
ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS44.ZIP )/F3PSSAVR.SCR
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS44.ZIP
ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS50.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS50.ZIP
ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS51.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS51.ZIP
ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH66.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH66.ZIP
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:42 AM, on 8/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\sniper.exe\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://cgmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} -
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126482186562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204817669703
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 8509 bytes
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**********************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
(http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg)
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html).Then post your DDS logs. (DDS.txt and Attach.txt )
-
Here are the logs that you requested:
Security Check:
Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
CCleaner
Java(TM) 6 Update 26
Flash Player Out of Date!
Adobe Flash Player 10.1.85.3
Mozilla Firefox (3.6.18) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
DDS:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Sean and Wylene at 16:48:16 on 2011-08-23
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\inetsrv\DavCData.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Sean and Wylene\Desktop\dds.scr
C:\WINDOWS\system32\REGSVR32.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = localhost
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [<NO NAME>]
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0854D220-A90A-466D-BC02-6683183802B7} - hxxp://cgmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8}
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} - hxxp://www.cyberlink.com/winxp/CheckDVD.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126482186562
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204817669703
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2B987C66-96AD-4C12-9E82-7CC0DBF430EF} : DhcpNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sean and wylene\application data\mozilla\firefox\profiles\614r5ppc.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - plugin: c:\documents and settings\sean and wylene\application data\mozilla\firefox\profiles\614r5ppc.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R? azt2320;Aztech 2320 Audio Driver (WDM)
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fsssvc;Windows Live Family Safety
R? HidCom;USB-HID -> COM Driver Service
R? MpKsl270bd62d;MpKsl270bd62d
R? MpKsl657b5787;MpKsl657b5787
R? MpKsl77223706;MpKsl77223706
R? MpKsl80889e0e;MpKsl80889e0e
R? MpKsl900ce35f;MpKsl900ce35f
R? MpKsla64cc5a6;MpKsla64cc5a6
R? MpKslc242287c;MpKslc242287c
R? MpKslc3cfb65c;MpKslc3cfb65c
R? MpKslcfe8629b;MpKslcfe8629b
R? MpKsld0c3b2d3;MpKsld0c3b2d3
R? MpKsle16118fb;MpKsle16118fb
R? MpKsle1868d84;MpKsle1868d84
R? MpKslfceee1bd;MpKslfceee1bd
R? MpKslfd546ba9;MpKslfd546ba9
R? nosGetPlusHelper;getPlus(R) Helper 3004
R? omoecx;omoecx
R? SASENUM;SASENUM
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? CX88XBAR;Conexant 2388x Crossbar Dual Input
S? fssfltr;fssfltr
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl001a1d8d;MpKsl001a1d8d
S? MpKsl34bff400;MpKsl34bff400
S? OAcat;Online Armor Helper Service
S? OADevice;OADriver
S? OAmon;OAmon
S? OAnet;OAnet
S? pavboot;pavboot
S? PSI;PSI
S? regi;regi
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SvcOnlineArmor;Online Armor
.
=============== Created Last 30 ================
.
2011-08-23 17:59:46 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3fb03576-5a49-4f50-8342-d74b4cf97f80}\MpKsl001a1d8d.sys
2011-08-23 17:59:09 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3fb03576-5a49-4f50-8342-d74b4cf97f80}\mpengine.dll
2011-08-21 13:48:42 388096 ----a-r- c:\documents and settings\sean and wylene\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-11 07:23:53 -------- d-----w- C:\66f67a257b88457a6cbc1c5fc357e6
2011-08-03 18:27:33 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:51:41.95 ===============
Attatch Log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/7/2004 12:14:57 PM
System Uptime: 8/21/2011 2:10:47 PM (50 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 180 GiB total, 134.991 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 1.123 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft MPU Audio Driver(WDM)
Device ID: ROOT\MEDIA\0002
Manufacturer: Aztech Systems
Name: Microsoft MPU Audio Driver(WDM)
PNP Device ID: ROOT\MEDIA\0002
Service: ms_mpu401
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Aztech 2320 Compatible PnP Audio (WDM)
Device ID: ROOT\MEDIA\0003
Manufacturer: Aztech Systems
Name: Aztech 2320 Compatible PnP Audio (WDM)
PNP Device ID: ROOT\MEDIA\0003
Service: azt2320
.
==== System Restore Points ===================
.
RP541: 5/24/2011 10:52:30 AM - Software Distribution Service 3.0
RP542: 5/25/2011 8:02:54 AM - Software Distribution Service 3.0
RP543: 5/26/2011 8:03:11 AM - Software Distribution Service 3.0
RP544: 5/27/2011 8:03:19 AM - Software Distribution Service 3.0
RP545: 5/30/2011 8:47:16 PM - Software Distribution Service 3.0
RP546: 5/31/2011 9:32:02 PM - System Checkpoint
RP547: 6/1/2011 5:55:12 AM - Software Distribution Service 3.0
RP548: 6/1/2011 8:42:44 PM - Software Distribution Service 3.0
RP549: 6/2/2011 8:43:03 PM - Software Distribution Service 3.0
RP550: 6/3/2011 8:42:09 PM - Software Distribution Service 3.0
RP551: 6/4/2011 9:12:42 PM - Software Distribution Service 3.0
RP552: 6/5/2011 9:39:19 PM - Software Distribution Service 3.0
RP553: 6/6/2011 8:43:04 PM - Software Distribution Service 3.0
RP554: 6/7/2011 8:44:28 PM - Software Distribution Service 3.0
RP555: 6/8/2011 8:43:10 PM - Software Distribution Service 3.0
RP556: 6/9/2011 8:43:19 PM - Software Distribution Service 3.0
RP557: 6/10/2011 8:44:00 PM - Software Distribution Service 3.0
RP558: 6/11/2011 8:44:06 PM - Software Distribution Service 3.0
RP559: 6/12/2011 10:28:01 PM - Software Distribution Service 3.0
RP560: 6/13/2011 8:27:23 AM - Software Distribution Service 3.0
RP561: 6/14/2011 8:28:03 AM - Software Distribution Service 3.0
RP562: 6/15/2011 8:28:22 AM - Software Distribution Service 3.0
RP563: 6/16/2011 3:00:38 AM - Software Distribution Service 3.0
RP564: 6/17/2011 9:45:25 AM - Software Distribution Service 3.0
RP565: 6/20/2011 9:46:35 AM - Software Distribution Service 3.0
RP566: 6/21/2011 10:03:00 AM - System Checkpoint
RP567: 6/21/2011 1:57:00 PM - Software Distribution Service 3.0
RP568: 6/22/2011 9:40:58 AM - Software Distribution Service 3.0
RP569: 6/23/2011 9:40:57 AM - Software Distribution Service 3.0
RP570: 6/24/2011 10:30:21 AM - System Checkpoint
RP571: 6/25/2011 2:29:41 AM - Software Distribution Service 3.0
RP572: 6/26/2011 3:45:25 AM - System Checkpoint
RP573: 6/26/2011 9:41:00 AM - Software Distribution Service 3.0
RP574: 6/26/2011 10:27:07 PM - Software Distribution Service 3.0
RP575: 6/27/2011 11:12:11 PM - System Checkpoint
RP576: 6/28/2011 12:57:28 AM - Software Distribution Service 3.0
RP577: 6/29/2011 7:04:19 AM - Software Distribution Service 3.0
RP578: 6/29/2011 3:16:40 PM - Software Distribution Service 3.0
RP579: 6/30/2011 3:11:28 PM - Software Distribution Service 3.0
RP580: 7/1/2011 5:21:42 PM - System Checkpoint
RP581: 7/2/2011 3:08:11 AM - Software Distribution Service 3.0
RP582: 7/2/2011 3:12:06 PM - Software Distribution Service 3.0
RP583: 7/3/2011 3:13:51 PM - Software Distribution Service 3.0
RP584: 7/3/2011 10:12:04 PM - Software Distribution Service 3.0
RP585: 7/5/2011 3:28:02 AM - Software Distribution Service 3.0
RP586: 7/6/2011 3:58:31 AM - System Checkpoint
RP587: 7/7/2011 3:12:41 PM - Software Distribution Service 3.0
RP588: 7/8/2011 3:13:01 PM - Software Distribution Service 3.0
RP589: 7/10/2011 11:36:24 AM - Software Distribution Service 3.0
RP590: 7/10/2011 10:29:32 PM - Software Distribution Service 3.0
RP591: 7/12/2011 11:38:51 AM - Software Distribution Service 3.0
RP592: 7/13/2011 3:00:26 AM - Software Distribution Service 3.0
RP593: 7/13/2011 1:02:03 PM - Software Distribution Service 3.0
RP594: 7/14/2011 5:50:18 PM - Software Distribution Service 3.0
RP595: 7/15/2011 7:29:45 AM - Software Distribution Service 3.0
RP596: 7/16/2011 5:39:27 PM - Software Distribution Service 3.0
RP597: 7/17/2011 7:28:58 AM - Software Distribution Service 3.0
RP598: 7/17/2011 10:05:28 PM - Software Distribution Service 3.0
RP599: 7/18/2011 7:30:28 AM - Software Distribution Service 3.0
RP600: 7/19/2011 7:30:14 AM - Software Distribution Service 3.0
RP601: 7/20/2011 7:33:49 AM - Software Distribution Service 3.0
RP602: 7/21/2011 8:10:09 AM - Software Distribution Service 3.0
RP603: 7/21/2011 2:29:49 PM - Removed Google Earth.
RP604: 7/22/2011 2:46:02 PM - Software Distribution Service 3.0
RP605: 7/23/2011 2:45:51 PM - Software Distribution Service 3.0
RP606: 7/24/2011 2:45:06 PM - Software Distribution Service 3.0
RP607: 7/26/2011 3:12:50 PM - Software Distribution Service 3.0
RP608: 7/27/2011 3:12:30 PM - Software Distribution Service 3.0
RP609: 7/28/2011 3:12:27 PM - Software Distribution Service 3.0
RP610: 7/29/2011 10:51:09 PM - Software Distribution Service 3.0
RP611: 7/30/2011 3:12:49 PM - Software Distribution Service 3.0
RP612: 7/31/2011 3:13:35 PM - Software Distribution Service 3.0
RP613: 7/31/2011 9:59:05 PM - Software Distribution Service 3.0
RP614: 8/2/2011 7:29:16 AM - Software Distribution Service 3.0
RP615: 8/3/2011 2:26:06 PM - Software Distribution Service 3.0
RP616: 8/4/2011 3:58:20 PM - System Checkpoint
RP617: 8/4/2011 5:26:54 PM - Software Distribution Service 3.0
RP618: 8/5/2011 2:34:33 PM - Software Distribution Service 3.0
RP619: 8/6/2011 2:34:01 PM - Software Distribution Service 3.0
RP620: 8/7/2011 2:34:30 PM - Software Distribution Service 3.0
RP621: 8/8/2011 2:34:50 PM - Software Distribution Service 3.0
RP622: 8/9/2011 2:34:51 PM - Software Distribution Service 3.0
RP623: 8/10/2011 2:34:11 PM - Software Distribution Service 3.0
RP624: 8/11/2011 3:00:26 AM - Software Distribution Service 3.0
RP625: 8/11/2011 12:20:43 PM - Software Distribution Service 3.0
RP626: 8/12/2011 5:07:33 PM - Software Distribution Service 3.0
RP627: 8/14/2011 11:16:36 AM - Software Distribution Service 3.0
RP628: 8/15/2011 8:40:00 PM - Software Distribution Service 3.0
RP629: 8/16/2011 7:29:01 PM - Software Distribution Service 3.0
RP630: 8/17/2011 7:28:54 PM - Software Distribution Service 3.0
RP631: 8/18/2011 7:29:17 PM - Software Distribution Service 3.0
RP632: 8/19/2011 7:29:14 PM - Software Distribution Service 3.0
RP633: 8/20/2011 8:11:35 PM - Software Distribution Service 3.0
RP634: 8/21/2011 9:36:15 AM - Installed Java(TM) 6 Update 26
RP635: 8/21/2011 9:48:39 AM - Installed HiJackThis
RP636: 8/22/2011 2:33:06 PM - Software Distribution Service 3.0
RP637: 8/23/2011 1:59:07 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Adobe Shockwave Player 11.5
Adobe SVG Viewer 6.0
ATI Display Driver
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
CCleaner
CCScore
Choice Guard
Compatibility Pack for the 2007 Office system
Corel WinDVD 9
Defraggler (remove only)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Instant Support
HP Photo Creations
HP Update
hpmdtab
HpSdpAppCoreApp
Intel(R) Extreme Graphics 2 Driver
InterActual Player
InterVideo WinDVD 8
Java Auto Updater
Java(TM) 6 Update 26
Kodak EasyShare software
LG USB Drivers
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft IntelliPoint 6.2
Microsoft IntelliType Pro 6.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 7.0
Mozilla Firefox (3.6.18)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Multimedia Card Reader
netbrdg
OfotoXMI
Online Armor 4.0
Panda ActiveScan 2.0
Print Perfect Deluxe
Scan
Scan Manager 5.2
ScanSoft OmniPage 16
Secunia CSI
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Segoe UI
SereneScene Marine Aquarium 2
SFR
SHASTA
skin0001
SKINXSDK
staticcr
SUPERAntiSpyware Free Edition
tooltips
TurboTax 2009
TurboTax 2009 wgaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wgaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Updates from HP
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
VueScan
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See Q828026 for more information]
Windows Presentation Foundation
Windows XP Service Pack 3
Winmail Opener 1.4
WIRELESS
WOT for Internet Explorer
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
8/21/2011 10:21:47 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.339.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/20/2011 12:56:09 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
8/20/2011 12:43:56 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
8/20/2011 12:43:22 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
.
==== End Of File ===========================
-
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
mRun: [<NO NAME>]
Trusted Zone: intuit.com\ttlc
:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
******************************************************
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
(http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
OTL Log:
All processes killed
========== OTL ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 80 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 521 bytes
User: All Users
->Flash cache emptied: 106 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes
User: Forrest
->Temp folder emptied: 59 bytes
->Temporary Internet Files folder emptied: 2345130 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3732647 bytes
->Flash cache emptied: 498 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 3424125 bytes
User: NetworkService
->Temp folder emptied: 2007776 bytes
->Temporary Internet Files folder emptied: 725555 bytes
User: Sean and Wylene
->Temp folder emptied: 16595530 bytes
->Temporary Internet Files folder emptied: 20281618 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39387417 bytes
->Flash cache emptied: 42135 bytes
User: Taylor
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41558009 bytes
->Flash cache emptied: 470 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 578358 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 245726913 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2201947 bytes
Total Files Cleaned = 361.00 mb
OTL by OldTimer - Version 3.2.26.5 log created on 08242011_171959
Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully.
C:\Documents and Settings\Sean and Wylene\Local Settings\Temporary Internet Files\Content.IE5\968ZUZ8T\topic,122660.0[1].html moved successfully.
C:\Documents and Settings\Sean and Wylene\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1a0.dat not found!
File\Folder C:\WINDOWS\temp\TMP00000002A38B44CC36BD4B3D not found!
File\Folder C:\WINDOWS\temp\TMP000000040C84D882661A3459 not found!
Registry entries deleted on Reboot...
ComboFix Log:
ComboFix 11-08-24.06 - Sean and Wylene 08/24/2011 20:48:36.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1496 [GMT -4:00]
Running from: c:\documents and settings\Sean and Wylene\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\My Documents\006.zip
c:\documents and settings\Administrator\My Documents\1002.zip
c:\documents and settings\Administrator\My Documents\1x1.bmp
c:\documents and settings\Sean and Wylene\My Documents\~WRL2523.tmp
c:\documents and settings\Sean and Wylene\My Documents\1766.doc
c:\documents and settings\Taylor\My Documents\~WRL0005.tmp
c:\program files\messenger\msmsgsin.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_USBAAPL
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-24 22:24 . 2011-08-24 22:24 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-08-24 22:24 . 2011-08-24 22:24 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-08-24 22:24 . 2011-08-24 22:24 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-08-24 22:24 . 2011-08-24 22:24 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-08-24 21:49 . 2011-08-24 21:49 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{348C1909-398B-45BE-933E-9F1FC90C47E5}\MpKsl41b40909.sys
2011-08-24 21:19 . 2011-08-24 21:19 -------- d-----w- C:\_OTL
2011-08-24 18:00 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{348C1909-398B-45BE-933E-9F1FC90C47E5}\mpengine.dll
2011-08-21 13:48 . 2011-08-21 13:48 388096 ----a-r- c:\documents and settings\Sean and Wylene\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-11 07:23 . 2011-08-11 07:24 -------- d-----w- C:\66f67a257b88457a6cbc1c5fc357e6
2011-08-03 18:28 . 2011-08-03 18:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-08-03 18:27 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 02:44 . 2010-02-12 04:46 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-15 13:29 . 2003-12-17 04:28 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-01-20 18:08 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2004-01-20 17:32 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2005-06-18 03:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-01-20 18:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-01-20 18:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2003-12-17 04:29 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2003-12-17 04:29 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-07-25 2585408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Sean and Wylene\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-20 113024]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete \??\0autocheck autochk *\0pgdfgsvc C 1
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Sean and Wylene^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
path=c:\documents and settings\Sean and Wylene\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk
backup=c:\windows\pss\reminder-ScanSoft Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-05 08:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2009-04-10 13:53 50520 ----a-w- c:\documents and settings\Sean and Wylene\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 17:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 19:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSoft OmniPage 16-reminder]
2007-07-20 13:50 328992 ----a-w- c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-04 21:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Documents and Settings\\Sean and Wylene\\Application Data\\mjusbsp\\magicJack.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2/17/2010 1:11 PM 28552]
R1 MpKsl41b40909;MpKsl41b40909;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{348C1909-398B-45BE-933E-9F1FC90C47E5}\MpKsl41b40909.sys [8/24/2011 5:49 PM 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/10/2010 1:03 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/10/2010 1:03 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/10/2010 1:03 PM 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [9/22/2010 9:37 AM 116608]
R2 CX88XBAR;Conexant 2388x Crossbar Dual Input;c:\windows\system32\drivers\cx88xbardual.sys [2/17/2004 4:37 PM 7040]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [3/10/2010 1:03 PM 3291336]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S0 omoecx;omoecx;c:\windows\system32\drivers\lncww.sys --> c:\windows\system32\drivers\lncww.sys [?]
S1 MpKsl00f9383a;MpKsl00f9383a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{348C1909-398B-45BE-933E-9F1FC90C47E5}\MpKsl00f9383a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{348C1909-398B-45BE-933E-9F1FC90C47E5}\MpKsl00f9383a.sys [?]
S1 MpKsl270bd62d;MpKsl270bd62d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28A1DCA-AEEF-487D-B061-CEC821B7BE53}\MpKsl270bd62d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28A1DCA-AEEF-487D-B061-CEC821B7BE53}\MpKsl270bd62d.sys [?]
S1 MpKsl657b5787;MpKsl657b5787;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{51EDCA63-EE4C-4748-B5EA-BCC87192A850}\MpKsl657b5787.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{51EDCA63-EE4C-4748-B5EA-BCC87192A850}\MpKsl657b5787.sys [?]
S1 MpKsl77223706;MpKsl77223706;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D6B4100-97F6-4331-AC1D-69E44D9AE9E6}\MpKsl77223706.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D6B4100-97F6-4331-AC1D-69E44D9AE9E6}\MpKsl77223706.sys [?]
S1 MpKsl80889e0e;MpKsl80889e0e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0539C345-C00C-4295-9705-013F568BE341}\MpKsl80889e0e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0539C345-C00C-4295-9705-013F568BE341}\MpKsl80889e0e.sys [?]
S1 MpKsl900ce35f;MpKsl900ce35f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01E24A79-4AC2-4D06-B097-F6B63E4E4892}\MpKsl900ce35f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01E24A79-4AC2-4D06-B097-F6B63E4E4892}\MpKsl900ce35f.sys [?]
S1 MpKsl97463d76;MpKsl97463d76;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{348C1909-398B-45BE-933E-9F1FC90C47E5}\MpKsl97463d76.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{348C1909-398B-45BE-933E-9F1FC90C47E5}\MpKsl97463d76.sys [?]
S1 MpKsla64cc5a6;MpKsla64cc5a6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E975A2E3-CD52-4870-A6B3-7149A9339549}\MpKsla64cc5a6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E975A2E3-CD52-4870-A6B3-7149A9339549}\MpKsla64cc5a6.sys [?]
S1 MpKslc242287c;MpKslc242287c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D6B4100-97F6-4331-AC1D-69E44D9AE9E6}\MpKslc242287c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D6B4100-97F6-4331-AC1D-69E44D9AE9E6}\MpKslc242287c.sys [?]
S1 MpKslc3cfb65c;MpKslc3cfb65c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A80B47E-F452-4ED0-9450-85A7F1D00B69}\MpKslc3cfb65c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A80B47E-F452-4ED0-9450-85A7F1D00B69}\MpKslc3cfb65c.sys [?]
S1 MpKslcfe8629b;MpKslcfe8629b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB24FE3D-BFD4-4FB1-8809-41E8B26780F2}\MpKslcfe8629b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB24FE3D-BFD4-4FB1-8809-41E8B26780F2}\MpKslcfe8629b.sys [?]
S1 MpKsld0c3b2d3;MpKsld0c3b2d3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D6B4100-97F6-4331-AC1D-69E44D9AE9E6}\MpKsld0c3b2d3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D6B4100-97F6-4331-AC1D-69E44D9AE9E6}\MpKsld0c3b2d3.sys [?]
S1 MpKsle16118fb;MpKsle16118fb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B5D8568-604A-48AC-875B-71DEC91AA17A}\MpKsle16118fb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B5D8568-604A-48AC-875B-71DEC91AA17A}\MpKsle16118fb.sys [?]
S1 MpKsle1868d84;MpKsle1868d84;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47965311-9CA3-4343-B8B7-B563C5DA5437}\MpKsle1868d84.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47965311-9CA3-4343-B8B7-B563C5DA5437}\MpKsle1868d84.sys [?]
S1 MpKslfceee1bd;MpKslfceee1bd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98FEB847-44F1-4077-8516-9FD5269FB526}\MpKslfceee1bd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98FEB847-44F1-4077-8516-9FD5269FB526}\MpKslfceee1bd.sys [?]
S1 MpKslfd546ba9;MpKslfd546ba9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{010A649E-65DA-49A0-953A-CB922D17D950}\MpKslfd546ba9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{010A649E-65DA-49A0-953A-CB922D17D950}\MpKslfd546ba9.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/10/2010 1:03 PM 1282248]
S3 azt2320;Aztech 2320 Audio Driver (WDM);c:\windows\system32\drivers\aztw2320.sys [8/20/2009 9:44 AM 36992]
S3 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\BdHidCom.sys [7/23/2006 7:17 PM 17408]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [1/20/2004 1:33 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-24 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 20:07]
.
2011-08-25 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 20:07]
.
2011-08-24 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 20:07]
.
2011-08-24 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14 20:07]
.
2010-03-10 c:\windows\Tasks\User_Feed_Synchronization-{A4B2D6E0-A34D-4D32-B546-B1A3ACC18990}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Sean and Wylene\Application Data\Mozilla\Firefox\Profiles\614r5ppc.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\cli.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-24 21:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3708)
c:\windows\system32\WININET.dll
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-08-24 21:10:22
ComboFix-quarantined-files.txt 2011-08-25 01:10
ComboFix2.txt 2010-03-13 21:26
.
Pre-Run: 145,093,472,256 bytes free
Post-Run: 145,010,806,784 bytes free
.
- - End Of File - - 5D44781DD9712829F3F46A62D6047659
-
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
Here is the sysprot log:
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{348C1909-398B-45BE-933E-9F1FC90C47E5}\MpKsl41b40909.sys
Service Name: MpKsl41b40909
Module Base: F777F000
Module End: F7785000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AB043000
Module End: AB05B000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79D7000
Module End: F79D9000
Hidden: Yes
Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: AA849000
Module End: AA84B000
Hidden: Yes
Module Name: \??\C:\DOCUME~1\SEANAN~1\LOCALS~1\Temp\catchme.sys
Service Name: catchme
Module Base: F77BF000
Module End: F77C7000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: AB274420
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwAssignProcessToJobObject
Address: AB274C60
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwConnectPort
Address: AB272A90
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateFile
Address: AB281CB0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreatePort
Address: AB272740
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateProcess
Address: AB26F320
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateProcessEx
Address: AB26F710
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateSection
Address: AB26EDE0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwCreateThread
Address: AB270CA0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwDebugActiveProcess
Address: AB271900
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwDuplicateObject
Address: AB272410
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwLoadDriver
Address: AB273B40
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwOpenFile
Address: AB282420
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwOpenProcess
Address: AB270630
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwOpenSection
Address: AB26F080
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwOpenThread
Address: AB2711C0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwProtectVirtualMemory
Address: AB2748A0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwQueryDirectoryFile
Address: AB273FB0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwQueueApcThread
Address: AB274E00
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwRequestWaitReplyPort
Address: AB273690
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwRestoreKey
Address: AB281940
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwResumeThread
Address: AB272060
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSecureConnectPort
Address: AB272E80
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSetContextThread
Address: AB2716E0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSetSystemInformation
Address: AB271AA0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwShutdownSystem
Address: AB273A10
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSuspendProcess
Address: AB272240
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSuspendThread
Address: AB271E60
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwSystemDebugControl
Address: AB271C90
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwTerminateProcess
Address: AB270A30
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwTerminateThread
Address: AB2714B0
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwUnloadDriver
Address: AB273D70
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
Function Name: ZwWriteVirtualMemory
Address: AB274A70
Driver Base: AB258000
Driver End: AB2A1000
Driver Name: \??\C:\WINDOWS\system32\drivers\OADriver.sys
******************************************************************************************
******************************************************************************************
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Just FYI my computer seemed to be running better after the mini dump, but since the sprt was installed and ran it is back to running 100% CPU most of the time. I wasn't sure on the removal of the sprt since I didn't see it in the add/remove files or on my ccleaner. Can I just send the file from the desktop to the recycle bin and get rid of it?
Here is my ESET scan Log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d0ad1eb7936f7049ac389a8d5715c093
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-29 04:20:32
# local_time=2011-08-29 12:20:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 107442176 107442176 0 0
# compatibility_mode=1024 16777215 100 0 47417915 47417915 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776533 42 87 0 10508239 0 0
# compatibility_mode=6401 16777213 66 100 25813302 53641351 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=109414
# found=0
# cleaned=0
# scan_time=14677
Thank You
-
but since the sprt was installed and ran it is back to running 100% CPU most of the time.
What is this sprt that you're talking about?
-
I am sorry it is the SysProt antiroot kit that you had me down load to my desk top and do a scan with it.
-
Ok. You can delete SysProt AntiRootkit.
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
-
Super Dave,
I apologize that it has taken me so long, but here is the log:
Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 0 K 16 K
System 4 49.23 0 K 244 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 424 176 K 428 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 508 1,932 K 5,148 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 532 10,504 K 3,096 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 576 1,984 K 3,796 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
ati2evxx.exe 760 592 K 2,472 K ATI External Event Utility EXE Module ATI Technologies Inc. C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe 776 3,424 K 5,644 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe 824 2,120 K 5,048 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss
svchost.exe 944 46.92 120,448 K 133,624 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
wuauclt.exe 3000 13,424 K 125,056 K Windows Update Microsoft Corporation "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3b0]SUSDSf8f17ec3dcad2046b15ff9286110eddc
svchost.exe 1032 1,980 K 4,296 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k NetworkService
svchost.exe 1108 1,744 K 4,296 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
oacat.exe 1172 2,424 K 2,816 K Online Armor Component Tall Emu "C:\Program Files\Tall Emu\Online Armor\OAcat.exe"
oasrv.exe 1300 22,312 K 6,428 K Online Armor Component Tall Emu "C:\Program Files\Tall Emu\Online Armor\oasrv.exe"
spoolsv.exe 1496 4,940 K 8,668 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1988 2,408 K 5,764 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalService
SASCORE.EXE 656 748 K 2,336 K Core Service SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
ehsched.exe 1392 892 K 3,124 K Media Center Scheduler Service Microsoft Corporation C:\WINDOWS\ehome\ehSched.exe
inetinfo.exe 1704 6,604 K 12,460 K Internet Information Services Microsoft Corporation C:\WINDOWS\system32\inetsrv\inetinfo.exe
davcdata.exe 4060 496 K 1,500 K HTTP-DAV common data Microsoft Corporation "C:\WINDOWS\system32\inetsrv\DavCData.exe"
IntuitUpdateService.exe 2036 21,388 K 468 K Intuit Update Service Intuit Inc. "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"
iviRegMgr.exe 1260 708 K 2,460 K RegMgr Module InterVideo "C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
jqs.exe 1216 2,464 K 2,180 K Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
PsiService_2.exe 652 688 K 2,232 K PsiService PsiService Protexis Inc. "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
snmp.exe 1740 1,628 K 4,124 K SNMP Service Microsoft Corporation C:\WINDOWS\System32\snmp.exe
svchost.exe 2132 3,660 K 7,624 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k imgsvc
wdfmgr.exe 2460 1,660 K 1,972 K Windows User Mode Driver Manager Microsoft Corporation C:\WINDOWS\system32\wdfmgr.exe
WLIDSVC.EXE 2736 8,868 K 14,368 K Microsoft® Windows Live ID Service Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSVCM.EXE 2272 716 K 2,232 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation WLIDSvcM.exe 2736
searchindexer.exe 3092 20,196 K 31,284 K Microsoft Windows Search Indexer Microsoft Corporation C:\WINDOWS\system32\SearchIndexer.exe /Embedding
alg.exe 3244 1,280 K 3,744 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
MsMpEng.exe 2812 109,040 K 80,692 K Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
dllhost.exe 3840 2,368 K 6,420 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
lsass.exe 588 4,364 K 2,640 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
taskmgr.exe 2732 0.77 2,556 K 1,528 K Windows TaskManager Microsoft Corporation taskmgr.exe
explorer.exe 1788 0.77 28,856 K 37,452 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
oaui.exe 1088 0.77 6,912 K 8,200 K Online Armor Component Tall Emu "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
oahlp.exe 3236 5,572 K 1,024 K Online Armor Component Tall Emu "C:\Program Files\Tall Emu\Online Armor\OAhlp.exe"
msseces.exe 3652 7,576 K 12,356 K Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
jusched.exe 1468 1,996 K 4,420 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
GoogleToolbarNotifier.exe 1992 4,332 K 1,188 K GoogleToolbarNotifier Google Inc. "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe 2264 2,048 K 4,748 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
iexplore.exe 220 11,876 K 2,120 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe"
iexplore.exe 3540 48,916 K 63,520 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:220 CREDAT:79873
procexp.exe 2332 13,888 K 7,772 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\Sean and Wylene\My Documents\ProcessExplorer\procexp.exe"
psi.exe 3732 1.54 42,136 K 17,796 K Secunia PSI Secunia "C:\Program Files\Secunia\PSI\psi.exe"
[regaining space - attachment deleted by admin]
-
Please download Bootkit Remover by eSage Lab from here. (http://www.esagelab.com/files/bootkit_remover.rar)
NOTE: This is a file compressed with Winrar. If you do not have the means to unpack it, you can download and install 7-zip from here. (http://www.7-zip.org/)
- •Unpack remover.exe from the bootkit_remover.rar archive and save it to your Desktop
- •Doubleclick remover.exe to run the tool
- •A DOS window will open with the results of the scan
- •Rightclick that window and choose Select all
- •Simultaneously press [CTRL] + C (copy) and paste the text in your next reply.
-
Dave,
I hope that I did this right. When I clicked on the link in the post it would give me an error 404 message, so I just went to the esage web site and got what I believe to be the right file. If it isn't right just let me know and I'll do it again.
Here is the copy of what came up when I ran that program:
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`93494000
Boot sector MD5 is: 37ea57b12221900823ef1f8d148ac245
Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown boot code
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
Done;
Press any key to quit...
-
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i62.servimg.com/u/f62/15/92/84/26/aswmbr14.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i62.servimg.com/u/f62/15/92/84/26/aswmbr10.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
Dave, when I clicked on the link provided it would not come up, so I googled it and hope this is the right one.
Here is the log:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-25 11:14:30
-----------------------------
11:14:30.769 OS Version: Windows 5.1.2600 Service Pack 3
11:14:30.769 Number of processors: 2 586 0x209
11:14:30.769 ComputerName: MAIN UserName:
11:14:31.441 Initialize success
11:14:53.941 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:14:53.941 Disk 0 Vendor: WDC_WD2000BB-22DWA0 15.05R15 Size: 190782MB BusType: 3
11:14:55.957 Disk 0 MBR read successfully
11:14:55.957 Disk 0 MBR scan
11:14:55.957 Disk 0 unknown MBR code
11:14:55.957 Disk 0 scanning sectors +390700800
11:14:56.019 Disk 0 scanning C:\WINDOWS\system32\drivers
11:15:06.675 Service scanning
11:15:07.660 Service MpKslf8aeaf35 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKslf8aeaf35.sys **LOCKED** 32
11:15:08.519 Modules scanning
11:15:37.504 Disk 0 trace - called modules:
11:15:37.535 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:15:37.535 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a650ab8]
11:15:37.550 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8a6b34c8]
11:15:37.550 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a655940]
11:15:37.894 Scan finished successfully
11:16:26.144 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sean and Wylene\My Documents\MBR.dat"
11:16:26.144 The log file has been saved successfully to "C:\Documents and Settings\Sean and Wylene\My Documents\aswMBRlog92511.txt"
-
Dave, when I clicked on the link provided it would not come up, so I googled it and hope this is the right one.
I'm sorry about that. I've fixed it.
Please download TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
- Doubleclick TDSSKiller.exe to run the tool
- Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
- After the scan has finished, click the Close button
- Click the Report button and copy/paste the contents of it into your next reply
- Note:It will also create a log in the C:\ directory.
-
Dave here is the log:
16:59:14.0082 3308 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
16:59:16.0082 3308 ============================================================
16:59:16.0082 3308 Current date / time: 2011/09/25 16:59:16.0082
16:59:16.0082 3308 SystemInfo:
16:59:16.0082 3308
16:59:16.0082 3308 OS Version: 5.1.2600 ServicePack: 3.0
16:59:16.0082 3308 Product type: Workstation
16:59:16.0082 3308 ComputerName: MAIN
16:59:16.0082 3308 UserName: Sean and Wylene
16:59:16.0082 3308 Windows directory: C:\WINDOWS
16:59:16.0082 3308 System windows directory: C:\WINDOWS
16:59:16.0082 3308 Processor architecture: Intel x86
16:59:16.0082 3308 Number of processors: 2
16:59:16.0082 3308 Page size: 0x1000
16:59:16.0082 3308 Boot type: Normal boot
16:59:16.0082 3308 ============================================================
16:59:18.0972 3308 Initialize success
16:59:40.0879 2936 ============================================================
16:59:40.0879 2936 Scan started
16:59:40.0879 2936 Mode: Manual;
16:59:40.0879 2936 ============================================================
16:59:41.0441 2936 Abiosdsk - ok
16:59:41.0613 2936 abp480n5 - ok
16:59:41.0754 2936 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:59:41.0769 2936 ACPI - ok
16:59:41.0941 2936 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:59:41.0941 2936 ACPIEC - ok
16:59:42.0066 2936 adpu160m - ok
16:59:42.0238 2936 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:59:42.0238 2936 aec - ok
16:59:42.0394 2936 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
16:59:42.0394 2936 AFD - ok
16:59:42.0535 2936 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
16:59:42.0535 2936 AFS2K - ok
16:59:42.0722 2936 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:59:42.0722 2936 agp440 - ok
16:59:42.0847 2936 Aha154x - ok
16:59:42.0988 2936 aic78u2 - ok
16:59:43.0097 2936 aic78xx - ok
16:59:43.0363 2936 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:59:43.0441 2936 ALCXWDM - ok
16:59:43.0644 2936 AliIde - ok
16:59:43.0754 2936 amsint - ok
16:59:43.0910 2936 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:59:43.0910 2936 Arp1394 - ok
16:59:44.0066 2936 asc - ok
16:59:44.0191 2936 asc3350p - ok
16:59:44.0316 2936 asc3550 - ok
16:59:44.0535 2936 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:59:44.0535 2936 AsyncMac - ok
16:59:44.0722 2936 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:59:44.0722 2936 atapi - ok
16:59:44.0879 2936 Atdisk - ok
16:59:45.0066 2936 ati2mtag (7182bf0f2a392d48e4aa732b970aac9c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:59:45.0066 2936 ati2mtag - ok
16:59:45.0238 2936 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:59:45.0238 2936 Atmarpc - ok
16:59:45.0394 2936 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:59:45.0394 2936 audstub - ok
16:59:45.0550 2936 azt2320 (73c5a32199187c780abb93090cf068f1) C:\WINDOWS\system32\drivers\aztw2320.sys
16:59:45.0550 2936 azt2320 - ok
16:59:45.0738 2936 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:59:45.0738 2936 Beep - ok
16:59:45.0863 2936 catchme - ok
16:59:46.0019 2936 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:59:46.0019 2936 cbidf2k - ok
16:59:46.0160 2936 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:59:46.0160 2936 CCDECODE - ok
16:59:46.0300 2936 cd20xrnt - ok
16:59:46.0441 2936 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:59:46.0441 2936 Cdaudio - ok
16:59:46.0660 2936 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:59:46.0660 2936 Cdfs - ok
16:59:46.0816 2936 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:59:46.0816 2936 Cdrom - ok
16:59:46.0957 2936 Changer - ok
16:59:47.0113 2936 CmdIde - ok
16:59:47.0269 2936 Cpqarray - ok
16:59:47.0425 2936 CX23880 (2d0823367d535d8b5f88ada609d7a305) C:\WINDOWS\system32\drivers\cx88vid.sys
16:59:47.0425 2936 CX23880 - ok
16:59:47.0629 2936 CX88ENC (87befc829316a34c99cd95dbbf26398b) C:\WINDOWS\system32\drivers\cx88enc.sys
16:59:47.0660 2936 CX88ENC - ok
16:59:47.0816 2936 CX88XBAR (23474ae80bfc2769bbecc8ab9e9cafe5) C:\WINDOWS\system32\drivers\CX88XBARDUAL.sys
16:59:47.0816 2936 CX88XBAR - ok
16:59:47.0972 2936 CXTUNE (80527a04734d170b993fe84b5715cfae) C:\WINDOWS\system32\drivers\CX88TUNE.sys
16:59:47.0972 2936 CXTUNE - ok
16:59:48.0113 2936 dac2w2k - ok
16:59:48.0222 2936 dac960nt - ok
16:59:48.0394 2936 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:59:48.0394 2936 Disk - ok
16:59:48.0660 2936 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:59:48.0691 2936 dmboot - ok
16:59:49.0035 2936 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:59:49.0082 2936 dmio - ok
16:59:49.0363 2936 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:59:49.0363 2936 dmload - ok
16:59:49.0535 2936 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:59:49.0535 2936 DMusic - ok
16:59:49.0691 2936 dpti2o - ok
16:59:49.0832 2936 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:59:49.0832 2936 drmkaud - ok
16:59:50.0035 2936 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:59:50.0050 2936 Fastfat - ok
16:59:50.0222 2936 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:59:50.0222 2936 Fdc - ok
16:59:50.0379 2936 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:59:50.0379 2936 Fips - ok
16:59:50.0550 2936 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:59:50.0550 2936 Flpydisk - ok
16:59:50.0722 2936 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:59:50.0738 2936 FltMgr - ok
16:59:50.0894 2936 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
16:59:50.0894 2936 fssfltr - ok
16:59:51.0050 2936 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:59:51.0050 2936 Fs_Rec - ok
16:59:51.0207 2936 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:59:51.0222 2936 Ftdisk - ok
16:59:51.0363 2936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:59:51.0379 2936 GEARAspiWDM - ok
16:59:51.0535 2936 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:59:51.0535 2936 Gpc - ok
16:59:51.0707 2936 HidCom (50302c11ddd22215626aa8b5e85f08fb) C:\WINDOWS\system32\DRIVERS\BdHidCom.sys
16:59:51.0707 2936 HidCom - ok
16:59:51.0863 2936 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
16:59:51.0863 2936 HidIr - ok
16:59:52.0019 2936 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:59:52.0019 2936 HidUsb - ok
16:59:52.0175 2936 hpn - ok
16:59:52.0316 2936 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:59:52.0316 2936 HPZid412 - ok
16:59:52.0457 2936 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:59:52.0472 2936 HPZipr12 - ok
16:59:52.0644 2936 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:59:52.0644 2936 HPZius12 - ok
16:59:52.0800 2936 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:59:52.0800 2936 HTTP - ok
16:59:52.0925 2936 i2omgmt - ok
16:59:53.0035 2936 i2omp - ok
16:59:53.0191 2936 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:59:53.0191 2936 i8042prt - ok
16:59:53.0347 2936 ialm (b076eb745ec3c669d4ae953225366f1d) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:59:53.0347 2936 ialm - ok
16:59:53.0550 2936 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:59:53.0550 2936 Imapi - ok
16:59:53.0707 2936 ini910u - ok
16:59:53.0894 2936 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
16:59:53.0894 2936 IntelIde - ok
16:59:54.0050 2936 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:59:54.0050 2936 intelppm - ok
16:59:54.0222 2936 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:59:54.0222 2936 ip6fw - ok
16:59:54.0550 2936 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:59:54.0550 2936 IpFilterDriver - ok
16:59:54.0785 2936 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:59:54.0800 2936 IpInIp - ok
16:59:54.0957 2936 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:59:54.0957 2936 IpNat - ok
16:59:55.0129 2936 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:59:55.0129 2936 IPSec - ok
16:59:55.0269 2936 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
16:59:55.0285 2936 IrBus - ok
16:59:55.0410 2936 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:59:55.0425 2936 IRENUM - ok
16:59:55.0613 2936 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:59:55.0629 2936 isapnp - ok
16:59:55.0785 2936 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
16:59:55.0785 2936 Iviaspi - ok
16:59:55.0957 2936 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:59:55.0957 2936 Kbdclass - ok
16:59:56.0097 2936 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:59:56.0097 2936 kbdhid - ok
16:59:56.0269 2936 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:59:56.0269 2936 kmixer - ok
16:59:56.0441 2936 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:59:56.0441 2936 KSecDD - ok
16:59:56.0613 2936 lbrtfdc - ok
16:59:56.0832 2936 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
16:59:56.0832 2936 ltmodem5 - ok
16:59:57.0004 2936 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:59:57.0004 2936 mnmdd - ok
16:59:57.0175 2936 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:59:57.0175 2936 Modem - ok
16:59:57.0332 2936 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:59:57.0332 2936 Mouclass - ok
16:59:57.0488 2936 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:59:57.0488 2936 mouhid - ok
16:59:57.0660 2936 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:59:57.0660 2936 MountMgr - ok
16:59:57.0863 2936 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:59:57.0879 2936 MpFilter - ok
16:59:57.0957 2936 MpKsl00f9383a - ok
16:59:57.0988 2936 MpKsl18d1653b - ok
16:59:58.0004 2936 MpKsl270bd62d - ok
16:59:58.0035 2936 MpKsl41b40909 - ok
16:59:58.0050 2936 MpKsl657b5787 - ok
16:59:58.0082 2936 MpKsl65888894 - ok
16:59:58.0097 2936 MpKsl670a56ac - ok
16:59:58.0129 2936 MpKsl77223706 - ok
16:59:58.0191 2936 MpKsl7d82caec (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKsl7d82caec.sys
16:59:58.0191 2936 MpKsl7d82caec - ok
16:59:58.0207 2936 MpKsl80889e0e - ok
16:59:58.0222 2936 MpKsl82022988 - ok
16:59:58.0254 2936 MpKsl900ce35f - ok
16:59:58.0269 2936 MpKsl97463d76 - ok
16:59:58.0300 2936 MpKsla64cc5a6 - ok
16:59:58.0316 2936 MpKslc242287c - ok
16:59:58.0332 2936 MpKslc3cfb65c - ok
16:59:58.0379 2936 MpKslc44d95fc - ok
16:59:58.0394 2936 MpKslcfe8629b - ok
16:59:58.0425 2936 MpKsld0c3b2d3 - ok
16:59:58.0472 2936 MpKsld9fe4884 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKsld9fe4884.sys
16:59:58.0472 2936 MpKsld9fe4884 - ok
16:59:58.0504 2936 MpKsle16118fb - ok
16:59:58.0535 2936 MpKsle1868d84 - ok
16:59:58.0582 2936 MpKslf8aeaf35 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKslf8aeaf35.sys
16:59:58.0613 2936 MpKslf8aeaf35 - ok
16:59:58.0644 2936 MpKslfceee1bd - ok
16:59:58.0675 2936 MpKslfd546ba9 - ok
16:59:58.0800 2936 mraid35x - ok
16:59:58.0972 2936 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:59:58.0972 2936 MRxDAV - ok
16:59:59.0160 2936 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:59:59.0207 2936 MRxSmb - ok
16:59:59.0394 2936 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:59:59.0394 2936 Msfs - ok
16:59:59.0566 2936 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:59:59.0566 2936 MSKSSRV - ok
16:59:59.0707 2936 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:59:59.0722 2936 MSPCLOCK - ok
16:59:59.0863 2936 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:59:59.0863 2936 MSPQM - ok
17:00:00.0035 2936 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:00:00.0050 2936 mssmbios - ok
17:00:00.0191 2936 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:00:00.0191 2936 MSTEE - ok
17:00:00.0347 2936 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
17:00:00.0347 2936 ms_mpu401 - ok
17:00:00.0504 2936 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:00:00.0519 2936 Mup - ok
17:00:00.0675 2936 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:00:00.0675 2936 NABTSFEC - ok
17:00:00.0847 2936 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:00:00.0847 2936 NDIS - ok
17:00:01.0004 2936 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:00:01.0004 2936 NdisIP - ok
17:00:01.0160 2936 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:00:01.0175 2936 NdisTapi - ok
17:00:01.0332 2936 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:00:01.0332 2936 Ndisuio - ok
17:00:01.0504 2936 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:00:01.0504 2936 NdisWan - ok
17:00:01.0644 2936 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:00:01.0644 2936 NDProxy - ok
17:00:01.0816 2936 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:00:01.0816 2936 NetBIOS - ok
17:00:01.0988 2936 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:00:01.0988 2936 NetBT - ok
17:00:02.0207 2936 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:00:02.0207 2936 NIC1394 - ok
17:00:02.0394 2936 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:00:02.0410 2936 Npfs - ok
17:00:02.0582 2936 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:00:02.0613 2936 Ntfs - ok
17:00:02.0816 2936 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
17:00:02.0816 2936 NuidFltr - ok
17:00:02.0972 2936 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:00:02.0988 2936 Null - ok
17:00:03.0222 2936 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:00:03.0285 2936 nv - ok
17:00:03.0425 2936 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:00:03.0425 2936 NwlnkFlt - ok
17:00:03.0582 2936 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:00:03.0582 2936 NwlnkFwd - ok
17:00:03.0754 2936 OADevice (57b641cd45e3dbd784aba7174724f4e0) C:\WINDOWS\system32\drivers\OADriver.sys
17:00:03.0863 2936 OADevice - ok
17:00:04.0035 2936 OAmon (f21b332dab65c9601267d8fc8c04899b) C:\WINDOWS\system32\drivers\OAmon.sys
17:00:04.0050 2936 OAmon - ok
17:00:04.0207 2936 OAnet (5577a7f637f02621cb643f0f470872fc) C:\WINDOWS\system32\drivers\OAnet.sys
17:00:04.0222 2936 OAnet - ok
17:00:04.0394 2936 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:00:04.0394 2936 ohci1394 - ok
17:00:04.0519 2936 omoecx - ok
17:00:04.0691 2936 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
17:00:04.0691 2936 PalmUSBD - ok
17:00:04.0847 2936 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:00:04.0847 2936 Parport - ok
17:00:05.0004 2936 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:00:05.0004 2936 PartMgr - ok
17:00:05.0175 2936 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:00:05.0191 2936 ParVdm - ok
17:00:05.0363 2936 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
17:00:05.0363 2936 pavboot - ok
17:00:05.0519 2936 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:00:05.0519 2936 PCI - ok
17:00:05.0660 2936 PCIDump - ok
17:00:05.0800 2936 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:00:05.0816 2936 PCIIde - ok
17:00:05.0972 2936 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:00:05.0972 2936 Pcmcia - ok
17:00:06.0113 2936 PDCOMP - ok
17:00:06.0238 2936 PDFRAME - ok
17:00:06.0363 2936 PDRELI - ok
17:00:06.0488 2936 PDRFRAME - ok
17:00:06.0613 2936 perc2 - ok
17:00:06.0738 2936 perc2hib - ok
17:00:06.0941 2936 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
17:00:06.0972 2936 pfc - ok
17:00:07.0144 2936 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
17:00:07.0144 2936 Point32 - ok
17:00:07.0316 2936 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:00:07.0316 2936 PptpMiniport - ok
17:00:07.0472 2936 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:00:07.0472 2936 Processor - ok
17:00:07.0629 2936 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
17:00:07.0644 2936 Ps2 - ok
17:00:07.0832 2936 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
17:00:07.0847 2936 PSI - ok
17:00:08.0144 2936 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:00:08.0160 2936 Ptilink - ok
17:00:08.0316 2936 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:00:08.0316 2936 PxHelp20 - ok
17:00:08.0472 2936 ql1080 - ok
17:00:08.0629 2936 Ql10wnt - ok
17:00:08.0754 2936 ql12160 - ok
17:00:08.0894 2936 ql1240 - ok
17:00:09.0066 2936 ql1280 - ok
17:00:09.0222 2936 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:00:09.0222 2936 RasAcd - ok
17:00:09.0394 2936 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:00:09.0394 2936 Rasl2tp - ok
17:00:09.0550 2936 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:00:09.0550 2936 RasPppoe - ok
17:00:09.0722 2936 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:00:09.0722 2936 Raspti - ok
17:00:09.0910 2936 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:00:09.0910 2936 Rdbss - ok
17:00:10.0066 2936 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:00:10.0066 2936 RDPCDD - ok
17:00:10.0254 2936 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:00:10.0254 2936 rdpdr - ok
17:00:10.0410 2936 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:00:10.0425 2936 RDPWD - ok
17:00:10.0629 2936 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:00:10.0629 2936 redbook - ok
17:00:10.0785 2936 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
17:00:10.0785 2936 regi - ok
17:00:11.0019 2936 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
17:00:11.0019 2936 RTL8023xp - ok
17:00:11.0160 2936 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
17:00:11.0160 2936 rtl8139 - ok
17:00:11.0238 2936 SABProcEnum - ok
17:00:11.0300 2936 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:00:11.0316 2936 SASDIFSV - ok
17:00:11.0347 2936 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
17:00:11.0347 2936 SASENUM - ok
17:00:11.0410 2936 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
17:00:11.0410 2936 SASKUTIL - ok
17:00:11.0629 2936 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:00:11.0629 2936 Secdrv - ok
17:00:11.0816 2936 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:00:11.0816 2936 serenum - ok
17:00:11.0988 2936 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:00:11.0988 2936 Serial - ok
17:00:12.0207 2936 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:00:12.0207 2936 Sfloppy - ok
17:00:12.0363 2936 Simbad - ok
17:00:12.0504 2936 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:00:12.0504 2936 SLIP - ok
17:00:12.0707 2936 Sparrow - ok
17:00:12.0847 2936 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:00:12.0847 2936 splitter - ok
17:00:13.0019 2936 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:00:13.0019 2936 sr - ok
17:00:13.0222 2936 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:00:13.0238 2936 Srv - ok
17:00:13.0425 2936 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:00:13.0425 2936 streamip - ok
17:00:13.0566 2936 SunkFilt (2087b202cfe8a2f8a59cecfffbec58d5) C:\WINDOWS\System32\Drivers\sunkfilt.sys
17:00:13.0597 2936 SunkFilt - ok
17:00:13.0754 2936 Sunkfiltp - ok
17:00:13.0941 2936 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:00:13.0941 2936 swenum - ok
17:00:14.0097 2936 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:00:14.0097 2936 swmidi - ok
17:00:14.0285 2936 symc810 - ok
17:00:14.0394 2936 symc8xx - ok
17:00:14.0519 2936 sym_hi - ok
17:00:14.0644 2936 sym_u3 - ok
17:00:14.0847 2936 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:00:14.0847 2936 sysaudio - ok
17:00:14.0972 2936 SysProtDrv.sys - ok
17:00:15.0175 2936 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:00:15.0191 2936 Tcpip - ok
17:00:15.0347 2936 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:00:15.0347 2936 TDPIPE - ok
17:00:15.0488 2936 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:00:15.0488 2936 TDTCP - ok
17:00:15.0660 2936 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:00:15.0660 2936 TermDD - ok
17:00:15.0863 2936 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
17:00:15.0863 2936 tmcomm - ok
17:00:16.0004 2936 TosIde - ok
17:00:16.0175 2936 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:00:16.0175 2936 Udfs - ok
17:00:16.0332 2936 ultra - ok
17:00:16.0504 2936 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:00:16.0535 2936 Update - ok
17:00:16.0722 2936 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:00:16.0738 2936 usbaudio - ok
17:00:16.0894 2936 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:00:16.0910 2936 usbccgp - ok
17:00:17.0066 2936 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:00:17.0066 2936 usbehci - ok
17:00:17.0222 2936 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:00:17.0222 2936 usbhub - ok
17:00:17.0379 2936 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:00:17.0379 2936 usbprint - ok
17:00:17.0535 2936 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:00:17.0535 2936 usbscan - ok
17:00:17.0707 2936 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:00:17.0707 2936 USBSTOR - ok
17:00:17.0863 2936 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:00:17.0863 2936 usbuhci - ok
17:00:18.0019 2936 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:00:18.0019 2936 VgaSave - ok
17:00:18.0175 2936 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
17:00:18.0175 2936 ViaIde - ok
17:00:18.0316 2936 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:00:18.0316 2936 VolSnap - ok
17:00:18.0535 2936 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:00:18.0535 2936 Wanarp - ok
17:00:18.0675 2936 wanatw - ok
17:00:18.0863 2936 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:00:18.0879 2936 Wdf01000 - ok
17:00:19.0019 2936 WDICA - ok
17:00:19.0160 2936 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:00:19.0160 2936 wdmaud - ok
17:00:19.0504 2936 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:00:19.0504 2936 WpdUsb - ok
17:00:19.0660 2936 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:00:19.0660 2936 WS2IFSL - ok
17:00:19.0847 2936 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:00:19.0847 2936 WSTCODEC - ok
17:00:20.0050 2936 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
17:00:20.0050 2936 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
17:00:20.0207 2936 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
17:00:20.0207 2936 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
17:00:20.0238 2936 MBR (0x1B8) (8cc68602644010dfdb2a22cb60ddf258) \Device\Harddisk0\DR0
17:00:20.0238 2936 \Device\Harddisk0\DR0 - ok
17:00:20.0254 2936 Boot (0x1200) (08962e3c828933f501f2e1a7691d2ca1) \Device\Harddisk0\DR0\Partition0
17:00:20.0254 2936 \Device\Harddisk0\DR0\Partition0 - ok
17:00:20.0269 2936 Boot (0x1200) (deae0bc0d56ba40c4734ddb2d97a2a02) \Device\Harddisk0\DR0\Partition1
17:00:20.0269 2936 \Device\Harddisk0\DR0\Partition1 - ok
17:00:20.0269 2936 ============================================================
17:00:20.0269 2936 Scan finished
17:00:20.0269 2936 ============================================================
17:00:20.0316 2200 Detected object count: 0
17:00:20.0316 2200 Actual detected object count: 0
17:00:39.0800 1056 ============================================================
17:00:39.0800 1056 Scan started
17:00:39.0800 1056 Mode: Manual; SigCheck; TDLFS;
17:00:39.0800 1056 ============================================================
17:00:40.0332 1056 Abiosdsk - ok
17:00:40.0441 1056 abp480n5 - ok
17:00:40.0582 1056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:00:42.0519 1056 ACPI - ok
17:00:42.0660 1056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:00:42.0894 1056 ACPIEC - ok
17:00:43.0019 1056 adpu160m - ok
17:00:43.0175 1056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:00:43.0425 1056 aec - ok
17:00:43.0582 1056 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
17:00:43.0675 1056 AFD - ok
17:00:43.0832 1056 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
17:00:43.0910 1056 AFS2K - ok
17:00:44.0066 1056 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:00:44.0300 1056 agp440 - ok
17:00:44.0441 1056 Aha154x - ok
17:00:44.0550 1056 aic78u2 - ok
17:00:44.0660 1056 aic78xx - ok
17:00:44.0894 1056 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:00:45.0050 1056 ALCXWDM - ok
17:00:45.0191 1056 AliIde - ok
17:00:45.0316 1056 amsint - ok
17:00:45.0472 1056 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:00:45.0738 1056 Arp1394 - ok
17:00:45.0863 1056 asc - ok
17:00:45.0988 1056 asc3350p - ok
17:00:46.0113 1056 asc3550 - ok
17:00:46.0316 1056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:00:46.0550 1056 AsyncMac - ok
17:00:46.0707 1056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:00:46.0988 1056 atapi - ok
17:00:47.0129 1056 Atdisk - ok
17:00:47.0316 1056 ati2mtag (7182bf0f2a392d48e4aa732b970aac9c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:00:47.0519 1056 ati2mtag - ok
17:00:47.0691 1056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:00:47.0957 1056 Atmarpc - ok
17:00:48.0129 1056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:00:48.0332 1056 audstub - ok
17:00:48.0488 1056 azt2320 (73c5a32199187c780abb93090cf068f1) C:\WINDOWS\system32\drivers\aztw2320.sys
17:00:48.0722 1056 azt2320 - ok
17:00:48.0894 1056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:00:49.0129 1056 Beep - ok
17:00:49.0254 1056 catchme - ok
17:00:49.0410 1056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:00:49.0660 1056 cbidf2k - ok
17:00:49.0800 1056 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:00:50.0035 1056 CCDECODE - ok
17:00:50.0160 1056 cd20xrnt - ok
17:00:50.0285 1056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:00:50.0550 1056 Cdaudio - ok
17:00:50.0707 1056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:00:50.0957 1056 Cdfs - ok
17:00:51.0129 1056 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:00:51.0238 1056 Cdrom - ok
17:00:51.0379 1056 Changer - ok
17:00:51.0550 1056 CmdIde - ok
17:00:51.0707 1056 Cpqarray - ok
17:00:51.0863 1056 CX23880 (2d0823367d535d8b5f88ada609d7a305) C:\WINDOWS\system32\drivers\cx88vid.sys
17:00:51.0988 1056 CX23880 - ok
17:00:52.0144 1056 CX88ENC (87befc829316a34c99cd95dbbf26398b) C:\WINDOWS\system32\drivers\cx88enc.sys
17:00:52.0238 1056 CX88ENC - ok
17:00:52.0394 1056 CX88XBAR (23474ae80bfc2769bbecc8ab9e9cafe5) C:\WINDOWS\system32\drivers\CX88XBARDUAL.sys
17:00:52.0457 1056 CX88XBAR - ok
17:00:52.0816 1056 CXTUNE (80527a04734d170b993fe84b5715cfae) C:\WINDOWS\system32\drivers\CX88TUNE.sys
17:00:52.0972 1056 CXTUNE - ok
17:00:53.0097 1056 dac2w2k - ok
17:00:53.0222 1056 dac960nt - ok
17:00:53.0410 1056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:00:53.0660 1056 Disk - ok
17:00:53.0863 1056 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:00:54.0129 1056 dmboot - ok
17:00:54.0285 1056 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:00:54.0535 1056 dmio - ok
17:00:54.0707 1056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:00:54.0925 1056 dmload - ok
17:00:55.0082 1056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:00:55.0316 1056 DMusic - ok
17:00:55.0472 1056 dpti2o - ok
17:00:55.0613 1056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:00:55.0816 1056 drmkaud - ok
17:00:56.0035 1056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:00:56.0254 1056 Fastfat - ok
17:00:56.0441 1056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:00:56.0675 1056 Fdc - ok
17:00:56.0816 1056 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:00:57.0066 1056 Fips - ok
17:00:57.0222 1056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:00:57.0441 1056 Flpydisk - ok
17:00:57.0644 1056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:00:57.0894 1056 FltMgr - ok
17:00:58.0066 1056 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
17:00:58.0129 1056 fssfltr - ok
17:00:58.0285 1056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:00:58.0519 1056 Fs_Rec - ok
17:00:58.0675 1056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:00:58.0925 1056 Ftdisk - ok
17:00:59.0066 1056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:00:59.0113 1056 GEARAspiWDM - ok
17:00:59.0285 1056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:00:59.0535 1056 Gpc - ok
17:00:59.0707 1056 HidCom (50302c11ddd22215626aa8b5e85f08fb) C:\WINDOWS\system32\DRIVERS\BdHidCom.sys
17:00:59.0800 1056 HidCom - ok
17:00:59.0925 1056 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
17:01:00.0144 1056 HidIr - ok
17:01:00.0300 1056 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:01:00.0535 1056 HidUsb - ok
17:01:00.0675 1056 hpn - ok
17:01:00.0832 1056 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:01:00.0957 1056 HPZid412 - ok
17:01:01.0113 1056 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:01:01.0207 1056 HPZipr12 - ok
17:01:01.0347 1056 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:01:01.0425 1056 HPZius12 - ok
17:01:01.0582 1056 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:01:01.0722 1056 HTTP - ok
17:01:01.0894 1056 i2omgmt - ok
17:01:02.0019 1056 i2omp - ok
17:01:02.0160 1056 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:01:02.0410 1056 i8042prt - ok
17:01:02.0550 1056 ialm (b076eb745ec3c669d4ae953225366f1d) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:01:02.0863 1056 ialm - ok
17:01:03.0050 1056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:01:03.0285 1056 Imapi - ok
17:01:03.0441 1056 ini910u - ok
17:01:03.0597 1056 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
17:01:03.0800 1056 IntelIde - ok
17:01:03.0957 1056 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:01:04.0160 1056 intelppm - ok
17:01:04.0332 1056 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:01:04.0566 1056 ip6fw - ok
17:01:04.0722 1056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:01:04.0972 1056 IpFilterDriver - ok
17:01:05.0113 1056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:01:05.0332 1056 IpInIp - ok
17:01:05.0519 1056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:01:05.0738 1056 IpNat - ok
17:01:05.0879 1056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:01:06.0113 1056 IPSec - ok
17:01:06.0285 1056 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
17:01:06.0535 1056 IrBus - ok
17:01:06.0675 1056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:01:06.0879 1056 IRENUM - ok
17:01:07.0066 1056 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:01:07.0300 1056 isapnp - ok
17:01:07.0441 1056 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
17:01:07.0488 1056 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
17:01:07.0488 1056 Iviaspi - detected UnsignedFile.Multi.Generic (1)
17:01:07.0660 1056 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:01:07.0879 1056 Kbdclass - ok
17:01:08.0035 1056 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:01:08.0254 1056 kbdhid - ok
17:01:08.0425 1056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:01:08.0644 1056 kmixer - ok
17:01:08.0816 1056 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:01:08.0957 1056 KSecDD - ok
17:01:09.0113 1056 lbrtfdc - ok
17:01:09.0316 1056 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
17:01:09.0457 1056 ltmodem5 - ok
17:01:09.0660 1056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:01:09.0894 1056 mnmdd - ok
17:01:10.0066 1056 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:01:10.0300 1056 Modem - ok
17:01:10.0457 1056 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:01:10.0769 1056 Mouclass - ok
17:01:10.0910 1056 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:01:11.0144 1056 mouhid - ok
17:01:11.0300 1056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:01:11.0550 1056 MountMgr - ok
17:01:11.0707 1056 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:01:11.0800 1056 MpFilter - ok
17:01:11.0863 1056 MpKsl00f9383a - ok
17:01:11.0894 1056 MpKsl18d1653b - ok
17:01:11.0925 1056 MpKsl270bd62d - ok
17:01:11.0941 1056 MpKsl41b40909 - ok
17:01:11.0972 1056 MpKsl657b5787 - ok
17:01:11.0988 1056 MpKsl65888894 - ok
17:01:12.0019 1056 MpKsl670a56ac - ok
17:01:12.0035 1056 MpKsl77223706 - ok
17:01:12.0097 1056 MpKsl7d82caec (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKsl7d82caec.sys
17:01:12.0175 1056 MpKsl7d82caec - ok
17:01:12.0191 1056 MpKsl80889e0e - ok
17:01:12.0222 1056 MpKsl82022988 - ok
17:01:12.0238 1056 MpKsl900ce35f - ok
17:01:12.0254 1056 MpKsl97463d76 - ok
17:01:12.0285 1056 MpKsla64cc5a6 - ok
17:01:12.0300 1056 MpKslc242287c - ok
17:01:12.0316 1056 MpKslc3cfb65c - ok
17:01:12.0347 1056 MpKslc44d95fc - ok
17:01:12.0363 1056 MpKslcfe8629b - ok
17:01:12.0394 1056 MpKsld0c3b2d3 - ok
17:01:12.0441 1056 MpKsld9fe4884 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKsld9fe4884.sys
17:01:12.0488 1056 MpKsld9fe4884 - ok
17:01:12.0504 1056 MpKsle16118fb - ok
17:01:12.0535 1056 MpKsle1868d84 - ok
17:01:12.0582 1056 MpKslf8aeaf35 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKslf8aeaf35.sys
17:01:12.0629 1056 MpKslf8aeaf35 - ok
17:01:12.0644 1056 MpKslfceee1bd - ok
17:01:12.0675 1056 MpKslfd546ba9 - ok
17:01:12.0800 1056 mraid35x - ok
17:01:12.0957 1056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:01:13.0175 1056 MRxDAV - ok
17:01:13.0347 1056 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:01:13.0504 1056 MRxSmb - ok
17:01:13.0722 1056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:01:13.0925 1056 Msfs - ok
17:01:14.0082 1056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:01:14.0285 1056 MSKSSRV - ok
17:01:14.0441 1056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:01:14.0644 1056 MSPCLOCK - ok
17:01:14.0816 1056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:01:15.0019 1056 MSPQM - ok
17:01:15.0175 1056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:01:15.0410 1056 mssmbios - ok
17:01:15.0550 1056 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:01:15.0769 1056 MSTEE - ok
17:01:15.0910 1056 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
17:01:16.0144 1056 ms_mpu401 - ok
17:01:16.0316 1056 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:01:16.0425 1056 Mup - ok
17:01:16.0597 1056 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:01:16.0832 1056 NABTSFEC - ok
17:01:16.0988 1056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:01:17.0238 1056 NDIS - ok
17:01:17.0379 1056 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:01:17.0582 1056 NdisIP - ok
17:01:17.0738 1056 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:01:17.0800 1056 NdisTapi - ok
17:01:17.0957 1056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:01:18.0175 1056 Ndisuio - ok
17:01:18.0332 1056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:01:18.0597 1056 NdisWan - ok
17:01:18.0754 1056 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:01:18.0832 1056 NDProxy - ok
17:01:18.0988 1056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:01:19.0207 1056 NetBIOS - ok
17:01:19.0379 1056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:01:19.0629 1056 NetBT - ok
17:01:19.0847 1056 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:01:20.0097 1056 NIC1394 - ok
17:01:20.0269 1056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:01:20.0488 1056 Npfs - ok
17:01:20.0691 1056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:01:20.0925 1056 Ntfs - ok
17:01:21.0129 1056 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
17:01:21.0160 1056 NuidFltr - ok
17:01:21.0332 1056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:01:21.0535 1056 Null - ok
17:01:21.0754 1056 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:01:22.0050 1056 nv - ok
17:01:22.0207 1056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:01:22.0441 1056 NwlnkFlt - ok
17:01:22.0629 1056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:01:22.0863 1056 NwlnkFwd - ok
17:01:23.0035 1056 OADevice (57b641cd45e3dbd784aba7174724f4e0) C:\WINDOWS\system32\drivers\OADriver.sys
17:01:23.0207 1056 OADevice - ok
17:01:23.0363 1056 OAmon (f21b332dab65c9601267d8fc8c04899b) C:\WINDOWS\system32\drivers\OAmon.sys
17:01:23.0410 1056 OAmon - ok
17:01:23.0582 1056 OAnet (5577a7f637f02621cb643f0f470872fc) C:\WINDOWS\system32\drivers\OAnet.sys
17:01:23.0613 1056 OAnet - ok
17:01:23.0754 1056 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:01:24.0004 1056 ohci1394 - ok
17:01:24.0129 1056 omoecx - ok
17:01:24.0300 1056 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
17:01:24.0379 1056 PalmUSBD - ok
17:01:24.0535 1056 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:01:24.0800 1056 Parport - ok
17:01:24.0941 1056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:01:25.0144 1056 PartMgr - ok
17:01:25.0300 1056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:01:25.0519 1056 ParVdm - ok
17:01:25.0675 1056 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
17:01:25.0722 1056 pavboot - ok
17:01:25.0879 1056 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:01:26.0113 1056 PCI - ok
17:01:26.0254 1056 PCIDump - ok
17:01:26.0394 1056 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:01:26.0597 1056 PCIIde - ok
17:01:26.0738 1056 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:01:26.0972 1056 Pcmcia - ok
17:01:27.0097 1056 PDCOMP - ok
17:01:27.0238 1056 PDFRAME - ok
17:01:27.0347 1056 PDRELI - ok
17:01:27.0488 1056 PDRFRAME - ok
17:01:27.0613 1056 perc2 - ok
17:01:27.0738 1056 perc2hib - ok
17:01:27.0910 1056 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
17:01:27.0957 1056 pfc ( UnsignedFile.Multi.Generic ) - warning
17:01:27.0957 1056 pfc - detected UnsignedFile.Multi.Generic (1)
17:01:28.0144 1056 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
17:01:28.0222 1056 Point32 - ok
17:01:28.0379 1056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:01:28.0660 1056 PptpMiniport - ok
17:01:28.0800 1056 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:01:29.0019 1056 Processor - ok
17:01:29.0191 1056 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
17:01:29.0285 1056 Ps2 - ok
17:01:29.0441 1056 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
17:01:29.0488 1056 PSI ( UnsignedFile.Multi.Generic ) - warning
17:01:29.0488 1056 PSI - detected UnsignedFile.Multi.Generic (1)
17:01:29.0660 1056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:01:29.0879 1056 Ptilink - ok
17:01:30.0050 1056 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:01:30.0097 1056 PxHelp20 - ok
17:01:30.0222 1056 ql1080 - ok
17:01:30.0347 1056 Ql10wnt - ok
17:01:30.0472 1056 ql12160 - ok
17:01:30.0613 1056 ql1240 - ok
17:01:30.0754 1056 ql1280 - ok
17:01:30.0925 1056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:01:31.0144 1056 RasAcd - ok
17:01:31.0316 1056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:01:31.0566 1056 Rasl2tp - ok
17:01:31.0738 1056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:01:31.0988 1056 RasPppoe - ok
17:01:32.0144 1056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:01:32.0363 1056 Raspti - ok
17:01:32.0519 1056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:01:32.0754 1056 Rdbss - ok
17:01:32.0925 1056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:01:33.0129 1056 RDPCDD - ok
17:01:33.0300 1056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:01:33.0566 1056 rdpdr - ok
17:01:33.0738 1056 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:01:33.0863 1056 RDPWD - ok
17:01:34.0050 1056 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:01:34.0285 1056 redbook - ok
17:01:34.0613 1056 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
17:01:34.0644 1056 regi - ok
17:01:34.0847 1056 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
17:01:35.0019 1056 RTL8023xp - ok
17:01:35.0160 1056 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
17:01:35.0254 1056 rtl8139 - ok
17:01:35.0332 1056 SABProcEnum - ok
17:01:35.0394 1056 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:01:35.0472 1056 SASDIFSV - ok
17:01:35.0535 1056 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
17:01:35.0550 1056 SASENUM - ok
17:01:35.0629 1056 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
17:01:35.0675 1056 SASKUTIL - ok
17:01:35.0847 1056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:01:36.0050 1056 Secdrv - ok
17:01:36.0238 1056 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:01:36.0441 1056 serenum - ok
17:01:36.0613 1056 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:01:36.0894 1056 Serial - ok
17:01:37.0113 1056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:01:37.0316 1056 Sfloppy - ok
17:01:37.0472 1056 Simbad - ok
17:01:37.0629 1056 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:01:37.0847 1056 SLIP - ok
17:01:38.0035 1056 Sparrow - ok
17:01:38.0191 1056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:01:38.0410 1056 splitter - ok
17:01:38.0597 1056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:01:38.0863 1056 sr - ok
17:01:39.0050 1056 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:01:39.0144 1056 Srv - ok
17:01:39.0332 1056 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:01:39.0550 1056 streamip - ok
17:01:39.0707 1056 SunkFilt (2087b202cfe8a2f8a59cecfffbec58d5) C:\WINDOWS\System32\Drivers\sunkfilt.sys
17:01:39.0754 1056 SunkFilt ( UnsignedFile.Multi.Generic ) - warning
17:01:39.0754 1056 SunkFilt - detected UnsignedFile.Multi.Generic (1)
17:01:39.0894 1056 Sunkfiltp - ok
17:01:40.0050 1056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:01:40.0254 1056 swenum - ok
17:01:40.0410 1056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:01:40.0660 1056 swmidi - ok
17:01:40.0816 1056 symc810 - ok
17:01:40.0925 1056 symc8xx - ok
17:01:41.0066 1056 sym_hi - ok
17:01:41.0175 1056 sym_u3 - ok
-
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)
•Double-click on MBRCheck.exe to run it.
•It will open a black window...please do not fix anything (if it gives you an option).
•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
-
Dave,
Here is the log, but just as an FYI when I try to shut off the computer it doesn't do it 100% of the time but maybe 70% of the time. A box will pop up that says " RUNDLL32.exe " not responding will shut down in so many seconds. Sometimes when the computer is running very slow and I look at the process' running there will be up to 3 of these rundll32.exe running. Not sure if this helps you or not?
Log:
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fd
Kernel Drivers (total 152):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798B000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7717000 pavboot.sys
0xF7617000 VolSnap.sys
0xF749A000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF747A000 fltmgr.sys
0xF7468000 sr.sys
0xF7647000 PxHelp20.sys
0xF7451000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7424000 NDIS.sys
0xF7657000 ohci1394.sys
0xF7667000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xBA7E6000 Mup.sys
0xF7677000 agp440.sys
0xF76A7000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xB9E67000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB99C0000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xB99AC000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF77EF000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB9988000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF77F7000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB9958000 \SystemRoot\system32\drivers\cx88vid.sys
0xB9E57000 \SystemRoot\system32\drivers\STREAM.SYS
0xB9935000 \SystemRoot\system32\drivers\ks.sys
0xB98EC000 \SystemRoot\system32\drivers\cx88enc.sys
0xB9851000 \SystemRoot\System32\DRIVERS\ltmdmnt.sys
0xF77FF000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9831000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xB9E47000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA712000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7807000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB981D000 \SystemRoot\System32\DRIVERS\parport.sys
0xB9E37000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA70E000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA70A000 \SystemRoot\system32\drivers\pfc.sys
0xB9E27000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xB9E17000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB9E07000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF780F000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xB95F0000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB95CC000 \SystemRoot\system32\drivers\portcls.sys
0xF76B7000 \SystemRoot\system32\drivers\drmk.sys
0xF7A7B000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF76D7000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA6FE000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB95B5000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF76E7000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF76F7000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7817000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF781F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7727000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB9585000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7587000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF774F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7757000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF79B5000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB94D7000 \SystemRoot\System32\DRIVERS\update.sys
0xBA6E6000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7577000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7527000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79B9000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF775F000 \SystemRoot\system32\drivers\CX88TUNE.sys
0xF79BD000 \SystemRoot\system32\drivers\CX88XBARDUAL.sys
0xF7767000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xAB371000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7787000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF7A05000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AAA000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A07000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7797000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF779F000 \SystemRoot\System32\drivers\vga.sys
0xF7A09000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF798D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77A7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77AF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9494000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xBA7B6000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
0xAB33E000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xBA7A6000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xAB2E5000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF77B7000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
0xAB2BF000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xAB297000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA796000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xAB24D000 \SystemRoot\System32\drivers\afd.sys
0xBA786000 \SystemRoot\System32\DRIVERS\netbios.sys
0xBA766000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xAB22B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF77BF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAB1B0000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xAB167000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
0xAB0F7000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF77CF000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKsld9fe4884.sys
0xBA756000 \SystemRoot\System32\Drivers\Fips.SYS
0xAB0D3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAD3A4000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF77DF000 \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
0xF77E7000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xB9B75000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xB957D000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF7923000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xB9575000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xB1450000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xAAF90000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF793F000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB956D000 \SystemRoot\system32\DRIVERS\point32.sys
0xAAF78000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79E9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAD3AC000 \SystemRoot\System32\drivers\Dxapi.sys
0xB9545000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A89000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF071000 \SystemRoot\System32\ati3d2ag.dll
0xBF16F000 \SystemRoot\System32\ATMFD.DLL
0xB1420000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xAAEF8000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xAB0C3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA9FB000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF79ED000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAAD88000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xAA6E6000 \SystemRoot\System32\DRIVERS\srv.sys
0xF79FB000 \SystemRoot\system32\drivers\regi.sys
0xAA599000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xAB223000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7273E013-1E81-4B00-A83F-9B9FA3AF065E}\MpKslf8aeaf35.sys
0xAA05C000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA1C9000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9FCD000 \SystemRoot\System32\Drivers\HTTP.sys
0xAA694000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0xA9B0A000 \??\C:\DOCUME~1\SEANAN~1\LOCALS~1\Temp\aswMBR.sys
0xAAC04000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAA349000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{849E6A6F-918C-459F-8BDB-FADF483005D2}\MpKslc9f6e492.sys
0xA8CDE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 49):
0 System Idle Process
4 System
424 C:\WINDOWS\system32\smss.exe
504 csrss.exe
528 C:\WINDOWS\system32\winlogon.exe
572 C:\WINDOWS\system32\services.exe
584 C:\WINDOWS\system32\lsass.exe
764 C:\WINDOWS\system32\ati2evxx.exe
780 C:\WINDOWS\system32\svchost.exe
832 svchost.exe
936 C:\WINDOWS\system32\svchost.exe
1020 svchost.exe
1080 svchost.exe
1204 C:\Program Files\Tall Emu\Online Armor\oacat.exe
1332 C:\Program Files\Tall Emu\Online Armor\oasrv.exe
1684 C:\WINDOWS\system32\spoolsv.exe
1908 svchost.exe
128 C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
480 C:\WINDOWS\eHome\ehsched.exe
980 C:\WINDOWS\system32\inetsrv\inetinfo.exe
1456 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1996 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
324 C:\Program Files\Java\jre6\bin\jqs.exe
1108 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2004 C:\WINDOWS\system32\snmp.exe
2176 C:\WINDOWS\system32\svchost.exe
2564 wdfmgr.exe
2708 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2924 C:\WINDOWS\system32\searchindexer.exe
3940 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
496 alg.exe
1028 C:\WINDOWS\system32\svchost.exe
2412 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
3288 C:\WINDOWS\system32\dllhost.exe
2220 C:\WINDOWS\system32\inetsrv\davcdata.exe
492 C:\WINDOWS\explorer.exe
2212 C:\Program Files\Tall Emu\Online Armor\oaui.exe
3708 C:\Program Files\Microsoft Security Client\msseces.exe
4068 C:\Program Files\Common Files\Java\Java Update\jusched.exe
188 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1288 C:\WINDOWS\system32\ctfmon.exe
2652 C:\Program Files\Tall Emu\Online Armor\oahlp.exe
1656 C:\Program Files\Secunia\PSI\psi.exe
1152 C:\Program Files\Internet Explorer\iexplore.exe
2812 C:\Program Files\Internet Explorer\iexplore.exe
3056 C:\Program Files\Internet Explorer\iexplore.exe
2844 C:\WINDOWS\system32\searchprotocolhost.exe
3848 searchfilterhost.exe
2164 C:\Documents and Settings\Sean and Wylene\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`93494000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
PhysicalDrive0 Model Number: WDCWD2000BB-22DWA0, Rev: 15.05R15
Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6661067B21B4865F9CDD7839FBE84588AEDD87C 4
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
-
Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:
cd desktop
mbr.exe -f
exit
Post a log (MBR.log).
*************************************************
Please do this even if you don't have the OS disk.
Do you have an XP CD?
If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
-
I don't have an XP disk, but here is the log.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2000BB-22DWA0 rev.15.05R15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
-
I don't have an XP disk, but here is the log.
What happened when you ran the SFC check?
-
I ran it twice, but not sure if it did anything. It starts and takes some time to run. When I come back to the computer the box is gone. Does it put a log somewhere?
-
When I come back to the computer the box is gone. Does it put a log somewhere?
No, there's no log but if there is a corrupt or infected MS file, it will ask for the disk.
I didn't get the complete log from TDSSKiller. Could you please run it again and post the complete log? Reply # 17
-
19:05:49.0375 1160 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
19:06:00.0218 1160 ============================================================
19:06:00.0218 1160 Current date / time: 2011/10/08 19:06:00.0218
19:06:00.0234 1160 SystemInfo:
19:06:00.0234 1160
19:06:00.0234 1160 OS Version: 5.1.2600 ServicePack: 3.0
19:06:00.0234 1160 Product type: Workstation
19:06:00.0234 1160 ComputerName: MAIN
19:06:00.0234 1160 UserName: Sean and Wylene
19:06:00.0234 1160 Windows directory: C:\WINDOWS
19:06:00.0234 1160 System windows directory: C:\WINDOWS
19:06:00.0234 1160 Processor architecture: Intel x86
19:06:00.0234 1160 Number of processors: 2
19:06:00.0234 1160 Page size: 0x1000
19:06:00.0234 1160 Boot type: Normal boot
19:06:00.0234 1160 ============================================================
19:06:02.0890 1160 Initialize success
19:06:12.0625 1856 ============================================================
19:06:12.0625 1856 Scan started
19:06:12.0625 1856 Mode: Manual;
19:06:12.0625 1856 ============================================================
19:06:13.0281 1856 Abiosdsk - ok
19:06:13.0421 1856 abp480n5 - ok
19:06:13.0593 1856 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:06:13.0593 1856 ACPI - ok
19:06:13.0750 1856 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:06:13.0765 1856 ACPIEC - ok
19:06:13.0906 1856 adpu160m - ok
19:06:14.0062 1856 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:06:14.0078 1856 aec - ok
19:06:14.0250 1856 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
19:06:14.0265 1856 AFD - ok
19:06:14.0437 1856 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
19:06:14.0437 1856 AFS2K - ok
19:06:14.0609 1856 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:06:14.0625 1856 agp440 - ok
19:06:14.0750 1856 Aha154x - ok
19:06:14.0875 1856 aic78u2 - ok
19:06:15.0000 1856 aic78xx - ok
19:06:15.0265 1856 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:06:15.0375 1856 ALCXWDM - ok
19:06:15.0562 1856 AliIde - ok
19:06:15.0671 1856 amsint - ok
19:06:15.0859 1856 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:06:15.0875 1856 Arp1394 - ok
19:06:16.0031 1856 asc - ok
19:06:16.0156 1856 asc3350p - ok
19:06:16.0328 1856 asc3550 - ok
19:06:16.0625 1856 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:06:16.0640 1856 AsyncMac - ok
19:06:16.0812 1856 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:06:16.0812 1856 atapi - ok
19:06:16.0984 1856 Atdisk - ok
19:06:17.0187 1856 ati2mtag (7182bf0f2a392d48e4aa732b970aac9c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:06:17.0234 1856 ati2mtag - ok
19:06:17.0437 1856 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:06:17.0453 1856 Atmarpc - ok
19:06:17.0640 1856 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:06:17.0640 1856 audstub - ok
19:06:17.0828 1856 azt2320 (73c5a32199187c780abb93090cf068f1) C:\WINDOWS\system32\drivers\aztw2320.sys
19:06:17.0843 1856 azt2320 - ok
19:06:18.0078 1856 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:06:18.0078 1856 Beep - ok
19:06:18.0265 1856 catchme - ok
19:06:18.0453 1856 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:06:18.0453 1856 cbidf2k - ok
19:06:18.0890 1856 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:06:18.0890 1856 CCDECODE - ok
19:06:19.0031 1856 cd20xrnt - ok
19:06:19.0187 1856 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:06:19.0203 1856 Cdaudio - ok
19:06:19.0406 1856 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:06:19.0421 1856 Cdfs - ok
19:06:19.0609 1856 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:06:19.0625 1856 Cdrom - ok
19:06:19.0796 1856 Changer - ok
19:06:20.0031 1856 CmdIde - ok
19:06:20.0312 1856 Cpqarray - ok
19:06:20.0515 1856 CX23880 (2d0823367d535d8b5f88ada609d7a305) C:\WINDOWS\system32\drivers\cx88vid.sys
19:06:20.0531 1856 CX23880 - ok
19:06:20.0718 1856 CX88ENC (87befc829316a34c99cd95dbbf26398b) C:\WINDOWS\system32\drivers\cx88enc.sys
19:06:20.0734 1856 CX88ENC - ok
19:06:20.0921 1856 CX88XBAR (23474ae80bfc2769bbecc8ab9e9cafe5) C:\WINDOWS\system32\drivers\CX88XBARDUAL.sys
19:06:20.0921 1856 CX88XBAR - ok
19:06:21.0093 1856 CXTUNE (80527a04734d170b993fe84b5715cfae) C:\WINDOWS\system32\drivers\CX88TUNE.sys
19:06:21.0109 1856 CXTUNE - ok
19:06:21.0250 1856 dac2w2k - ok
19:06:21.0390 1856 dac960nt - ok
19:06:21.0671 1856 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:06:21.0671 1856 Disk - ok
19:06:21.0921 1856 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:06:21.0968 1856 dmboot - ok
19:06:22.0140 1856 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:06:22.0156 1856 dmio - ok
19:06:22.0375 1856 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:06:22.0390 1856 dmload - ok
19:06:22.0578 1856 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:06:22.0593 1856 DMusic - ok
19:06:22.0812 1856 dpti2o - ok
19:06:22.0968 1856 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:06:22.0968 1856 drmkaud - ok
19:06:23.0468 1856 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:06:23.0484 1856 Fastfat - ok
19:06:23.0718 1856 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:06:23.0734 1856 Fdc - ok
19:06:23.0906 1856 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:06:23.0906 1856 Fips - ok
19:06:24.0093 1856 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:06:24.0109 1856 Flpydisk - ok
19:06:24.0312 1856 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:06:24.0312 1856 FltMgr - ok
19:06:24.0546 1856 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:06:24.0578 1856 fssfltr - ok
19:06:24.0781 1856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:06:24.0796 1856 Fs_Rec - ok
19:06:24.0984 1856 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:06:25.0000 1856 Ftdisk - ok
19:06:25.0171 1856 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:06:25.0171 1856 GEARAspiWDM - ok
19:06:25.0375 1856 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:06:25.0390 1856 Gpc - ok
19:06:25.0640 1856 HidCom (50302c11ddd22215626aa8b5e85f08fb) C:\WINDOWS\system32\DRIVERS\BdHidCom.sys
19:06:25.0656 1856 HidCom - ok
19:06:25.0828 1856 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
19:06:25.0828 1856 HidIr - ok
19:06:26.0031 1856 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:06:26.0031 1856 HidUsb - ok
19:06:26.0421 1856 hpn - ok
19:06:26.0593 1856 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:06:26.0593 1856 HPZid412 - ok
19:06:26.0781 1856 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:06:26.0796 1856 HPZipr12 - ok
19:06:26.0953 1856 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:06:26.0968 1856 HPZius12 - ok
19:06:27.0156 1856 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:06:27.0171 1856 HTTP - ok
19:06:27.0390 1856 i2omgmt - ok
19:06:27.0546 1856 i2omp - ok
19:06:27.0750 1856 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:06:27.0765 1856 i8042prt - ok
19:06:27.0953 1856 ialm (b076eb745ec3c669d4ae953225366f1d) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:06:27.0953 1856 ialm - ok
19:06:28.0281 1856 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:06:28.0296 1856 Imapi - ok
19:06:28.0609 1856 ini910u - ok
19:06:28.0796 1856 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
19:06:28.0796 1856 IntelIde - ok
19:06:29.0000 1856 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:06:29.0015 1856 intelppm - ok
19:06:29.0250 1856 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:06:29.0265 1856 ip6fw - ok
19:06:29.0484 1856 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:06:29.0500 1856 IpFilterDriver - ok
19:06:29.0687 1856 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:06:29.0703 1856 IpInIp - ok
19:06:29.0906 1856 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:06:29.0921 1856 IpNat - ok
19:06:30.0171 1856 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:06:30.0171 1856 IPSec - ok
19:06:30.0359 1856 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
19:06:30.0359 1856 IrBus - ok
19:06:30.0562 1856 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:06:30.0578 1856 IRENUM - ok
19:06:30.0796 1856 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:06:30.0812 1856 isapnp - ok
19:06:30.0984 1856 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
19:06:31.0015 1856 Iviaspi - ok
19:06:31.0296 1856 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:06:31.0296 1856 Kbdclass - ok
19:06:31.0500 1856 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:06:31.0500 1856 kbdhid - ok
19:06:31.0687 1856 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:06:31.0703 1856 kmixer - ok
19:06:31.0890 1856 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:06:31.0906 1856 KSecDD - ok
19:06:32.0140 1856 lbrtfdc - ok
19:06:32.0500 1856 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
19:06:32.0546 1856 ltmodem5 - ok
19:06:32.0750 1856 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:06:32.0765 1856 mnmdd - ok
19:06:32.0968 1856 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:06:33.0000 1856 Modem - ok
19:06:33.0203 1856 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:06:33.0203 1856 Mouclass - ok
19:06:33.0421 1856 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:06:33.0421 1856 mouhid - ok
19:06:33.0609 1856 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:06:33.0625 1856 MountMgr - ok
19:06:33.0859 1856 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:06:33.0875 1856 MpFilter - ok
19:06:33.0984 1856 MpKsl00f9383a - ok
19:06:34.0046 1856 MpKsl18d1653b - ok
19:06:34.0125 1856 MpKsl270bd62d - ok
19:06:34.0171 1856 MpKsl41b40909 - ok
19:06:34.0218 1856 MpKsl657b5787 - ok
19:06:34.0312 1856 MpKsl65888894 - ok
19:06:34.0359 1856 MpKsl670a56ac - ok
19:06:34.0390 1856 MpKsl77223706 - ok
19:06:34.0468 1856 MpKsl80889e0e - ok
19:06:34.0515 1856 MpKsl82022988 - ok
19:06:34.0625 1856 MpKsl84d9df68 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{249C1BF8-5492-4E4F-AFA2-4F7B2946CFE7}\MpKsl84d9df68.sys
19:06:34.0625 1856 MpKsl84d9df68 - ok
19:06:34.0687 1856 MpKsl900ce35f - ok
19:06:34.0765 1856 MpKsl97463d76 - ok
19:06:34.0828 1856 MpKsla64cc5a6 - ok
19:06:34.0890 1856 MpKslc242287c - ok
19:06:34.0968 1856 MpKslc3cfb65c - ok
19:06:35.0031 1856 MpKslc44d95fc - ok
19:06:35.0109 1856 MpKslcfe8629b - ok
19:06:35.0171 1856 MpKsld0c3b2d3 - ok
19:06:35.0250 1856 MpKsld9fe4884 - ok
19:06:35.0312 1856 MpKsle16118fb - ok
19:06:35.0359 1856 MpKsle1868d84 - ok
19:06:35.0421 1856 MpKslf8aeaf35 - ok
19:06:35.0453 1856 MpKslfceee1bd - ok
19:06:35.0546 1856 MpKslfd546ba9 - ok
19:06:35.0734 1856 mraid35x - ok
19:06:35.0953 1856 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:06:35.0953 1856 MRxDAV - ok
19:06:36.0171 1856 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:06:36.0203 1856 MRxSmb - ok
19:06:36.0546 1856 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:06:36.0562 1856 Msfs - ok
19:06:36.0765 1856 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:06:36.0781 1856 MSKSSRV - ok
19:06:37.0015 1856 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:06:37.0031 1856 MSPCLOCK - ok
19:06:37.0234 1856 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:06:37.0234 1856 MSPQM - ok
19:06:37.0500 1856 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:06:37.0515 1856 mssmbios - ok
19:06:37.0734 1856 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:06:37.0734 1856 MSTEE - ok
19:06:37.0937 1856 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
19:06:37.0953 1856 ms_mpu401 - ok
19:06:38.0156 1856 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:06:38.0171 1856 Mup - ok
19:06:38.0359 1856 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:06:38.0375 1856 NABTSFEC - ok
19:06:38.0609 1856 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:06:38.0625 1856 NDIS - ok
19:06:38.0796 1856 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:06:38.0812 1856 NdisIP - ok
19:06:38.0984 1856 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:06:38.0984 1856 NdisTapi - ok
19:06:39.0187 1856 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:06:39.0203 1856 Ndisuio - ok
19:06:39.0375 1856 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:06:39.0390 1856 NdisWan - ok
19:06:39.0609 1856 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:06:39.0609 1856 NDProxy - ok
19:06:39.0796 1856 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:06:39.0812 1856 NetBIOS - ok
19:06:40.0015 1856 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:06:40.0031 1856 NetBT - ok
19:06:40.0515 1856 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:06:40.0515 1856 NIC1394 - ok
19:06:40.0828 1856 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:06:40.0828 1856 Npfs - ok
19:06:41.0109 1856 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:06:41.0125 1856 Ntfs - ok
19:06:41.0468 1856 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:06:41.0468 1856 NuidFltr - ok
19:06:41.0718 1856 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:06:41.0718 1856 Null - ok
19:06:42.0000 1856 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:06:42.0031 1856 nv - ok
19:06:42.0250 1856 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:06:42.0265 1856 NwlnkFlt - ok
19:06:42.0484 1856 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:06:42.0500 1856 NwlnkFwd - ok
19:06:42.0765 1856 OADevice (57b641cd45e3dbd784aba7174724f4e0) C:\WINDOWS\system32\drivers\OADriver.sys
19:06:42.0890 1856 OADevice - ok
19:06:43.0109 1856 OAmon (f21b332dab65c9601267d8fc8c04899b) C:\WINDOWS\system32\drivers\OAmon.sys
19:06:43.0156 1856 OAmon - ok
19:06:43.0375 1856 OAnet (5577a7f637f02621cb643f0f470872fc) C:\WINDOWS\system32\drivers\OAnet.sys
19:06:43.0421 1856 OAnet - ok
19:06:43.0609 1856 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:06:43.0640 1856 ohci1394 - ok
19:06:43.0812 1856 omoecx - ok
19:06:44.0109 1856 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
19:06:44.0125 1856 PalmUSBD - ok
19:06:44.0343 1856 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:06:44.0359 1856 Parport - ok
19:06:44.0578 1856 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:06:44.0593 1856 PartMgr - ok
19:06:44.0765 1856 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:06:44.0781 1856 ParVdm - ok
19:06:44.0984 1856 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
19:06:44.0984 1856 pavboot - ok
19:06:45.0187 1856 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:06:45.0203 1856 PCI - ok
19:06:45.0343 1856 PCIDump - ok
19:06:45.0515 1856 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:06:45.0531 1856 PCIIde - ok
19:06:45.0687 1856 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:06:45.0687 1856 Pcmcia - ok
19:06:45.0843 1856 PDCOMP - ok
19:06:45.0968 1856 PDFRAME - ok
19:06:46.0125 1856 PDRELI - ok
19:06:46.0281 1856 PDRFRAME - ok
19:06:46.0453 1856 perc2 - ok
19:06:46.0625 1856 perc2hib - ok
19:06:46.0906 1856 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
19:06:46.0953 1856 pfc - ok
19:06:47.0171 1856 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
19:06:47.0187 1856 Point32 - ok
19:06:47.0796 1856 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:06:47.0828 1856 PptpMiniport - ok
19:06:47.0984 1856 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:06:47.0984 1856 Processor - ok
19:06:48.0156 1856 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
19:06:48.0156 1856 Ps2 - ok
19:06:48.0359 1856 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
19:06:48.0375 1856 PSI - ok
19:06:48.0546 1856 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:06:48.0546 1856 Ptilink - ok
19:06:48.0843 1856 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
19:06:48.0843 1856 PxHelp20 - ok
19:06:49.0000 1856 ql1080 - ok
19:06:49.0140 1856 Ql10wnt - ok
19:06:49.0281 1856 ql12160 - ok
19:06:49.0406 1856 ql1240 - ok
19:06:49.0562 1856 ql1280 - ok
19:06:49.0734 1856 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:06:49.0750 1856 RasAcd - ok
19:06:49.0921 1856 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:06:49.0921 1856 Rasl2tp - ok
19:06:50.0078 1856 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:06:50.0093 1856 RasPppoe - ok
19:06:50.0296 1856 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:06:50.0296 1856 Raspti - ok
19:06:50.0484 1856 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:06:50.0484 1856 Rdbss - ok
19:06:50.0671 1856 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:06:50.0671 1856 RDPCDD - ok
19:06:50.0875 1856 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:06:50.0875 1856 rdpdr - ok
19:06:51.0109 1856 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:06:51.0109 1856 RDPWD - ok
19:06:51.0281 1856 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:06:51.0281 1856 redbook - ok
19:06:51.0421 1856 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
19:06:51.0437 1856 regi - ok
19:06:51.0640 1856 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:06:51.0656 1856 RTL8023xp - ok
19:06:51.0843 1856 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
19:06:51.0843 1856 rtl8139 - ok
19:06:51.0906 1856 SABProcEnum - ok
19:06:51.0984 1856 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:06:51.0984 1856 SASDIFSV - ok
19:06:52.0031 1856 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
19:06:52.0031 1856 SASENUM - ok
19:06:52.0109 1856 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
19:06:52.0109 1856 SASKUTIL - ok
19:06:52.0281 1856 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:06:52.0296 1856 Secdrv - ok
19:06:52.0468 1856 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:06:52.0468 1856 serenum - ok
19:06:52.0625 1856 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:06:52.0640 1856 Serial - ok
19:06:52.0906 1856 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:06:52.0906 1856 Sfloppy - ok
19:06:53.0156 1856 Simbad - ok
19:06:53.0593 1856 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:06:53.0593 1856 SLIP - ok
19:06:54.0015 1856 Sparrow - ok
19:06:54.0281 1856 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:06:54.0281 1856 splitter - ok
19:06:54.0453 1856 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:06:54.0468 1856 sr - ok
19:06:54.0640 1856 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:06:54.0656 1856 Srv - ok
19:06:54.0859 1856 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:06:54.0859 1856 streamip - ok
19:06:55.0000 1856 SunkFilt (2087b202cfe8a2f8a59cecfffbec58d5) C:\WINDOWS\System32\Drivers\sunkfilt.sys
19:06:55.0031 1856 SunkFilt - ok
19:06:55.0171 1856 Sunkfiltp - ok
19:06:55.0312 1856 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:06:55.0312 1856 swenum - ok
19:06:55.0484 1856 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:06:55.0484 1856 swmidi - ok
19:06:55.0640 1856 symc810 - ok
19:06:55.0765 1856 symc8xx - ok
19:06:55.0890 1856 sym_hi - ok
19:06:56.0031 1856 sym_u3 - ok
19:06:56.0218 1856 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:06:56.0218 1856 sysaudio - ok
19:06:56.0359 1856 SysProtDrv.sys - ok
19:06:56.0562 1856 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:06:56.0578 1856 Tcpip - ok
19:06:56.0718 1856 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:06:56.0734 1856 TDPIPE - ok
19:06:56.0859 1856 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:06:56.0875 1856 TDTCP - ok
19:06:57.0015 1856 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:06:57.0015 1856 TermDD - ok
19:06:57.0203 1856 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
19:06:57.0218 1856 tmcomm - ok
19:06:57.0343 1856 TosIde - ok
19:06:57.0515 1856 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:06:57.0515 1856 Udfs - ok
19:06:57.0656 1856 ultra - ok
19:06:57.0859 1856 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:06:57.0859 1856 Update - ok
19:06:58.0078 1856 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:06:58.0078 1856 usbaudio - ok
19:06:58.0250 1856 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:06:58.0250 1856 usbccgp - ok
19:06:58.0406 1856 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:06:58.0406 1856 usbehci - ok
19:06:58.0562 1856 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:06:58.0562 1856 usbhub - ok
19:06:58.0718 1856 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:06:58.0718 1856 usbprint - ok
19:06:58.0890 1856 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:06:58.0890 1856 usbscan - ok
19:06:59.0046 1856 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:06:59.0046 1856 USBSTOR - ok
19:06:59.0234 1856 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:06:59.0234 1856 usbuhci - ok
19:06:59.0406 1856 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:06:59.0406 1856 VgaSave - ok
19:06:59.0546 1856 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
19:06:59.0546 1856 ViaIde - ok
19:06:59.0703 1856 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:06:59.0703 1856 VolSnap - ok
19:06:59.0921 1856 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:06:59.0937 1856 Wanarp - ok
19:07:00.0078 1856 wanatw - ok
19:07:00.0265 1856 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:07:00.0296 1856 Wdf01000 - ok
19:07:00.0437 1856 WDICA - ok
19:07:00.0578 1856 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:07:00.0593 1856 wdmaud - ok
19:07:00.0921 1856 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:07:00.0921 1856 WpdUsb - ok
19:07:01.0093 1856 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:07:01.0093 1856 WS2IFSL - ok
19:07:01.0265 1856 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:07:01.0265 1856 WSTCODEC - ok
19:07:01.0484 1856 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
19:07:01.0484 1856 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:07:01.0640 1856 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
19:07:01.0640 1856 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:07:01.0656 1856 MBR (0x1B8) (8cc68602644010dfdb2a22cb60ddf258) \Device\Harddisk0\DR0
19:07:01.0671 1856 \Device\Harddisk0\DR0 - ok
19:07:01.0671 1856 Boot (0x1200) (ea0a5cd1837a6e3ea7de92511c4b2c08) \Device\Harddisk0\DR0\Partition0
19:07:01.0671 1856 \Device\Harddisk0\DR0\Partition0 - ok
19:07:01.0703 1856 Boot (0x1200) (deae0bc0d56ba40c4734ddb2d97a2a02) \Device\Harddisk0\DR0\Partition1
19:07:01.0718 1856 \Device\Harddisk0\DR0\Partition1 - ok
19:07:01.0718 1856 ============================================================
19:07:01.0718 1856 Scan finished
19:07:01.0718 1856 ============================================================
19:07:01.0750 4604 Detected object count: 0
19:07:01.0750 4604 Actual detected object count: 0
19:07:49.0875 4952 Deinitialize success
19:03:56.0359 6132 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
19:04:06.0296 6132 Perform update action was selected
19:04:06.0296 2160 Deinitialize success
-
So, what's happening with your computer? Still having problems?
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt