Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my computer Clean


  • This topic is locked This topic is locked
51 replies to this topic

#1 Trevrev

Trevrev

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 01 October 2010 - 12:08 PM

Good evening people,
I've recently been infected with Rootkit.win32.TDSS.d and Rouge AntimalwareDoctor.

This all got out of control and i was well out of my depth, so i took my PC to our I.T department at work to see if they could sort it for me.

Anyway, at the end of the day they'd returned my PC, fixed, although they'd deleted my Malwarebytes off and taken my Kaspersky internet security 2010 off.

The reason they took Kaspersky off, was when they done a scan with SpybotS&D it had picked up about 6 viruses and loads of other unwanted stuff, so they said my security was pretty much useless!
Instead they put on the companies corporate version of Endpoint Sophos.

To cut a long story short, my PC is running like a dream, but me, being me, i installed Superantispyware and done a scan with that.

And to my horror it picked up the Rouge AntiMalwareDoctor, which i thought had been deleted from my system by the guys at work. It also picked up 386 adware tracking cookies!

Now i'm worried i've still got this Rootkit.win32TDSS.d lurking about on my machine.

I've done the logs for you to look at............Thank you for your time. Be great if you could help.
Trevor.



DDS (Ver_10-03-17.01) - FAT32x86
Run by kev at 17:36:13.25 on 01/10/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.767.268 [GMT 1:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
SVCHOST.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\sophos_autoupdate1.dir\alupdate.exe
C:\Documents and Settings\kev\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171660564650
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outloo~1\setup50.exe" /app:oe /caller:win9x /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outloo~1\setup50.exe" /app:wab /caller:win9x /user /install - "c:\progra~1\outloo~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kev\applic~1\mozilla\firefox\profiles\xkxutwjl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\documents and settings\kev\application data\mozilla\firefox\profiles\xkxutwjl.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-9-23 151936]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-9-23 24064]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-22 54752]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-8-16 163056]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-14 97520]
R2 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [2010-9-23 27640]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-6-14 222448]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-9-10 1541360]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2007-2-16 9344]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-9-23 14976]

=============== Created Last 30 ================

2010-10-01 16:32:12 0 ----a-w- c:\documents and settings\kev\defogger_reenable
2010-09-28 15:57:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-28 15:57:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-28 15:57:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-25 08:31:42 0 d-----w- c:\program files\iTunes
2010-09-25 08:23:04 0 d-----w- c:\program files\Bonjour
2010-09-23 11:44:06 27640 ----a-w- c:\windows\system32\drivers\skmscan.sys
2010-09-23 11:11:17 0 d-----w- c:\docume~1\kev\applic~1\Sophos
2010-09-23 11:07:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Sophos Web Intelligence
2010-09-23 11:07:16 0 d-----w- c:\program files\common files\Cisco Systems
2010-09-23 11:07:05 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
2010-09-23 11:06:53 0 d-----w- c:\program files\Sophos
2010-09-23 11:06:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Sophos
2010-09-23 11:04:12 24064 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys
2010-09-23 11:04:12 151936 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys
2010-09-23 11:04:12 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-09-23 11:03:56 0 d-----w- C:\savw_95_sa
2010-09-22 21:06:58 361600 ----a-w- c:\windows\system32\drivers\tcpip.kav
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-09-26 18:56:16 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-26 14:24:46 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 17:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 17:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 06:30:36 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:16 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2000-10-04 18:30:52 271 --sh--w- c:\program files\desktop.ini
2000-10-04 18:30:52 23357 ---h--w- c:\program files\folder.htt
2008-11-11 21:11:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111120081112\index.dat

============= FINISH: 17:37:29.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:31 AM

Posted 06 October 2010 - 06:34 AM

Hello Trevrev

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please download Rootkit Unhooker and save it to your desktop.
  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Edited by kahdah, 06 October 2010 - 06:34 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 06 October 2010 - 07:51 AM

Hi Kahdah, hope you are well.
Thank you for your reply and help.
I'm at work right now so i'll get on to this as soon as i get home.
Would the problems you've found have anything to do with my windows automatic update acting strange? It keeps redirecting me to what looks like a fake microsoft page.
Also in the last few days i've been attacked by trojan.agent/gen-fakealert
It's all looking quite bleak right now!
I've now deactivated my Facebook account as i feel this is where my problems have stemmed from.

Trevor.


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:31 AM

Posted 06 October 2010 - 08:20 AM

Yes it would make that happen I need to see some updated logs to determine what infections are present.
Usually that meas Rootkit.win32.TDSS.d is still active.
It was foolish in my opinion to remove Kaspersky as it has much better detection than Sophos but everybody has an opinion.

Either way we will get to the bottom of it. smile.gif
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 06 October 2010 - 08:59 AM

I'm still able to re-install my Kaspersky. The replacement of Sophos was taken out of my hands by the I.T department who were looking at my PC. They pointed the blame of my troubles at Kaspersky for not detecting the faults.
I just assumed me, being a semi-computer-literate home user, that they knew best!
It is the corporate version of Sophos that they've installed for me, not sure if that makes a difference.
Anyhow......The reason i took my PC to them, was to see if they could remove the "Rootkit.win32.TDSS.d" that was playing hell.

It seems they just hid the problem rather than remove it!

The Anti-virus thing is a big issue, and to be honest i'm not sure in which direction to take.

Edited by Trevrev, 06 October 2010 - 09:31 AM.


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:31 AM

Posted 06 October 2010 - 12:48 PM

For now we do not need to worry with the antivirus it is not really that big of a deal at this point once the system is clean then we can deal with that.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 06 October 2010 - 01:30 PM

Good evening.........Reports

My anti virus picked up suspicious behavior.
HIPS/RegMod-009 OTL.exe and put it in quarantine
I'm assuming this is ok not to delete?


OTL logfile created on: 06/10/2010 18:45:48 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\kev\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 397.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.94 Gb Total Space | 35.29 Gb Free Space | 64.23% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 12.11 Gb Total Space | 6.23 Gb Free Space | 51.44% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAPPY-DAYS
Current User Name: kev
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\kev\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\SYSTEM32\pctspk.exe (PCtel, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\kev\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Pctspk) -- C:\WINDOWS\SYSTEM32\pctspk.exe (PCtel, Inc.)


========== Driver Services (SafeList) ==========

DRV - (VcommMgr) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys File not found
DRV - (VComm) -- C:\WINDOWS\System32\DRIVERS\VComm.sys File not found
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys File not found
DRV - (BTHidEnum) -- C:\WINDOWS\System32\Drivers\vbtenum.sys File not found
DRV - (Btcsrusb) -- C:\WINDOWS\System32\Drivers\btcusb.sys File not found
DRV - (BT) -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys File not found
DRV - (BlueletSCOAudio) -- C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys File not found
DRV - (BlueletAudio) -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys File not found
DRV - (SKMScan) -- C:\WINDOWS\SYSTEM32\DRIVERS\skmscan.sys (Sophos Plc)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SAVOnAccessControl) -- C:\WINDOWS\SYSTEM32\DRIVERS\savonaccesscontrol.sys (Sophos Plc)
DRV - (SAVOnAccessFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\savonaccessfilter.sys (Sophos Plc)
DRV - (SophosBootDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\SophosBootDriver.sys (Sophos Plc)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (fssfltr) -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\WINDOWS\SYSTEM32\DRIVERS\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\WINDOWS\SYSTEM32\DRIVERS\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\WINDOWS\SYSTEM32\DRIVERS\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\s116bus.sys (MCCI Corporation)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ha10kx2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys (Creative Technology Ltd)
DRV - (sbpci) Sound Blaster PCI128 Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\sbpci.sys (Creative Technology Ltd.)
DRV - (irsir) -- C:\WINDOWS\SYSTEM32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (NtApm) -- C:\WINDOWS\SYSTEM32\DRIVERS\NtApm.sys (Microsoft Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- C:\WINDOWS\SYSTEM32\DRIVERS\ptserlp.sys (PCTEL, INC.)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\es1371mp.sys (Creative Technology Ltd.)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys (Creative Technology Ltd.)
DRV - (FA312) -- C:\WINDOWS\SYSTEM32\DRIVERS\FA312nd5.sys (NETGEAR Corp.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.93
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/14 19:22:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/09 17:29:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/04 20:27:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/04 20:27:46 | 000,000,000 | ---D | M]

[2009/06/04 20:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\Mozilla\Extensions
[2009/06/04 20:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kev\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/04 20:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\Mozilla\Firefox\Profiles\xkxutwjl.default\extensions
[2009/06/25 18:46:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kev\Application Data\Mozilla\Firefox\Profiles\xkxutwjl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/28 11:00:36 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\kev\Application Data\Mozilla\Firefox\Profiles\xkxutwjl.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2009/06/04 20:27:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/04 20:27:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/09/19 11:44:52 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/09/19 11:44:52 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/09/19 11:44:56 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/09/25 09:27:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/09/25 09:27:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/09/25 09:27:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/09/25 09:27:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/09/25 09:27:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/09/25 09:27:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/09/25 09:27:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/10/14 21:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/03/13 09:01:22 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/13 09:01:22 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/03/13 09:01:22 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/13 09:01:22 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/13 09:01:22 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/13 09:01:22 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/13 09:01:22 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/13 09:01:22 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/23 10:03:46 | 000,419,407 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14474 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1171660564650 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ndwiat {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - c:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SYSTEM32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/06/08 17:00:00 | 000,000,079 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2007/02/14 20:07:46 | 000,000,213 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/02/14 20:07:46 | 000,000,213 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/28 16:57:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/28 16:57:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/28 16:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/25 09:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/25 09:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/23 12:44:06 | 000,027,640 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\skmscan.sys
[2010/09/23 12:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/23 12:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/23 12:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kev\Application Data\Sophos
[2010/09/23 12:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2010/09/23 12:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2010/09/23 12:07:05 | 000,028,912 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SophosBootTasks.exe
[2010/09/23 12:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/09/23 12:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2010/09/23 12:04:12 | 000,151,936 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccesscontrol.sys
[2010/09/23 12:04:12 | 000,024,064 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccessfilter.sys
[2010/09/23 12:04:12 | 000,014,976 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\SophosBootDriver.sys
[2010/09/23 12:03:56 | 000,000,000 | ---D | C] -- C:\savw_95_sa
[2010/09/22 22:06:58 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.kav
[2010/09/08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/09/08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2000/08/01 03:55:01 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/06 18:44:02 | 000,000,537 | ---- | M] () -- C:\Documents and Settings\kev\Desktop\Shortcut to OTL.lnk
[2010/10/06 16:57:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/06 16:56:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/06 16:56:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/06 16:56:26 | 804,835,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/06 09:32:56 | 000,024,888 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000002-80611102}.rfx
[2010/10/06 09:32:56 | 000,024,888 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000002-80611102}.rfx
[2010/10/06 09:32:56 | 000,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000002-80611102}.rfx
[2010/10/06 09:32:56 | 000,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000A-00001102-00000002-80611102}.rfx
[2010/10/06 09:32:56 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/10/06 09:32:56 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/10/06 09:32:56 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80611102}.dat
[2010/10/06 09:32:56 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80611102}.dat
[2010/10/06 09:32:36 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/10/06 09:32:32 | 010,223,616 | -H-- | M] () -- C:\Documents and Settings\kev\NTUSER.DAT
[2010/10/06 09:32:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\kev\ntuser.ini
[2010/10/06 09:32:16 | 008,503,558 | -H-- | M] () -- C:\Documents and Settings\kev\Application Data\IconCache.db
[2010/10/04 20:07:02 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2010/10/03 15:32:40 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/02 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2010/10/01 17:40:52 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\kev\Desktop\Shortcut to gmer.lnk
[2010/10/01 17:35:02 | 000,000,537 | ---- | M] () -- C:\Documents and Settings\kev\Desktop\Shortcut to dds.lnk
[2010/10/01 17:32:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\kev\defogger_reenable
[2010/10/01 17:31:48 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\kev\Desktop\Shortcut to Defogger.lnk
[2010/09/28 16:57:54 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/27 18:49:40 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/27 17:32:18 | 000,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/09/27 12:42:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/26 19:56:16 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/09/25 09:36:20 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/25 09:27:26 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/23 14:40:32 | 000,192,000 | ---- | M] () -- C:\Documents and Settings\kev\Desktop\Faults Found on Time Computer 23092010.doc
[2010/09/23 11:45:08 | 000,002,026 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/23 11:45:08 | 000,000,677 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/23 11:45:08 | 000,000,216 | -HS- | M] () -- C:\boot.ini
[2010/09/15 22:16:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/09/08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/06 18:44:00 | 000,000,537 | ---- | C] () -- C:\Documents and Settings\kev\Desktop\Shortcut to OTL.lnk
[2010/10/01 17:40:51 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\kev\Desktop\Shortcut to gmer.lnk
[2010/10/01 17:35:00 | 000,000,537 | ---- | C] () -- C:\Documents and Settings\kev\Desktop\Shortcut to dds.lnk
[2010/10/01 17:32:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kev\defogger_reenable
[2010/10/01 17:31:46 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\kev\Desktop\Shortcut to Defogger.lnk
[2010/09/28 16:57:53 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/27 18:49:38 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/27 17:32:17 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/09/25 09:33:21 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/25 09:27:24 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/23 10:20:59 | 000,192,000 | ---- | C] () -- C:\Documents and Settings\kev\Desktop\Faults Found on Time Computer 23092010.doc
[2009/06/23 17:41:28 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2009/06/22 21:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/03/16 17:58:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/01/02 20:40:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/11/26 19:49:23 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2007/03/06 20:26:47 | 000,000,113 | ---- | C] () -- C:\WINDOWS\Inetreg.ini
[2007/02/19 19:45:48 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2007/02/17 23:13:58 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\kev\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/16 21:03:51 | 000,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2007/02/16 21:03:51 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2007/02/16 21:03:51 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2007/02/16 21:03:51 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2007/02/16 21:03:51 | 000,001,019 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/16 21:03:51 | 000,000,825 | ---- | C] () -- C:\WINDOWS\mrun32.ini
[2007/02/16 21:03:51 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2007/02/16 21:03:51 | 000,000,728 | ---- | C] () -- C:\WINDOWS\PTCOUNTY.INI
[2007/02/16 21:03:51 | 000,000,444 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2007/02/16 21:03:51 | 000,000,342 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/02/16 21:03:51 | 000,000,263 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2007/02/16 21:03:51 | 000,000,246 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/02/16 21:03:51 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2007/02/16 21:03:51 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2007/02/16 21:03:51 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2007/02/16 21:03:51 | 000,000,045 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2007/02/16 21:03:51 | 000,000,033 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2007/02/16 21:03:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/02/16 21:03:51 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2007/02/16 21:03:51 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2007/02/16 21:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2007/02/16 21:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UI.INI
[2007/02/16 21:03:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005/06/28 18:41:54 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\kev\Application Data\dw.log
[2004/12/21 18:38:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\bpenhan.dll
[2004/12/21 18:38:27 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Capi2032.dll
[2004/12/21 18:38:25 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/12/21 18:38:25 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/12/14 15:55:01 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EPIPPJ30.DLL
[2004/12/07 16:45:47 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2000/10/04 19:30:51 | 000,023,357 | -H-- | C] () -- C:\Program Files\folder.htt
[2000/08/25 10:37:50 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2000/08/01 03:56:35 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2000/08/01 03:55:36 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2000/08/01 03:55:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2000/08/01 03:55:11 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2000/06/06 16:21:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 000,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS

========== LOP Check ==========

[2008/03/16 17:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/03/18 22:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2008/10/23 19:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/03/17 19:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/02/25 21:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/08 21:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/04/16 20:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/23 12:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2010/09/23 12:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2007/02/16 21:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\FUJIFILM
[2007/02/17 23:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\InterVideo
[2007/05/29 20:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\WMTools Downloaded Files
[2008/01/02 20:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\Teleca
[2008/02/12 20:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\SupportSoft
[2008/04/11 16:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\Viewpoint
[2008/12/17 21:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\PassMark
[2009/06/09 18:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\PCHealth
[2010/01/28 19:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\SystemRequirementsLab
[2010/03/28 11:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\Sony Online Entertainment
[2010/09/23 12:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kev\Application Data\Sophos
[2010/10/02 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job
[2010/10/04 20:07:02 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2000/10/04 19:29:18 | 000,001,660 | RHS- | M] () -- C:\MSDOS.SYS
[2000/10/04 19:26:18 | 000,249,888 | RH-- | M] () -- C:\CLASSES.1ST
[2000/06/08 17:00:00 | 000,000,079 | -HS- | M] () -- C:\AUTOEXEC.DOS
[2000/06/08 17:00:00 | 000,000,047 | -HS- | M] () -- C:\CONFIG.DOS
[2000/07/05 11:35:16 | 000,129,078 | -HS- | M] () -- C:\LOGO.SYS
[2000/06/08 17:00:00 | 000,110,080 | RHS- | M] () -- C:\io.sys
[2007/02/14 20:07:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/02/14 20:07:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.BAK
[2007/02/14 20:07:46 | 000,000,213 | ---- | M] () -- C:\AUTOEXEC.BAT
[2001/08/17 22:18:02 | 000,000,007 | -H-- | M] () -- C:\FLASHED.DAT
[2001/08/17 17:17:32 | 000,000,264 | ---- | M] () -- C:\CDFWARE.dat
[2007/02/12 20:17:06 | 000,000,611 | ---- | M] () -- C:\SCANDISK.LOG
[2001/08/18 08:15:14 | 000,000,000 | ---- | M] () -- C:\Check.dat
[2001/08/18 08:15:26 | 000,000,000 | ---- | M] () -- C:\IO.001
[2007/02/14 20:07:46 | 000,000,213 | -HS- | M] () -- C:\AUTOEXEC.BAK
[2005/06/19 15:02:08 | 000,000,063 | ---- | M] () -- C:\WINDOWSWinHlp32.BMK
[2004/12/12 14:03:18 | 000,003,907 | ---- | M] () -- C:\DslTest.html
[2006/10/30 15:56:16 | 000,000,544 | ---- | M] () -- C:\COMPATID.TXT
[2005/10/09 12:53:46 | 000,000,172 | ---- | M] () -- C:\setupfax.log
[2007/02/12 19:44:32 | 000,002,971 | ---- | M] () -- C:\dshell.txt
[2009/06/04 20:02:24 | 000,001,759 | ---- | M] () -- C:\rapport.txt
[2010/10/06 16:56:26 | 804,835,328 | -HS- | M] () -- C:\hiberfil.sys
[2007/02/16 20:38:04 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2010/10/06 16:56:24 | 1207,959,552 | -HS- | M] () -- C:\PAGEFILE.SYS
[2008/11/11 21:00:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/02/16 22:33:32 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2010/09/23 11:45:08 | 000,000,216 | -HS- | M] () -- C:\boot.ini
[2010/08/28 08:57:58 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/02/16 20:51:38 | 000,372,736 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav
[2007/02/16 20:51:38 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2007/02/16 20:51:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav

< %systemroot%\system32\drivers\*.sys /90 >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
< End of report >


2nd report!




OTL Extras logfile created on: 06/10/2010 18:45:48 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\kev\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 397.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.94 Gb Total Space | 35.29 Gb Free Space | 64.23% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 12.11 Gb Total Space | 6.23 Gb Free Space | 51.44% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAPPY-DAYS
Current User Name: kev
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\MSMSGS.EXE" = C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1205690447\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1205690447\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1205690447\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1205690447\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{810EDD9E-2F0A-4E2B-ACF8-6673C38D9F48}" = Sophos TDL3KMem-A Cleanup Tool
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Live!
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Installing HSP56 MicroModem Drivers" = HSP56 MicroModem Drivers
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SBPCIUnInstall" = Creative PCI Audio Drivers
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows" = Windows XP Uninstall
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/09/2010 04:21:44 | Computer Name = HAPPY-DAYS | Source = Bonjour Service | ID = 100
Description = 380: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 25/09/2010 04:21:44 | Computer Name = HAPPY-DAYS | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 25/09/2010 04:21:44 | Computer Name = HAPPY-DAYS | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 25/09/2010 04:21:44 | Computer Name = HAPPY-DAYS | Source = Bonjour Service | ID = 100
Description = 420: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 27/09/2010 12:38:06 | Computer Name = HAPPY-DAYS | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
cannot be returned.

Error - 27/09/2010 12:38:06 | Computer Name = HAPPY-DAYS | Source = Sophos Anti-Virus | ID = 131073
Description = No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory
cannot be returned.

Error - 27/09/2010 13:49:52 | Computer Name = HAPPY-DAYS | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.43.0.1000, faulting
module superantispyware.exe, version 4.43.0.1000, fault address 0x0006de98.

Error - 04/10/2010 13:18:31 | Computer Name = HAPPY-DAYS | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 04/10/2010 15:40:26 | Computer Name = HAPPY-DAYS | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb979909,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 04/10/2010 15:40:42 | Computer Name = HAPPY-DAYS | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

[ System Events ]
Error - 04/10/2010 15:40:32 | Computer Name = HAPPY-DAYS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0
SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909).

Error - 04/10/2010 15:40:39 | Computer Name = HAPPY-DAYS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server
2003 and Windows XP x86 (KB982168).

Error - 04/10/2010 15:40:39 | Computer Name = HAPPY-DAYS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 and
3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).

Error - 04/10/2010 15:40:39 | Computer Name = HAPPY-DAYS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on
Windows Server 2003 and Windows XP x86 (KB983583).

Error - 04/10/2010 15:40:39 | Computer Name = HAPPY-DAYS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0
SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).

Error - 04/10/2010 15:40:48 | Computer Name = HAPPY-DAYS | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 05/10/2010 10:41:36 | Computer Name = HAPPY-DAYS | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 05/10/2010 17:03:34 | Computer Name = HAPPY-DAYS | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 06/10/2010 04:15:55 | Computer Name = HAPPY-DAYS | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 06/10/2010 11:57:00 | Computer Name = HAPPY-DAYS | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747


< End of report >

#8 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 06 October 2010 - 01:33 PM

3rd Report !





RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4276224 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 56.73 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xF7190000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1900544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 )
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF3E27000 C:\WINDOWS\system32\drivers\ha10kx2k.sys 679936 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xF7476000 vmodem.sys 606208 bytes (PCTEL, INC., HSP Modem Modem Device Driver)
0xF7007000 C:\WINDOWS\system32\drivers\sbpci.sys 495616 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xF70BD000 C:\WINDOWS\system32\drivers\ctaud2k.sys 491520 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xF750A000 vpctcom.sys 401408 bytes (PCtel, Inc., HSP Modem Virtual Control Device)
0xF6FA9000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF3D00000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF345E000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF3505000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF3671000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF756C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF2571000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF3CD8000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF3C6E000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF3DB4000 C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys 155648 bytes (Sophos Plc, SAV On-access and HIPS for Windows XP (x86))
0xF75B0000 Fastfat.sys 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF7099000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7135000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7159000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF3CB6000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF3C94000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF75E6000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF3DDA000 C:\WINDOWS\System32\drivers\ctsfm2k.sys 126976 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xF761E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF745C000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x806EE000 C:\WINDOWS\system32\hal.dll 105344 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x806EE000 PCI_HAL 105344 bytes
0xF7080000 C:\WINDOWS\system32\drivers\ctoss2k.sys 102400 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xF3DF9000 C:\WINDOWS\System32\drivers\emupia2k.sys 102400 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xF7606000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF3C56000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7599000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7399000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF3E12000 C:\WINDOWS\System32\drivers\ctac32k.sys 86016 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xF3634000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6F95000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF717C000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF3D59000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF75D4000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF763D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF782F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF773F000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF779F000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76BF000 vvoice.sys 65536 bytes (PCtel, Inc., HSP Modem device driver)
0xF776F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF774F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF37DE000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF77CF000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF76AF000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF778F000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76FF000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF768F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF3A86000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xF771F000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF77EF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF775F000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF767F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF770F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF76CF000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF766F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77AF000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF39D6000 C:\WINDOWS\system32\DRIVERS\skmscan.sys 40960 bytes (Sophos Plc, Sophos Kernel Memory Scanner (x86))
0xF777F000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF769F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF781F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF77DF000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF2E16000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF77FF000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7977000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7947000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7987000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78EF000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7927000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7937000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF793F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF797F000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7957000 C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys 24576 bytes (Sophos Plc, SAV On-access and HIPS for Windows XP (x86))
0xF792F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7967000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF794F000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF796F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78F7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7917000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF791F000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF790F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF798F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7B13000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF3912000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7B17000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A7F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7389000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7B0F000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF7B5F000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7B63000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7AEF000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7AFF000 C:\WINDOWS\System32\DRIVERS\NtApm.sys 12288 bytes (Microsoft Corporation, NT Legacy APM Support Driver)
0xF7B4B000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B81000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B75000 C:\WINDOWS\System32\drivers\ctprxy2k.sys 8192 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xF7B87000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B7F000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B6F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B83000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7BC3000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7B85000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B77000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B7D000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B71000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7B73000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF741B000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7414000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF73EE000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B78C, Type: Inline - RelativeJump 0x804E278C-->804E276E [ntoskrnl.exe]
ntoskrnl.exe+0x0000B7B4, Type: Inline - RelativeJump 0x804E27B4-->804E2797 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA78, Type: Inline - RelativeJump 0x804E2A78-->804E2A5A [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA94, Type: Inline - RelativeJump 0x804E2A94-->804E2A77 [ntoskrnl.exe]
[1024]SVCHOST.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C0F8-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FD [unknown_code_page]
[1024]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FE [unknown_code_page]
[1024]SVCHOST.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->GetThreadContext, Type: Inline - RelativeJump 0x7C83973D-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - RelativeJump 0x7C80FDCD-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD2 [unknown_code_page]
[1024]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD3 [unknown_code_page]
[1024]SVCHOST.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1024]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1024]SVCHOST.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->ResumeThread, Type: Inline - RelativeJump 0x7C832927-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C863C09-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[1024]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[1024]SVCHOST.EXE-->kernel32.dll-->WriteFileEx, Type: Inline - RelativeJump 0x7C85D6D9-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[1024]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[1024]SVCHOST.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ws2_32.dll-->accept, Type: Inline - RelativeJump 0x71AC1040-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ws2_32.dll-->getpeername, Type: Inline - RelativeJump 0x71AC0B68-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ws2_32.dll-->listen, Type: Inline - RelativeJump 0x71AB8CD3-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - RelativeJump 0x71AB6A55-->00000000 [sophos_detoured.dll]
[1024]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5A [unknown_code_page]
[1024]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5B [unknown_code_page]
[1112]SVCHOST.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C0F8-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FD [unknown_code_page]
[1112]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FE [unknown_code_page]
[1112]SVCHOST.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->GetThreadContext, Type: Inline - RelativeJump 0x7C83973D-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - RelativeJump 0x7C80FDCD-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD2 [unknown_code_page]
[1112]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD3 [unknown_code_page]
[1112]SVCHOST.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1112]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1112]SVCHOST.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->ResumeThread, Type: Inline - RelativeJump 0x7C832927-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C863C09-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[1112]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[1112]SVCHOST.EXE-->kernel32.dll-->WriteFileEx, Type: Inline - RelativeJump 0x7C85D6D9-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[1112]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[1112]SVCHOST.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ws2_32.dll-->accept, Type: Inline - RelativeJump 0x71AC1040-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ws2_32.dll-->getpeername, Type: Inline - RelativeJump 0x71AC0B68-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ws2_32.dll-->listen, Type: Inline - RelativeJump 0x71AB8CD3-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - RelativeJump 0x71AB6A55-->00000000 [sophos_detoured.dll]
[1112]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5A [unknown_code_page]
[1112]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5B [unknown_code_page]
[1212]EXPLORER.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1212]EXPLORER.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C0F8-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FD [unknown_code_page]
[1212]EXPLORER.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FE [unknown_code_page]
[1212]EXPLORER.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->GetThreadContext, Type: Inline - RelativeJump 0x7C83973D-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - RelativeJump 0x7C80FDCD-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD2 [unknown_code_page]
[1212]EXPLORER.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD3 [unknown_code_page]
[1212]EXPLORER.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1212]EXPLORER.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1212]EXPLORER.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->ResumeThread, Type: Inline - RelativeJump 0x7C832927-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C863C09-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[1212]EXPLORER.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[1212]EXPLORER.EXE-->kernel32.dll-->WriteFileEx, Type: Inline - RelativeJump 0x7C85D6D9-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[1212]EXPLORER.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[1212]EXPLORER.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[1212]EXPLORER.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1212]EXPLORER.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1212]EXPLORER.EXE-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D951615-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D9513D4-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[1212]EXPLORER.EXE-->ws2_32.dll-->accept, Type: Inline - RelativeJump 0x71AC1040-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->ws2_32.dll-->getpeername, Type: Inline - RelativeJump 0x71AC0B68-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1212]EXPLORER.EXE-->ws2_32.dll-->listen, Type: Inline - RelativeJump 0x71AB8CD3-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - RelativeJump 0x71AB6A55-->00000000 [sophos_detoured.dll]
[1212]EXPLORER.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5A [unknown_code_page]
[1212]EXPLORER.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5B [unknown_code_page]
[1376]SVCHOST.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C0F8-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FD [unknown_code_page]
[1376]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FE [unknown_code_page]
[1376]SVCHOST.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->GetThreadContext, Type: Inline - RelativeJump 0x7C83973D-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - RelativeJump 0x7C80FDCD-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD2 [unknown_code_page]
[1376]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD3 [unknown_code_page]
[1376]SVCHOST.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1376]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1376]SVCHOST.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->ResumeThread, Type: Inline - RelativeJump 0x7C832927-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C863C09-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[1376]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[1376]SVCHOST.EXE-->kernel32.dll-->WriteFileEx, Type: Inline - RelativeJump 0x7C85D6D9-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[1376]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[1376]SVCHOST.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D951615-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D9513D4-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ws2_32.dll-->accept, Type: Inline - RelativeJump 0x71AC1040-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ws2_32.dll-->getpeername, Type: Inline - RelativeJump 0x71AC0B68-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ws2_32.dll-->listen, Type: Inline - RelativeJump 0x71AB8CD3-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - RelativeJump 0x71AB6A55-->00000000 [sophos_detoured.dll]
[1376]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5A [unknown_code_page]
[1376]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5B [unknown_code_page]
[1476]SVCHOST.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C0F8-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FD [unknown_code_page]
[1476]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FE [unknown_code_page]
[1476]SVCHOST.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->GetThreadContext, Type: Inline - RelativeJump 0x7C83973D-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - RelativeJump 0x7C80FDCD-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD2 [unknown_code_page]
[1476]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD3 [unknown_code_page]
[1476]SVCHOST.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1476]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1476]SVCHOST.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->ResumeThread, Type: Inline - RelativeJump 0x7C832927-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C863C09-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[1476]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[1476]SVCHOST.EXE-->kernel32.dll-->WriteFileEx, Type: Inline - RelativeJump 0x7C85D6D9-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[1476]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[1476]SVCHOST.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ws2_32.dll-->accept, Type: Inline - RelativeJump 0x71AC1040-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ws2_32.dll-->getpeername, Type: Inline - RelativeJump 0x71AC0B68-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ws2_32.dll-->listen, Type: Inline - RelativeJump 0x71AB8CD3-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - RelativeJump 0x71AB6A55-->00000000 [sophos_detoured.dll]
[1476]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5A [unknown_code_page]
[1476]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5B [unknown_code_page]
[1804]SVCHOST.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C0F8-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FD [unknown_code_page]
[1804]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FE [unknown_code_page]
[1804]SVCHOST.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->GetThreadContext, Type: Inline - RelativeJump 0x7C83973D-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - RelativeJump 0x7C80FDCD-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD2 [unknown_code_page]
[1804]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD3 [unknown_code_page]
[1804]SVCHOST.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[1804]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[1804]SVCHOST.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->ResumeThread, Type: Inline - RelativeJump 0x7C832927-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C863C09-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[1804]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[1804]SVCHOST.EXE-->kernel32.dll-->WriteFileEx, Type: Inline - RelativeJump 0x7C85D6D9-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [sophos_detoured.dll]
[1804]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[1804]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[1804]SVCHOST.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C0F8-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FD [unknown_code_page]
[2484]firefox.exe-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FE [unknown_code_page]
[2484]firefox.exe-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->GetThreadContext, Type: Inline - RelativeJump 0x7C83973D-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->GlobalAlloc, Type: Inline - RelativeJump 0x7C80FDCD-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD2 [unknown_code_page]
[2484]firefox.exe-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD3 [unknown_code_page]
[2484]firefox.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[2484]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[2484]firefox.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->ResumeThread, Type: Inline - RelativeJump 0x7C832927-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C863C09-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[2484]firefox.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[2484]firefox.exe-->kernel32.dll-->WriteFileEx, Type: Inline - RelativeJump 0x7C85D6D9-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[2484]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[2484]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D951615-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D9513D4-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ws2_32.dll-->accept, Type: Inline - RelativeJump 0x71AC1040-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ws2_32.dll-->getpeername, Type: Inline - RelativeJump 0x71AC0B68-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ws2_32.dll-->listen, Type: Inline - RelativeJump 0x71AB8CD3-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ws2_32.dll-->WSAStartup, Type: Inline - RelativeJump 0x71AB6A55-->00000000 [sophos_detoured.dll]
[2484]firefox.exe-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5A [unknown_code_page]
[2484]firefox.exe-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5B [unknown_code_page]
[3180]SVCHOST.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C0F8-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FD [unknown_code_page]
[3180]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FE [unknown_code_page]
[3180]SVCHOST.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->GetThreadContext, Type: Inline - RelativeJump 0x7C83973D-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - RelativeJump 0x7C80FDCD-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD2 [unknown_code_page]
[3180]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD3 [unknown_code_page]
[3180]SVCHOST.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[3180]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[3180]SVCHOST.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->ResumeThread, Type: Inline - RelativeJump 0x7C832927-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C863C09-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[3180]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[3180]SVCHOST.EXE-->kernel32.dll-->WriteFileEx, Type: Inline - RelativeJump 0x7C85D6D9-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[3180]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[3180]SVCHOST.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ws2_32.dll-->accept, Type: Inline - RelativeJump 0x71AC1040-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ws2_32.dll-->getpeername, Type: Inline - RelativeJump 0x71AC0B68-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ws2_32.dll-->listen, Type: Inline - RelativeJump 0x71AB8CD3-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - RelativeJump 0x71AB6A55-->00000000 [sophos_detoured.dll]
[3180]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5A [unknown_code_page]
[3180]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5B [unknown_code_page]
[408]LSASS.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C0F8-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FD [unknown_code_page]
[408]LSASS.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FE [unknown_code_page]
[408]LSASS.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->GetThreadContext, Type: Inline - RelativeJump 0x7C83973D-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - RelativeJump 0x7C80FDCD-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD2 [unknown_code_page]
[408]LSASS.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD3 [unknown_code_page]
[408]LSASS.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[408]LSASS.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[408]LSASS.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->ResumeThread, Type: Inline - RelativeJump 0x7C832927-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C863C09-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[408]LSASS.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[408]LSASS.EXE-->kernel32.dll-->WriteFileEx, Type: Inline - RelativeJump 0x7C85D6D9-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[408]LSASS.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[408]LSASS.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ws2_32.dll-->accept, Type: Inline - RelativeJump 0x71AC1040-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ws2_32.dll-->getpeername, Type: Inline - RelativeJump 0x71AC0B68-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ws2_32.dll-->listen, Type: Inline - RelativeJump 0x71AB8CD3-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - RelativeJump 0x71AB6A55-->00000000 [sophos_detoured.dll]
[408]LSASS.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5A [unknown_code_page]
[408]LSASS.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5B [unknown_code_page]
[556]SVCHOST.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C0F8-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FD [unknown_code_page]
[556]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FE [unknown_code_page]
[556]SVCHOST.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->GetThreadContext, Type: Inline - RelativeJump 0x7C83973D-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - RelativeJump 0x7C80FDCD-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD2 [unknown_code_page]
[556]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD3 [unknown_code_page]
[556]SVCHOST.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[556]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[556]SVCHOST.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->ResumeThread, Type: Inline - RelativeJump 0x7C832927-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C863C09-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[556]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[556]SVCHOST.EXE-->kernel32.dll-->WriteFileEx, Type: Inline - RelativeJump 0x7C85D6D9-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[556]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[556]SVCHOST.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ws2_32.dll-->accept, Type: Inline - RelativeJump 0x71AC1040-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ws2_32.dll-->getpeername, Type: Inline - RelativeJump 0x71AC0B68-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ws2_32.dll-->listen, Type: Inline - RelativeJump 0x71AB8CD3-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - RelativeJump 0x71AB6A55-->00000000 [sophos_detoured.dll]
[556]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5A [unknown_code_page]
[556]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5B [unknown_code_page]
[604]SVCHOST.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C0F8-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FD [unknown_code_page]
[604]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FE [unknown_code_page]
[604]SVCHOST.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->GetThreadContext, Type: Inline - RelativeJump 0x7C83973D-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - RelativeJump 0x7C80FDCD-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD2 [unknown_code_page]
[604]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD3 [unknown_code_page]
[604]SVCHOST.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[604]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[604]SVCHOST.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->ResumeThread, Type: Inline - RelativeJump 0x7C832927-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C863C09-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[604]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[604]SVCHOST.EXE-->kernel32.dll-->WriteFileEx, Type: Inline - RelativeJump 0x7C85D6D9-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[604]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[604]SVCHOST.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ws2_32.dll-->accept, Type: Inline - RelativeJump 0x71AC1040-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ws2_32.dll-->getpeername, Type: Inline - RelativeJump 0x71AC0B68-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ws2_32.dll-->listen, Type: Inline - RelativeJump 0x71AB8CD3-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - RelativeJump 0x71AB6A55-->00000000 [sophos_detoured.dll]
[604]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5A [unknown_code_page]
[604]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5B [unknown_code_page]
[644]SVCHOST.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->CreateProcessInternalA, Type: Inline - RelativeJump 0x7C81D54E-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->ExitProcess, Type: Inline - RelativeJump 0x7C81CB12-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - RelativeJump 0x7C80C0F8-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FD [unknown_code_page]
[644]SVCHOST.EXE-->kernel32.dll-->ExitThread, Type: Inline - SEH 0x7C80C0FE [unknown_code_page]
[644]SVCHOST.EXE-->kernel32.dll-->FreeLibrary, Type: Inline - RelativeJump 0x7C80AC7E-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->GetThreadContext, Type: Inline - RelativeJump 0x7C83973D-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - RelativeJump 0x7C80FDCD-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD2 [unknown_code_page]
[644]SVCHOST.EXE-->kernel32.dll-->GlobalAlloc, Type: Inline - SEH 0x7C80FDD3 [unknown_code_page]
[644]SVCHOST.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFA [unknown_code_page]
[644]SVCHOST.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AFB [unknown_code_page]
[644]SVCHOST.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->ResumeThread, Type: Inline - RelativeJump 0x7C832927-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->SetThreadContext, Type: Inline - RelativeJump 0x7C863C09-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[644]SVCHOST.EXE-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[644]SVCHOST.EXE-->kernel32.dll-->WriteFileEx, Type: Inline - RelativeJump 0x7C85D6D9-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x7C802213-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[644]SVCHOST.EXE-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[644]SVCHOST.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D953081-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D956F5A-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D951615-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D9513D4-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ws2_32.dll-->accept, Type: Inline - RelativeJump 0x71AC1040-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ws2_32.dll-->bind, Type: Inline - RelativeJump 0x71AB4480-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x71AB4A07-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ws2_32.dll-->getpeername, Type: Inline - RelativeJump 0x71AC0B68-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ws2_32.dll-->listen, Type: Inline - RelativeJump 0x71AB8CD3-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8B6A-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - RelativeJump 0x71AB6A55-->00000000 [sophos_detoured.dll]
[644]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5A [unknown_code_page]
[644]SVCHOST.EXE-->ws2_32.dll-->WSAStartup, Type: Inline - SEH 0x71AB6A5B [unknown_code_page]


Edited by Trevrev, 06 October 2010 - 01:35 PM.


#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:31 AM

Posted 06 October 2010 - 05:48 PM

Yes that is a false positive.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 07 October 2010 - 03:03 AM

Thanks Kahdah,
I'll do that as soon as i'm home from work.
Do i run that scan with my antivirus disabled and LAN disabled?
Also, is it now safe to delete all of the other reports?

Trevor.

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:31 AM

Posted 07 October 2010 - 06:28 AM

You do not have to do anything else but run the program with the instructions above.
You can delete the reports if you want.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 07 October 2010 - 12:46 PM

Hi Kahdah,
Tdsskiller didn't find anything!

Report!!




2010/10/07 18:36:33.0176 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/07 18:36:33.0176 ================================================================================
2010/10/07 18:36:33.0176 SystemInfo:
2010/10/07 18:36:33.0176
2010/10/07 18:36:33.0176 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/07 18:36:33.0176 Product type: Workstation
2010/10/07 18:36:33.0176 ComputerName: HAPPY-DAYS
2010/10/07 18:36:33.0176 UserName: kev
2010/10/07 18:36:33.0176 Windows directory: C:\WINDOWS
2010/10/07 18:36:33.0176 System windows directory: C:\WINDOWS
2010/10/07 18:36:33.0176 Processor architecture: Intel x86
2010/10/07 18:36:33.0176 Number of processors: 1
2010/10/07 18:36:33.0176 Page size: 0x1000
2010/10/07 18:36:33.0176 Boot type: Normal boot
2010/10/07 18:36:33.0176 ================================================================================
2010/10/07 18:36:33.0967 Initialize success
2010/10/07 18:36:50.0601 ================================================================================
2010/10/07 18:36:50.0601 Scan started
2010/10/07 18:36:50.0601 Mode: Manual;
2010/10/07 18:36:50.0601 ================================================================================
2010/10/07 18:36:54.0777 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/07 18:36:55.0348 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/07 18:37:01.0647 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/07 18:37:02.0368 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/07 18:37:03.0630 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/07 18:37:04.0310 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/07 18:37:04.0801 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/07 18:37:07.0886 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/10/07 18:37:09.0768 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/10/07 18:37:10.0479 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/10/07 18:37:11.0240 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/10/07 18:37:11.0641 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/07 18:37:12.0813 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/07 18:37:13.0454 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/07 18:37:14.0175 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/07 18:37:16.0839 ctac32k (4b6096745f72b4fd36514617e2ea5d37) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/10/07 18:37:17.0239 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/10/07 18:37:17.0990 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2010/10/07 18:37:18.0491 ctprxy2k (097d42574e3c6d98cd5a2ee7647fa6bf) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/10/07 18:37:19.0062 ctsfm2k (c58a2507ef62b20b9bd670c666088b50) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/10/07 18:37:21.0145 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/07 18:37:21.0856 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/07 18:37:22.0407 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/07 18:37:22.0747 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/07 18:37:23.0428 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/07 18:37:24.0820 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/07 18:37:25.0391 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2010/10/07 18:37:25.0952 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2010/10/07 18:37:26.0492 emupia (a9d94b89372f3f9609a1a5eec631a260) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/10/07 18:37:27.0013 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
2010/10/07 18:37:27.0644 FA312 (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
2010/10/07 18:37:28.0305 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/07 18:37:28.0766 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/07 18:37:29.0367 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/07 18:37:29.0877 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/07 18:37:30.0548 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/07 18:37:31.0369 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/10/07 18:37:31.0820 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/07 18:37:32.0211 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/07 18:37:32.0842 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/10/07 18:37:33.0372 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/07 18:37:34.0033 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/07 18:37:34.0614 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/10/07 18:37:35.0475 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/07 18:37:36.0827 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/07 18:37:38.0910 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/07 18:37:39.0551 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/07 18:37:41.0734 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/07 18:37:42.0185 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/07 18:37:42.0555 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/07 18:37:43.0226 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/07 18:37:43.0817 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/07 18:37:44.0308 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/07 18:37:44.0809 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/10/07 18:37:45.0430 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/07 18:37:45.0860 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/07 18:37:46.0491 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/07 18:37:47.0142 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/07 18:37:48.0554 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/07 18:37:49.0245 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/07 18:37:49.0806 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/07 18:37:50.0337 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/07 18:37:50.0887 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/07 18:37:51.0979 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/07 18:37:52.0640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/07 18:37:53.0271 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/07 18:37:53.0832 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/07 18:37:54.0403 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/07 18:37:55.0124 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/07 18:37:55.0724 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/07 18:37:56.0225 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/07 18:37:56.0826 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/07 18:37:57.0407 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/07 18:37:57.0807 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/07 18:37:58.0388 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/07 18:37:58.0989 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/07 18:37:59.0660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/07 18:38:00.0351 NtApm (325ffaeceeace80d2643e6bdc7c1f9e2) C:\WINDOWS\system32\DRIVERS\NtApm.sys
2010/10/07 18:38:01.0002 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/07 18:38:01.0543 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/07 18:38:02.0454 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/07 18:38:03.0135 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/07 18:38:03.0626 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/07 18:38:04.0187 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/10/07 18:38:04.0597 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/07 18:38:05.0208 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/07 18:38:05.0639 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/07 18:38:06.0240 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/07 18:38:08.0172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/07 18:38:12.0779 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/07 18:38:13.0230 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/07 18:38:13.0810 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS\system32\DRIVERS\ptserlp.sys
2010/10/07 18:38:17.0636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/07 18:38:18.0187 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/10/07 18:38:18.0727 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/07 18:38:19.0358 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/07 18:38:19.0769 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/07 18:38:20.0220 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/07 18:38:20.0861 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/07 18:38:21.0451 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/07 18:38:22.0192 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/10/07 18:38:22.0623 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/10/07 18:38:23.0114 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
2010/10/07 18:38:23.0584 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
2010/10/07 18:38:24.0025 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
2010/10/07 18:38:24.0506 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
2010/10/07 18:38:25.0047 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
2010/10/07 18:38:25.0517 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
2010/10/07 18:38:26.0018 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
2010/10/07 18:38:26.0439 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/07 18:38:26.0869 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/07 18:38:27.0791 SAVOnAccessControl (05ffe6b4702722a26c0d5ceb84e4fbe1) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
2010/10/07 18:38:28.0191 SAVOnAccessFilter (d5645e3b94baf6725fd0caf579e16c2b) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
2010/10/07 18:38:28.0642 sbpci (4939d6f53ec3a18674deba8532f193ca) C:\WINDOWS\system32\drivers\sbpci.sys
2010/10/07 18:38:29.0263 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/07 18:38:29.0864 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/07 18:38:30.0384 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/07 18:38:31.0045 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/07 18:38:31.0556 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2010/10/07 18:38:32.0808 SKMScan (b2dd270c6a2941764168d37a0f9d8d99) C:\WINDOWS\system32\DRIVERS\skmscan.sys
2010/10/07 18:38:33.0549 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
2010/10/07 18:38:35.0351 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/07 18:38:35.0952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/07 18:38:36.0653 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/07 18:38:37.0354 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/07 18:38:37.0885 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/07 18:38:41.0150 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/07 18:38:41.0580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/07 18:38:42.0151 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/07 18:38:42.0522 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/07 18:38:42.0882 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/07 18:38:44.0054 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/07 18:38:45.0476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/07 18:38:45.0967 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/07 18:38:46.0317 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/07 18:38:46.0638 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/07 18:38:46.0998 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/07 18:38:47.0339 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/07 18:38:49.0051 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/07 18:38:49.0722 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/07 18:38:50.0113 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/07 18:38:50.0784 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys
2010/10/07 18:38:51.0264 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/07 18:38:51.0935 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
2010/10/07 18:38:52.0726 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys
2010/10/07 18:38:53.0197 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/07 18:38:54.0219 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/07 18:38:55.0100 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/07 18:38:55.0530 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/07 18:38:56.0261 ================================================================================
2010/10/07 18:38:56.0261 Scan finished
2010/10/07 18:38:56.0261 ================================================================================
2010/10/07 18:41:40.0818 ================================================================================
2010/10/07 18:41:40.0818 Scan started
2010/10/07 18:41:40.0818 Mode: Manual;
2010/10/07 18:41:40.0818 ================================================================================
2010/10/07 18:41:44.0403 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/07 18:41:44.0904 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/07 18:41:50.0502 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/07 18:41:51.0063 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/07 18:41:52.0275 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/07 18:41:52.0865 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/07 18:41:53.0296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/07 18:41:56.0110 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/10/07 18:41:57.0813 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/10/07 18:41:58.0453 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/10/07 18:41:59.0094 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/10/07 18:41:59.0515 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/07 18:42:00.0627 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/07 18:42:01.0257 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/07 18:42:01.0898 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/07 18:42:04.0582 ctac32k (4b6096745f72b4fd36514617e2ea5d37) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/10/07 18:42:04.0963 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/10/07 18:42:05.0464 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2010/10/07 18:42:05.0974 ctprxy2k (097d42574e3c6d98cd5a2ee7647fa6bf) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/10/07 18:42:06.0495 ctsfm2k (c58a2507ef62b20b9bd670c666088b50) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/10/07 18:42:08.0568 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/07 18:42:09.0179 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/07 18:42:09.0579 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/07 18:42:09.0900 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/07 18:42:10.0451 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/07 18:42:11.0783 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/07 18:42:12.0333 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2010/10/07 18:42:12.0814 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2010/10/07 18:42:13.0325 emupia (a9d94b89372f3f9609a1a5eec631a260) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/10/07 18:42:13.0775 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
2010/10/07 18:42:14.0356 FA312 (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
2010/10/07 18:42:14.0967 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/07 18:42:15.0348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/07 18:42:15.0949 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/07 18:42:16.0429 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/07 18:42:17.0150 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/07 18:42:17.0901 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/10/07 18:42:18.0302 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/07 18:42:18.0652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/07 18:42:19.0173 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/10/07 18:42:19.0644 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/07 18:42:20.0215 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/07 18:42:20.0836 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/10/07 18:42:21.0467 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/07 18:42:22.0808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/07 18:42:24.0831 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/07 18:42:25.0392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/07 18:42:27.0355 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/07 18:42:27.0766 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/07 18:42:28.0096 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/07 18:42:28.0667 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/07 18:42:29.0188 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/07 18:42:29.0618 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/07 18:42:30.0099 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/10/07 18:42:30.0750 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/07 18:42:31.0120 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/07 18:42:31.0681 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/07 18:42:32.0252 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/07 18:42:33.0514 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/07 18:42:34.0085 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/07 18:42:34.0585 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/07 18:42:35.0106 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/07 18:42:35.0607 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/07 18:42:36.0598 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/07 18:42:37.0229 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/07 18:42:37.0810 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/07 18:42:38.0311 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/07 18:42:38.0852 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/07 18:42:39.0442 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/07 18:42:40.0033 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/07 18:42:40.0424 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/07 18:42:41.0015 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/07 18:42:41.0505 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/07 18:42:41.0926 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/07 18:42:42.0447 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/07 18:42:43.0018 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/07 18:42:43.0618 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/07 18:42:44.0199 NtApm (325ffaeceeace80d2643e6bdc7c1f9e2) C:\WINDOWS\system32\DRIVERS\NtApm.sys
2010/10/07 18:42:44.0830 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/07 18:42:45.0241 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/07 18:42:46.0152 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/07 18:42:46.0593 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/07 18:42:47.0023 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/07 18:42:47.0444 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/10/07 18:42:47.0864 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/07 18:42:48.0415 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/07 18:42:48.0866 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/07 18:42:49.0397 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/07 18:42:51.0259 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/07 18:42:55.0896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/07 18:42:56.0297 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/07 18:42:56.0877 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS\system32\DRIVERS\ptserlp.sys
2010/10/07 18:43:00.0643 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/07 18:43:01.0164 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/10/07 18:43:01.0704 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/07 18:43:02.0215 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/07 18:43:02.0586 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/07 18:43:02.0986 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/07 18:43:03.0517 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/07 18:43:04.0078 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/07 18:43:04.0689 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/10/07 18:43:05.0089 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/10/07 18:43:05.0480 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
2010/10/07 18:43:05.0930 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
2010/10/07 18:43:06.0291 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
2010/10/07 18:43:06.0712 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
2010/10/07 18:43:07.0122 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
2010/10/07 18:43:07.0543 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
2010/10/07 18:43:08.0044 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
2010/10/07 18:43:08.0414 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/07 18:43:08.0735 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/07 18:43:09.0395 SAVOnAccessControl (05ffe6b4702722a26c0d5ceb84e4fbe1) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
2010/10/07 18:43:09.0676 SAVOnAccessFilter (d5645e3b94baf6725fd0caf579e16c2b) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
2010/10/07 18:43:10.0096 sbpci (4939d6f53ec3a18674deba8532f193ca) C:\WINDOWS\system32\drivers\sbpci.sys
2010/10/07 18:43:10.0537 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/07 18:43:11.0138 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/07 18:43:11.0629 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/07 18:43:12.0199 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/07 18:43:12.0660 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2010/10/07 18:43:13.0622 SKMScan (b2dd270c6a2941764168d37a0f9d8d99) C:\WINDOWS\system32\DRIVERS\skmscan.sys
2010/10/07 18:43:14.0323 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
2010/10/07 18:43:15.0414 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/07 18:43:15.0985 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/07 18:43:16.0666 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/07 18:43:17.0197 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/07 18:43:17.0737 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/07 18:43:20.0732 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/07 18:43:21.0102 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/07 18:43:21.0493 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/07 18:43:21.0863 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/07 18:43:22.0234 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/07 18:43:23.0346 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/07 18:43:24.0657 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/07 18:43:25.0048 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/07 18:43:25.0378 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/07 18:43:25.0689 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/07 18:43:26.0019 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/07 18:43:26.0340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/07 18:43:28.0102 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/07 18:43:28.0763 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/07 18:43:29.0084 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/07 18:43:29.0685 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys
2010/10/07 18:43:30.0035 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/07 18:43:30.0586 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
2010/10/07 18:43:31.0237 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys
2010/10/07 18:43:31.0647 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/07 18:43:32.0569 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/07 18:43:33.0290 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/07 18:43:33.0670 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/07 18:43:34.0261 ================================================================================
2010/10/07 18:43:34.0261 Scan finished
2010/10/07 18:43:34.0261 ================================================================================


#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:31 AM

Posted 08 October 2010 - 06:03 AM

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
==============
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 08 October 2010 - 07:40 AM

Hi Kahdah,
What type of infections have i got on my PC? Is it just the Rootkit.win32TDSS.d or are there others?

Trevor.

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:31 AM

Posted 08 October 2010 - 07:44 AM

Nothing has shown yet I am having you run scanners to see what is left over.
Please follow up with the scans and post those logs.
Thank you.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users