Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware taking 100% of System Resources.


  • This topic is locked This topic is locked
5 replies to this topic

#1 mark2009

mark2009

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 10 November 2009 - 03:01 AM

Hi,

I am after some help regarding my computer which got infected a few weeks back. i received some great advice here but just when I thought it was gone it returned. It first happened when browsing the net a pop up told me my flash player was out of date and needed to be upgraded. Foolishly I accepted and within a minute my system was cactus with 100% of resources eaten. All you can do is turn it off. When you turn it back on as soon as you touch the mouse it freezes again and has to be turned off. Sometimes I also got a nasty looking blue screen come up with strange code (I am not strong in computers). It doesnt seem to effect in safe mode so I ran AVG, and spybot search and destroy but they found nothing. I then resided to fact I would have to reimage the machine and got more ruthless (I had nothing to lose by that stage) and ran the ccleaner registry cleaner, and hijack this (told it to fix all as I know nothing of it). I had also uninstalled a lot of programs in an attempt to free up some resources (it needed a clean up anyway) To my surprise this seemed to work. I then based on advise here ran 'malwarebytes'. It detected no virus. Then I began reloading some software I required (AVG). I finally got to my last program anydvd a program I have a purchased licence for and use to back up my music dvd concerts. When this installs it was required to reboot the machine. When the machine reboots the virus is back to square one.

I followed the steps to submit a report however I have found I cannot finish a run with root repeal. Its slows the machine right down and seems to take forever (I left it 12 hours). My other files are attached.

Please help.

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:31 AM

Posted 10 November 2009 - 08:33 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 mark2009

mark2009
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 11 November 2009 - 02:15 AM

Hi Sam,

Mark from Sydney. Very thankful for your time on this believe me.

Requested scans attached.


OTL logfile created on: 11/11/2009 6:03:40 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Mark\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.94 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 58.36% Memory free
4.00 Gb Paging File | 3.25 Gb Available in Paging File | 81.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.98 Gb Total Space | 48.94 Gb Free Space | 33.30% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.40 Gb Free Space | 70.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.83 Gb Total Space | 58.36 Gb Free Space | 25.06% Space Free | Partition Type: FAT32
Drive K: | 7.42 Gb Total Space | 6.75 Gb Free Space | 90.99% Space Free | Partition Type: FAT32

Computer Name: MARK-PC
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/11 18:00:34 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
PRC - [2009/11/10 16:08:26 | 02,016,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/10/31 08:32:41 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/29 20:53:24 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/29 20:53:23 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/29 20:53:23 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/29 20:53:23 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/10/29 20:53:23 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/29 20:53:20 | 00,744,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2009/10/29 20:53:20 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/07/18 14:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/05/21 10:55:32 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 17:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 17:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 17:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 17:27:44 | 00,636,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/11 17:27:39 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/04/11 17:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/19 18:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 18:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 18:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/05/06 17:11:36 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe


========== Modules (SafeList) ==========

MOD - [2009/11/11 18:00:34 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
MOD - [2009/10/29 20:53:31 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 17:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (NMIndexingService)
SRV - [2009/10/29 20:53:20 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/06/05 14:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 12:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/26 12:29:54 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/30 15:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/19 05:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/19 05:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/02/19 05:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/19 18:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 18:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007/05/18 20:00:11 | 01,831,936 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/05/06 17:11:36 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/11/07 16:27:02 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/14 17:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/08/05 11:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000\S-1-5-21-3210143420-2699239053-3113354694-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009/10/31 08:33:13 | 00,000,000 | ---D | M]

[2009/06/20 17:31:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/20 17:31:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/20 17:31:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/20 17:31:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/20 17:31:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/20 17:31:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/06/20 17:31:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RestartNeroSetup] E:\Installation\Setupx.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3210143420-2699239053-3113354694-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/05/02 15:47:02 | 00,000,000 | R--D | M] - J:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/10/07 21:06:43 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/08 14:41:31 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/01 16:34:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/11/01 09:24:36 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2009/11/01 09:22:57 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/11/01 09:19:43 | 00,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx
[2009/10/31 08:33:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/10/31 08:32:44 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/10/31 08:32:42 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/10/31 08:32:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Real
[2009/10/31 08:32:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Real
[2009/10/29 21:02:59 | 00,000,000 | ---D | C] -- C:\downloads
[2009/10/29 21:02:59 | 00,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\GrabPro
[2009/10/29 21:02:57 | 00,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Orbit
[2009/10/29 20:53:36 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/29 20:53:31 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/10/29 20:53:31 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/29 20:53:26 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/29 20:53:25 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/10/29 20:53:25 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/10/29 20:48:00 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/29 20:48:00 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[5 C:\Users\Mark\*.tmp files -> C:\Users\Mark\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/11 18:03:01 | 07,077,888 | -HS- | M] () -- C:\Users\Mark\ntuser.dat
[2009/11/11 17:59:20 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/11 17:59:20 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/11 17:59:20 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/11 17:58:20 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{86BFB85F-6CC2-44CC-9529-FBC4FA605687}.job
[2009/11/11 17:57:53 | 44,931,853 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/11 17:57:35 | 00,088,832 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/11 17:54:13 | 00,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/11 17:54:13 | 00,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/11 17:54:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/11 17:54:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/11 06:53:03 | 00,524,288 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{40c57ffc-c29e-11de-b06f-bf84470c065e}.TMContainer00000000000000000001.regtrans-ms
[2009/11/11 06:53:03 | 00,065,536 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{40c57ffc-c29e-11de-b06f-bf84470c065e}.TM.blf
[2009/11/11 06:52:58 | 02,845,576 | -H-- | M] () -- C:\Users\Mark\AppData\Local\IconCache.db
[2009/11/10 19:41:35 | 00,092,672 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/10 16:08:25 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/03 19:49:11 | 00,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2009/11/03 19:49:11 | 00,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2009/11/01 09:19:43 | 00,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx
[2009/10/31 08:33:13 | 00,001,039 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2009/10/31 08:32:44 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/10/29 20:53:35 | 00,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/10/29 20:53:31 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/29 20:53:26 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/29 20:53:25 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/10/29 20:53:25 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/10/29 20:53:25 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/10/29 20:53:25 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/10/28 20:23:09 | 00,068,616 | ---- | M] () -- C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/28 20:06:57 | 00,283,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[5 C:\Users\Mark\*.tmp files -> C:\Users\Mark\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/03 21:07:52 | 02,845,576 | -H-- | C] () -- C:\Users\Mark\AppData\Local\IconCache.db
[2009/10/31 08:33:13 | 00,001,039 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2009/10/29 20:53:35 | 00,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/10/29 20:53:25 | 44,931,853 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/10/29 20:53:25 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/10/29 20:53:25 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/10/29 20:53:25 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/10/29 20:53:25 | 00,088,832 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/11 17:33:50 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/08 16:23:07 | 00,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/08/28 22:19:18 | 00,032,768 | ---- | C] () -- C:\Windows\System32\IsDRM.dll
[2008/08/28 22:16:00 | 00,544,768 | ---- | C] () -- C:\Windows\System32\AudioConverter.dll
[2008/06/08 12:57:09 | 00,000,680 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2008/04/20 17:33:27 | 03,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2008/04/20 17:33:27 | 00,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2008/04/20 17:33:26 | 00,706,048 | ---- | C] () -- C:\Windows\System32\libmcl-3.1.1.dll
[2008/02/02 12:59:05 | 00,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/08/13 20:25:04 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/09 19:12:30 | 00,110,624 | ---- | C] () -- C:\Windows\System32\drivers\nvstor32.sys
[2007/03/30 20:49:27 | 00,000,766 | ---- | C] () -- C:\Windows\CoD.INI
[2007/02/14 15:49:28 | 00,000,078 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\wklnhst.dat
[2007/02/14 09:57:17 | 00,092,672 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/14 09:32:46 | 00,068,616 | ---- | C] () -- C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/02/10 08:15:51 | 00,000,228 | ---- | C] () -- C:\Windows\wininit.ini
[2007/02/10 08:08:40 | 00,131,058 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2006/11/02 23:48:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 23:35:51 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 23:35:51 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 23:35:51 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 23:35:51 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 21:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 21:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 21:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 18:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/07 11:09:26 | 00,577,536 | ---- | C] () -- C:\Windows\System32\heclib50.dll
[1999/03/22 22:00:00 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/10/11 08:03:13 | 00,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Azureus
[2007/06/05 15:41:37 | 00,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\BigPond
[2009/10/29 21:02:59 | 00,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\GrabPro
[2007/07/24 07:19:18 | 00,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\NCH Swift Sound
[2009/10/29 21:10:52 | 00,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Orbit
[2008/04/20 18:57:01 | 00,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Pegasys Inc
[2007/06/05 20:31:57 | 00,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Telstra
[2007/02/14 15:49:30 | 00,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Template
[2008/09/03 18:28:41 | 00,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Tunebite
[2009/11/11 17:54:07 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/11 06:53:03 | 00,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/11 17:58:20 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{86BFB85F-6CC2-44CC-9529-FBC4FA605687}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\*.exe >
[2005/11/01 02:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %systemroot%\system32\drivers\*.sys >
[2006/11/02 19:55:12 | 00,053,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys
[2009/04/11 17:32:46 | 00,265,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2006/11/02 20:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys
[2006/11/02 20:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys
[2006/11/02 20:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys
[2006/11/02 20:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys
[2009/04/11 15:47:03 | 00,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2007/02/10 15:54:49 | 00,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AGP440.sys
[2007/02/10 15:55:14 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys
[2007/02/10 15:54:49 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS
[2007/02/10 15:55:14 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys
[2006/11/02 19:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys
[2008/01/19 16:27:20 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys
[2006/11/02 20:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys
[2006/11/02 20:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys
[2008/01/19 16:56:29 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\asyncmac.sys
[2007/02/10 15:55:14 | 00,019,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2007/02/10 15:55:14 | 00,107,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2006/11/02 18:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2009/10/29 20:53:26 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/29 20:53:25 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/10 16:08:25 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2006/11/02 20:49:47 | 00,025,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2006/11/21 04:25:44 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\bcm4sbxp.sys
[2008/01/19 16:53:30 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2008/01/19 16:49:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\beep.sys
[2008/01/19 16:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys
[2006/11/02 19:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys
[2006/11/02 19:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys
[2009/04/11 16:42:55 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2006/11/02 19:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys
[2006/11/02 19:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys
[2006/11/02 19:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys
[2006/11/02 19:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys
[2006/11/02 19:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys
[2008/01/19 16:28:02 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdfs.sys
[2006/07/24 03:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys
[2006/07/24 03:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys
[2009/04/11 15:39:17 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2006/11/02 19:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys
[2009/04/11 17:32:43 | 00,125,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2007/02/10 15:55:14 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys
[2006/11/02 20:49:32 | 00,018,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\compbatt.sys
[2009/04/11 17:32:30 | 00,035,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2006/11/02 20:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys
[2006/11/02 19:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys
[2009/04/11 15:14:12 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/04/11 17:32:31 | 00,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 15:39:11 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2006/11/02 20:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys
[2008/01/19 17:53:03 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2008/01/19 16:53:16 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmkaud.sys
[2009/04/11 17:32:29 | 00,027,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2008/01/19 16:36:12 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys
[2009/04/11 15:23:23 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/04/11 15:23:48 | 00,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2006/11/02 18:30:55 | 00,200,704 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys
[2006/11/02 18:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys
[2009/04/11 17:32:43 | 00,141,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2006/11/02 20:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys
[2009/04/11 15:13:53 | 00,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/04/11 15:13:52 | 00,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2008/01/19 16:49:37 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fdc.sys
[2008/01/19 18:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys
[2008/01/19 16:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys
[2008/01/19 16:49:37 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\flpydisk.sys
[2009/04/11 17:32:46 | 00,190,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2008/01/19 16:27:57 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2009/04/11 17:32:43 | 00,099,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2006/11/02 20:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS
[2009/03/19 17:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/04/11 15:42:42 | 00,561,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2006/11/02 18:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys
[2006/11/02 19:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys
[2009/04/11 15:42:48 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2006/11/02 19:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys
[2008/01/19 16:53:16 | 00,025,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2009/04/11 15:42:48 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2006/11/02 20:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys
[2006/10/19 05:08:18 | 00,258,048 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWBS2.sys
[2006/10/19 05:08:04 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys
[2006/10/19 05:09:26 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys
[2009/04/11 15:45:32 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2006/11/02 20:49:25 | 00,016,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omgmt.sys
[2006/11/02 20:49:49 | 00,027,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omp.sys
[2008/01/19 16:49:18 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2006/11/02 20:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 20:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys
[2004/03/02 16:37:48 | 00,005,504 | ---- | M] (Ahead Software AG) -- C:\Windows\System32\drivers\imagedrv.sys
[2004/03/02 16:37:50 | 00,125,184 | ---- | M] (Ahead Software AG) -- C:\Windows\System32\drivers\imagesrv.sys
[2007/02/10 15:55:14 | 00,014,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelide.sys
[2006/11/02 19:30:18 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelppm.sys
[2008/01/19 16:56:23 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipfltdrv.sys
[2006/11/02 19:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys
[2008/01/19 16:56:28 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipnat.sys
[2008/01/19 16:55:26 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\irda.sys
[2008/01/19 16:55:19 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\irenum.sys
[2007/02/10 15:54:49 | 00,047,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\isapnp.sys
[2006/11/02 20:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys
[2006/11/02 20:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys
[2008/01/19 18:41:52 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2009/04/11 15:38:40 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/04/11 15:38:49 | 00,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/06/16 10:15:25 | 00,439,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2008/01/19 16:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys
[2006/11/02 20:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys
[2006/11/02 20:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys
[2006/11/02 20:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys
[2008/01/19 16:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/01/19 16:49:59 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys
[2006/06/20 08:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys
[2006/11/02 20:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys
[2008/01/19 16:57:16 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\modem.sys
[2008/01/19 16:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2008/01/19 18:41:52 | 00,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2008/01/19 16:49:16 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouhid.sys
[2008/01/19 18:42:28 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mountmgr.sys
[2006/11/02 20:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys
[2008/01/19 16:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2006/11/02 20:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys
[2009/04/11 15:14:40 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/04/11 15:14:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/04/11 15:14:36 | 00,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/04/11 15:14:29 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2007/02/10 15:55:14 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys
[2006/11/02 20:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys
[2008/01/19 16:28:09 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msfs.sys
[2008/01/19 18:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys
[2009/04/11 17:32:46 | 00,180,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2008/01/19 16:49:20 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mskssrv.sys
[2008/01/19 16:49:18 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspclock.sys
[2008/01/19 16:49:18 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspqm.sys
[2009/04/11 17:32:46 | 00,161,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2008/01/19 18:41:49 | 00,031,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mssmbios.sys
[2008/01/19 16:49:19 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys
[2009/04/11 17:32:31 | 00,048,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2007/07/24 07:19:18 | 00,021,120 | ---- | M] (NCH Swift Sound) -- C:\Windows\System32\drivers\nchssvad.sys
[2009/04/11 17:32:49 | 00,527,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2008/01/19 16:56:24 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2008/01/19 16:55:40 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndisuio.sys
[2009/04/11 15:46:32 | 00,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2008/01/19 16:56:28 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2008/01/19 16:55:45 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbios.sys
[2009/04/11 15:45:37 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/04/11 17:32:46 | 00,223,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2006/11/02 20:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys
[2009/04/11 15:14:01 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2008/01/19 16:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys
[2009/04/11 17:32:49 | 01,083,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2006/11/02 18:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys
[2008/01/19 16:49:12 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\null.sys
[2006/12/08 15:25:00 | 04,456,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2006/11/02 20:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys
[2007/01/05 21:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2007/08/09 19:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32(78).sys
[2007/08/09 19:12:30 | 00,110,624 | ---- | M] () -- C:\Windows\System32\drivers\nvstor32.sys
[2007/02/10 15:54:49 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS
[2009/04/11 15:43:28 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2006/11/02 19:55:16 | 00,062,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ohci1394.sys
[2009/04/11 15:45:51 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2006/11/02 19:51:30 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\parport.sys
[2009/04/11 17:32:31 | 00,054,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2006/11/02 19:51:23 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\parvdm.sys
[2009/04/11 17:32:55 | 00,149,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2007/02/10 15:55:14 | 00,013,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2007/02/10 15:55:14 | 00,042,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2006/11/02 20:51:12 | 00,167,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcmcia.sys
[2006/11/02 20:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys
[2006/10/19 20:27:56 | 00,023,232 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\drivers\pmxmouse.sys
[2006/10/19 20:29:32 | 00,019,008 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\drivers\pmxusblf.sys
[2009/04/11 15:42:50 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2006/11/02 19:30:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\processr.sys
[2008/01/12 10:00:41 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys
[2006/11/02 20:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys
[2006/11/02 20:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys
[2008/01/19 16:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys
[2008/01/19 16:56:31 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rasacd.sys
[2008/01/19 16:56:34 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rasl2tp.sys
[2009/04/11 15:46:30 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2008/01/19 16:56:34 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspptp.sys
[2009/04/11 15:46:40 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/04/11 15:14:29 | 00,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2008/01/19 17:01:08 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPCDD.sys
[2007/02/10 15:54:49 | 00,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpdr.sys
[2008/01/19 17:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys
[2009/04/11 15:51:27 | 00,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/04/11 15:45:24 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/04/11 15:46:07 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2008/01/19 16:57:15 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rootmdm.sys
[2008/01/19 16:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys
[2006/11/02 20:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys
[2008/01/19 18:42:10 | 00,142,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2006/11/02 17:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys
[2006/11/02 19:51:25 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serenum.sys
[2006/11/02 19:51:30 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serial.sys
[2008/01/19 16:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2006/11/02 19:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys
[2006/11/02 19:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys
[2006/11/02 19:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys
[2006/11/02 19:51:40 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sfloppy.sys
[2007/02/10 15:54:49 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS
[2006/11/02 20:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys
[2006/11/02 20:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys
[2009/04/11 15:45:22 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2008/01/19 16:49:30 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys
[2008/01/19 18:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys
[2009/04/11 13:52:40 | 00,684,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/04/11 15:15:20 | 00,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/09/14 20:29:50 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/04/11 15:15:02 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/04/11 17:32:54 | 00,122,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/04/11 15:42:47 | 00,052,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2007/05/06 17:12:02 | 00,326,656 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2008/01/19 18:41:14 | 00,015,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\swenum.sys
[2006/11/02 20:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys
[2006/11/02 20:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys
[2006/11/02 20:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys
[2008/01/19 16:49:56 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys
[2009/08/15 03:27:34 | 00,904,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/08/15 00:48:21 | 00,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2008/01/19 16:57:10 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2008/01/19 17:01:07 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdpipe.sys
[2008/01/19 17:01:08 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdtcp.sys
[2009/04/11 15:45:56 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/04/11 17:32:52 | 00,053,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2008/01/19 17:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys
[2008/01/19 16:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2008/01/19 16:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2006/11/02 20:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS
[2009/04/11 15:13:59 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2007/02/10 15:54:49 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS
[2006/11/02 20:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys
[2006/11/02 20:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys
[2006/11/02 20:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys
[2008/01/19 16:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys
[2008/01/19 16:53:39 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys
[2009/04/11 15:46:08 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/06/05 12:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys
[2009/04/11 15:42:56 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/04/11 15:42:56 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2008/01/19 16:53:29 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbccgp.sys
[2006/11/02 19:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys
[2008/01/19 16:53:17 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2009/04/11 15:42:52 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/04/11 15:43:16 | 00,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/04/11 15:42:52 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009/04/11 15:42:57 | 00,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2006/11/02 20:14:58 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbprint.sys
[2009/04/11 15:42:55 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2006/11/02 19:55:05 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbuhci.sys
[2008/01/19 16:52:06 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vga.sys
[2006/11/02 19:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys
[2007/02/10 15:54:49 | 00,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VIAAGP.SYS
[2006/11/02 19:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys
[2007/02/10 15:55:14 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys
[2008/01/19 16:52:12 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys
[2008/08/12 22:08:14 | 00,016,896 | ---- | M] (Wondershare) -- C:\Windows\System32\drivers\VirtualAudio.sys
[2008/01/19 18:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys
[2009/04/11 17:33:03 | 00,292,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/04/11 17:32:55 | 00,226,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2006/11/02 20:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys
[2006/11/02 19:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys
[2008/01/19 16:56:31 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2009/04/11 15:22:46 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2006/11/02 20:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys
[2008/01/19 18:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2008/01/19 18:41:59 | 00,035,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2006/11/02 19:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys
[2008/01/19 18:41:20 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys
[2008/01/19 16:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/19 16:52:50 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFPf.sys
[2008/01/19 16:53:04 | 00,083,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys
[2006/08/05 11:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys
[2008/08/15 14:27:14 | 00,105,216 | ---- | M] (ZTE Incorporated) -- C:\Windows\System32\drivers\zgwhsdiag.sys
[2008/08/15 14:27:34 | 00,105,216 | ---- | M] (ZTE Incorporated) -- C:\Windows\System32\drivers\zgwhsmdm.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:6900017D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5
< End of report >

Attached Files


Edited by Buckeye_Sam, 11 November 2009 - 08:34 AM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:31 AM

Posted 11 November 2009 - 08:47 AM

The good news is that I don't think you're dealing with any type of malware. It seems to be an Adobe issue with the flash updater.
Open up task manager and end this process.

FlashUtil10c.exe


See if that brings your resources back down to where they should be.

If that appears to be the problem you can disable the auto updater.
http://kb2.adobe.com/cps/713/a7138026.html

And the most current version can be downloaded manually from here.
http://get.adobe.com/flashplayer/
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 mark2009

mark2009
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 13 November 2009 - 01:15 AM

Hi Sam,

That sounds positive I thank you very much for spending your time helping me. Although the process flashutil10c is currently running my resources seem quite normal. It was only when I reinstalled my last program, anydvd, and it rebooted that it goes crazy. When this occurs it isnt possible to even open the task manager. Any operation means the computer is frozen. I need my P.C. tonight for work so am reluctant to touch it but will try to reinstall it again. I think I will take your advice though and remove the auto updater and reinstall the latest version.

Thanks again,

Mark

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:31 AM

Posted 13 November 2009 - 09:07 AM

If you find that the issue seems to be more related to Anydvd you should check with their support site. There may be a bug and/or a fix that you can implement.

Since this issue does not appear to be malware related this topic will now be closed.

Good luck! :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users