Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

having a few computer issues may be infected.


  • This topic is locked This topic is locked
24 replies to this topic

#1 lolhy22

lolhy22

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 09 December 2010 - 12:03 AM

On the advice of 'BC advisor - Broni' he has told me to create a thread here so we can check if i have any malware on my computer that is causing issues.

here is the tdsskiller log for starters.

2010/12/09 05:02:02.0583 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/09 05:02:02.0583 ================================================================================
2010/12/09 05:02:02.0583 SystemInfo:
2010/12/09 05:02:02.0583
2010/12/09 05:02:02.0583 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/09 05:02:02.0583 Product type: Workstation
2010/12/09 05:02:02.0583 ComputerName: xxxxxx-PC
2010/12/09 05:02:02.0583 UserName: xxxxxx
2010/12/09 05:02:02.0583 Windows directory: C:\Windows
2010/12/09 05:02:02.0583 System windows directory: C:\Windows
2010/12/09 05:02:02.0583 Processor architecture: Intel x86
2010/12/09 05:02:02.0583 Number of processors: 8
2010/12/09 05:02:02.0583 Page size: 0x1000
2010/12/09 05:02:02.0583 Boot type: Normal boot
2010/12/09 05:02:02.0583 ================================================================================
2010/12/09 05:02:05.0361 Initialize success
2010/12/09 05:02:06.0927 ================================================================================
2010/12/09 05:02:06.0927 Scan started
2010/12/09 05:02:06.0927 Mode: Manual;
2010/12/09 05:02:06.0927 ================================================================================
2010/12/09 05:02:08.0266 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/09 05:02:08.0311 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/09 05:02:08.0333 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/09 05:02:08.0397 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/09 05:02:08.0417 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/09 05:02:08.0434 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/09 05:02:08.0483 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/09 05:02:08.0496 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/09 05:02:08.0522 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/09 05:02:08.0536 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/09 05:02:08.0596 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/09 05:02:08.0620 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/09 05:02:08.0633 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/09 05:02:08.0756 amdkmdag (22a83ed0b7823237bdc28fce014d294b) C:\Windows\system32\DRIVERS\atipmdag.sys
2010/12/09 05:02:08.0860 amdkmdap (b75ef4747cad1bfa5653ffcd768901aa) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/12/09 05:02:08.0871 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/09 05:02:08.0883 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/09 05:02:08.0895 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/09 05:02:08.0913 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/09 05:02:08.0997 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/09 05:02:09.0035 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/09 05:02:09.0062 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/09 05:02:09.0107 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/09 05:02:09.0123 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/09 05:02:09.0184 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/09 05:02:09.0200 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/09 05:02:09.0238 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/09 05:02:09.0299 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/09 05:02:09.0352 BlueletSCOAudio (2fe5d5b3a8567191f5c882c09998c5b3) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
2010/12/09 05:02:09.0398 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/09 05:02:09.0411 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/09 05:02:09.0429 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/09 05:02:09.0446 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/09 05:02:09.0458 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/09 05:02:09.0470 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/09 05:02:09.0481 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/09 05:02:09.0499 BT (32ccf60f6e491a2a931a63e928677403) C:\Windows\system32\DRIVERS\btnetdrv.sys
2010/12/09 05:02:09.0552 Btcsrusb (34031372274933839c842473623be5ee) C:\Windows\system32\Drivers\btcusb.sys
2010/12/09 05:02:09.0597 BtHidBus (fcf500c9e89e193e038dcfcdba6aa032) C:\Windows\system32\Drivers\BtHidBus.sys
2010/12/09 05:02:09.0610 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/09 05:02:09.0682 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
2010/12/09 05:02:09.0697 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/09 05:02:09.0735 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/09 05:02:09.0763 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/09 05:02:09.0808 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/09 05:02:09.0833 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/09 05:02:09.0854 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/09 05:02:09.0890 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/09 05:02:09.0912 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/09 05:02:09.0937 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/09 05:02:09.0960 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/09 05:02:10.0003 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/12/09 05:02:10.0061 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/09 05:02:10.0115 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/09 05:02:10.0170 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/09 05:02:10.0221 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/09 05:02:10.0280 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys
2010/12/09 05:02:10.0318 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/09 05:02:10.0364 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/09 05:02:10.0465 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/09 05:02:10.0545 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/09 05:02:10.0572 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/09 05:02:10.0614 etdrv (3af0ae042afe486b22644cd3fbebf2e2) C:\Windows\etdrv.sys
2010/12/09 05:02:10.0662 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/09 05:02:10.0699 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/09 05:02:10.0722 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/09 05:02:10.0772 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/09 05:02:10.0798 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/09 05:02:10.0839 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/09 05:02:10.0858 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/09 05:02:10.0886 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/09 05:02:10.0924 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/09 05:02:10.0968 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/09 05:02:10.0993 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/09 05:02:11.0031 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\Windows\gdrv.sys
2010/12/09 05:02:11.0068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/09 05:02:11.0124 GenericMount (29c3d2a2398b980a73043fa3688e2f30) C:\Windows\system32\DRIVERS\GenericMount.sys
2010/12/09 05:02:11.0178 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2010/12/09 05:02:11.0222 GVTDrv (689a8eef2a2d62b28a0a578a6196531c) C:\Windows\system32\Drivers\GVTDrv.sys
2010/12/09 05:02:11.0261 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/09 05:02:11.0316 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/09 05:02:11.0349 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/09 05:02:11.0371 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/09 05:02:11.0392 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/09 05:02:11.0411 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/09 05:02:11.0440 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/09 05:02:11.0492 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/09 05:02:11.0516 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/09 05:02:11.0553 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/09 05:02:11.0579 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/09 05:02:11.0595 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/09 05:02:11.0624 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/09 05:02:11.0654 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/09 05:02:11.0674 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/09 05:02:11.0697 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/09 05:02:11.0716 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/09 05:02:11.0728 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/09 05:02:11.0742 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/09 05:02:11.0754 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/09 05:02:11.0767 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/09 05:02:11.0836 IvtBtBUs (d53d7ed7d85a18b0cd4626b88b6da52a) C:\Windows\system32\Drivers\IvtBtBus.sys
2010/12/09 05:02:11.0872 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/09 05:02:11.0891 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/09 05:02:11.0923 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/09 05:02:11.0937 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/09 05:02:11.0977 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/09 05:02:12.0011 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/09 05:02:12.0024 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/09 05:02:12.0046 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/09 05:02:12.0058 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/09 05:02:12.0083 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/09 05:02:12.0114 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/09 05:02:12.0130 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/09 05:02:12.0182 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/09 05:02:12.0215 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/09 05:02:12.0240 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/09 05:02:12.0279 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/09 05:02:12.0302 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/09 05:02:12.0314 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/09 05:02:12.0338 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/09 05:02:12.0352 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/09 05:02:12.0396 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/09 05:02:12.0414 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/09 05:02:12.0429 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/09 05:02:12.0453 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/09 05:02:12.0486 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/09 05:02:12.0530 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/09 05:02:12.0548 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/09 05:02:12.0567 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/09 05:02:12.0599 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/09 05:02:12.0618 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/09 05:02:12.0630 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/09 05:02:12.0659 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/09 05:02:12.0684 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/09 05:02:12.0694 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/09 05:02:12.0706 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/09 05:02:12.0724 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/09 05:02:12.0746 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/09 05:02:12.0772 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/09 05:02:12.0788 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/09 05:02:12.0814 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/09 05:02:12.0837 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/09 05:02:12.0860 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/09 05:02:12.0884 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/09 05:02:12.0927 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/09 05:02:12.0948 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/09 05:02:12.0971 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/09 05:02:12.0999 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/09 05:02:13.0019 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/09 05:02:13.0064 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/09 05:02:13.0091 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/09 05:02:13.0139 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2010/12/09 05:02:13.0203 NVHDA (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys
2010/12/09 05:02:13.0360 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/09 05:02:13.0406 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/09 05:02:13.0451 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/09 05:02:13.0502 nvstor32 (bb4dd678706510d9249eed1da0219900) C:\Windows\system32\DRIVERS\nvstor32.sys
2010/12/09 05:02:13.0521 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/09 05:02:13.0541 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/09 05:02:13.0585 P17 (2f09b7b4a9fb1f998bd9ecfc468a80a2) C:\Windows\system32\drivers\P17.sys
2010/12/09 05:02:13.0623 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/09 05:02:13.0648 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/09 05:02:13.0658 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/09 05:02:13.0692 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/09 05:02:13.0711 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/09 05:02:13.0740 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/09 05:02:13.0769 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/09 05:02:13.0801 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/09 05:02:13.0874 Point32 (858d5d8dbe432b358ca2f9d534169ca1) C:\Windows\system32\DRIVERS\point32k.sys
2010/12/09 05:02:13.0978 PORTIO64 (5f86f324faa18c31a3ef3805169e508a) C:\Users\benny\Desktop\xbox360\JungleFlasher v0.1.76 Beta (166)\portio32.sys
2010/12/09 05:02:14.0027 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/09 05:02:14.0057 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/09 05:02:14.0104 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/09 05:02:14.0135 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/09 05:02:14.0189 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/09 05:02:14.0219 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/09 05:02:14.0259 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/09 05:02:14.0282 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/09 05:02:14.0314 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/09 05:02:14.0333 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/09 05:02:14.0349 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/09 05:02:14.0376 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/09 05:02:14.0402 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/09 05:02:14.0436 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/09 05:02:14.0461 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/12/09 05:02:14.0472 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/09 05:02:14.0501 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/09 05:02:14.0543 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/09 05:02:14.0564 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/09 05:02:14.0627 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
2010/12/09 05:02:14.0690 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2010/12/09 05:02:14.0725 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/12/09 05:02:14.0822 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
2010/12/09 05:02:14.0844 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2010/12/09 05:02:14.0913 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/09 05:02:14.0966 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/12/09 05:02:14.0996 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/09 05:02:15.0034 SaiH0763 (47023c4591e697af620320c70a47846f) C:\Windows\system32\DRIVERS\SaiH0763.sys
2010/12/09 05:02:15.0072 SaiH0BAC (3252d5571633e0b244541615d6252358) C:\Windows\system32\DRIVERS\SaiH0BAC.sys
2010/12/09 05:02:15.0102 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/09 05:02:15.0126 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/09 05:02:15.0167 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/09 05:02:15.0224 Sentinel (b3c1b187fefc941f63ce0df93d02eb9f) C:\Windows\System32\Drivers\SENTINEL.SYS
2010/12/09 05:02:15.0262 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/09 05:02:15.0280 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/09 05:02:15.0296 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/09 05:02:15.0330 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/09 05:02:15.0344 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/09 05:02:15.0356 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/09 05:02:15.0368 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/09 05:02:15.0386 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/09 05:02:15.0398 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/09 05:02:15.0411 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/09 05:02:15.0423 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/09 05:02:15.0467 snapman (68fc62a72bd6d8e9dfe3718440be94a0) C:\Windows\system32\DRIVERS\snapman.sys
2010/12/09 05:02:15.0498 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2010/12/09 05:02:15.0542 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/09 05:02:15.0618 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/12/09 05:02:15.0618 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/12/09 05:02:15.0623 sptd - detected Locked file (1)
2010/12/09 05:02:15.0648 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
2010/12/09 05:02:15.0674 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/09 05:02:15.0716 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/09 05:02:15.0776 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/09 05:02:15.0815 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/09 05:02:15.0841 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/09 05:02:15.0876 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/09 05:02:15.0959 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/12/09 05:02:16.0008 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/09 05:02:16.0047 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/09 05:02:16.0063 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/09 05:02:16.0123 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
2010/12/09 05:02:16.0151 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/09 05:02:16.0190 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/09 05:02:16.0214 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/09 05:02:16.0249 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
2010/12/09 05:02:16.0271 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
2010/12/09 05:02:16.0322 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/09 05:02:16.0342 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/09 05:02:16.0366 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/09 05:02:16.0379 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/09 05:02:16.0400 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/09 05:02:16.0420 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/09 05:02:16.0466 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/09 05:02:16.0506 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/09 05:02:16.0556 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2010/12/09 05:02:16.0594 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/09 05:02:16.0607 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/09 05:02:16.0644 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/09 05:02:16.0666 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/09 05:02:16.0681 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/09 05:02:16.0693 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/09 05:02:16.0706 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/09 05:02:16.0732 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/09 05:02:16.0782 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2010/12/09 05:02:16.0882 VComm (0955553090e0a88614e5b8a02af9324c) C:\Windows\system32\DRIVERS\VComm.sys
2010/12/09 05:02:17.0032 VcommMgr (ebf022ec5b0e15b4c225f28031e4123a) C:\Windows\system32\Drivers\VcommMgr.sys
2010/12/09 05:02:17.0067 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/09 05:02:17.0095 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/09 05:02:17.0120 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/09 05:02:17.0132 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/09 05:02:17.0181 VHidMinidrv (39b2202d510ecf05808feaf8ec0abae6) C:\Windows\system32\drivers\VHIDMini.sys
2010/12/09 05:02:17.0197 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/09 05:02:17.0212 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/09 05:02:17.0248 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/09 05:02:17.0260 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/09 05:02:17.0272 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/09 05:02:17.0287 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/09 05:02:17.0309 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/09 05:02:17.0362 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/09 05:02:17.0375 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/09 05:02:17.0390 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/12/09 05:02:17.0473 VX3000 (e26744e5dd71a16e80d4dd5a286b8423) C:\Windows\system32\DRIVERS\VX3000.sys
2010/12/09 05:02:17.0541 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/09 05:02:17.0571 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/09 05:02:17.0585 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/09 05:02:17.0616 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/09 05:02:17.0655 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/09 05:02:17.0695 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/09 05:02:17.0706 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/09 05:02:17.0774 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/09 05:02:17.0822 WmBEnum (3c3037d132ff9f4aa5642e866327e8f5) C:\Windows\system32\drivers\WmBEnum.sys
2010/12/09 05:02:17.0879 WmFilter (9e9dbc245a4b0193a5da79c928b9fa04) C:\Windows\system32\drivers\WmFilter.sys
2010/12/09 05:02:17.0914 WmHidLo (255812d6ebe79ae92787d51286e7a72a) C:\Windows\system32\drivers\WmHidLo.sys
2010/12/09 05:02:17.0939 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/09 05:02:17.0987 WmVirHid (7cf6b117a80246930fb89750da231324) C:\Windows\system32\drivers\WmVirHid.sys
2010/12/09 05:02:18.0019 WmXlCore (cd49242418cad9946f2f81165bc72fdb) C:\Windows\system32\drivers\WmXlCore.sys
2010/12/09 05:02:18.0042 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/09 05:02:18.0096 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/09 05:02:18.0124 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/09 05:02:18.0156 Suspicious service (NoAccess): xbmgivmzc
2010/12/09 05:02:18.0200 xbmgivmzc (6b330c3505ec5cf06f9e6d4eeb60513d) C:\Windows\system32\drivers\xbmgivmzc.sys
2010/12/09 05:02:18.0200 Suspicious file (NoAccess): C:\Windows\system32\drivers\xbmgivmzc.sys. md5: 6b330c3505ec5cf06f9e6d4eeb60513d
2010/12/09 05:02:18.0206 xbmgivmzc - detected Locked service (1)
2010/12/09 05:02:18.0251 XPADFL02 (6ab0d2d28e2a984fbba5295f2dd81878) C:\Windows\system32\DRIVERS\xpadfl02.sys
2010/12/09 05:02:18.0868 ================================================================================
2010/12/09 05:02:18.0868 Scan finished
2010/12/09 05:02:18.0868 ================================================================================
2010/12/09 05:02:18.0874 Detected object count: 2
2010/12/09 05:02:25.0889 Locked file(sptd) - User select action: Skip
2010/12/09 05:02:25.0893 Locked service(xbmgivmzc) - User select action: Skip

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,617 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:22 PM

Posted 09 December 2010 - 06:19 AM

This issue seems already resolved in this topic: http://www.bleepingcomputer.com/forums/topic364692.html

If you are having any other issues, please let me know.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 lolhy22

lolhy22
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 09 December 2010 - 10:39 AM

This issue seems already resolved in this topic: http://www.bleepingcomputer.com/forums/topic364692.html

If you are having any other issues, please let me know.


It was resolved, and then i had problems booting up so deleting that file may of been the cause to it, i am not sure. either way it seems to be back.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,617 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:22 PM

Posted 09 December 2010 - 10:51 AM

Is this the new TDSSkiller log, or the same one you posted in your other thread?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 lolhy22

lolhy22
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 09 December 2010 - 11:24 AM

Is this the new TDSSkiller log, or the same one you posted in your other thread?


its the new one, i beleive it looks exactly the same.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,617 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:22 PM

Posted 09 December 2010 - 11:35 AM

It does indeed. Since this is a nasty little rootkit, I'm going to move this topic to the malware removal forum. Your other AII topic will be closed.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 lolhy22

lolhy22
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 09 December 2010 - 11:58 AM

OTL logfile created on: 09/12/2010 16:43:53 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\benny\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 4219 4219 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 225.19 Gb Free Space | 48.35% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 84.23 Gb Free Space | 56.51% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 82.15 Gb Free Space | 17.64% Space Free | Partition Type: NTFS
Drive H: | 372.61 Gb Total Space | 297.09 Gb Free Space | 79.73% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 71.90 Gb Free Space | 7.72% Space Free | Partition Type: NTFS

Computer Name: BENNY-PC | User Name: benny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/09 16:43:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\benny\Desktop\OTL.exe
PRC - [2010/10/16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/25 17:31:58 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/20 15:27:26 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/12/11 20:45:10 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/12/11 20:44:40 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/09/22 21:31:56 | 000,856,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/08/05 12:48:06 | 000,378,384 | ---- | M] () -- C:\Users\benny\Desktop\me2\Core Temp.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/01 16:38:40 | 001,481,056 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2009/07/01 16:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/06/23 00:45:47 | 000,096,264 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/06/10 04:02:50 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/06/10 03:57:40 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/06/10 03:57:36 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/06/10 03:55:30 | 001,326,080 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/07/09 20:51:20 | 000,775,168 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2008/07/09 20:51:16 | 000,229,888 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2008/06/04 18:28:14 | 000,069,735 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2008/06/04 18:26:58 | 000,143,467 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2007/07/12 13:39:34 | 000,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2007/07/12 13:39:04 | 000,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe


========== Modules (SafeList) ==========

MOD - [2010/12/09 16:43:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\benny\Desktop\OTL.exe
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 01:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/08/16 06:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/12/11 20:44:40 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/10/23 17:22:10 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/22 21:31:56 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/09/14 22:44:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/10 03:57:36 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/07/09 20:51:20 | 000,775,168 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2008/06/04 18:28:14 | 000,069,735 | ---- | M] () [On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2008/06/04 18:26:58 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/03/14 07:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\System32\502.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys -- (AODDriver)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\benny\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2010/12/08 23:19:27 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/10/22 06:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/07 20:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/05/20 15:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2010/03/06 22:51:18 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/02/19 01:46:21 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010/02/19 01:46:06 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2010/01/29 12:13:11 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/01/29 12:13:11 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/01/29 12:13:09 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/01/29 12:12:57 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/01/08 21:45:11 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/11 21:03:58 | 005,188,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/12/11 19:50:52 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/09/21 20:26:10 | 000,046,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2009/08/22 18:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 22:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/13 22:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/18 00:06:16 | 000,065,544 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/06/18 00:06:06 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/06/18 00:05:56 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/06/18 00:05:46 | 000,035,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/06/18 00:05:36 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/06/01 13:51:54 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/04/21 12:58:06 | 001,147,392 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2008/11/12 16:02:18 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/09/10 20:08:20 | 000,002,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\benny\Desktop\xbox360\JungleFlasher v0.1.76 Beta (166)\portio32.sys -- (PORTIO64)
DRV - [2008/03/06 17:05:08 | 000,027,528 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2008/03/06 17:04:04 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2008/01/21 19:28:12 | 000,014,600 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2008/01/21 19:28:08 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/01/21 19:28:04 | 000,021,512 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008/01/21 19:28:00 | 000,017,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV - [2008/01/21 19:27:56 | 000,029,960 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2008/01/21 19:27:50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2007/07/13 02:22:40 | 000,135,296 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiH0763.sys -- (SaiH0763)
DRV - [2007/07/13 02:22:38 | 000,135,168 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiH0BAC.sys -- (SaiH0BAC)
DRV - [2006/12/24 04:15:18 | 000,027,904 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xPADFL02.sys -- (XPADFL02)
DRV - [2006/11/22 13:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006/09/24 13:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3076628812-813032057-600001485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKU\S-1-5-21-3076628812-813032057-600001485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3076628812-813032057-600001485-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-3076628812-813032057-600001485-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/virtualmark/tc/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/09/06 17:56:59 | 000,000,000 | ---- | M] () - L:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{574077a8-bfeb-11de-84bf-00044b0398d7}\Shell - "" = AutoRun
O33 - MountPoints2\{574077a8-bfeb-11de-84bf-00044b0398d7}\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found
O33 - MountPoints2\{574077ac-bfeb-11de-84bf-00044b0398d7}\Shell - "" = AutoRun
O33 - MountPoints2\{574077ac-bfeb-11de-84bf-00044b0398d7}\Shell\AutoRun\command - "" = M:\start.exe -- File not found
O33 - MountPoints2\{5d47e288-0ebd-11df-973e-001167cc8b22}\Shell - "" = AutoRun
O33 - MountPoints2\{5d47e288-0ebd-11df-973e-001167cc8b22}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{cc404c86-2236-11df-a6eb-001167cc8b22}\Shell - "" = AutoRun
O33 - MountPoints2\{cc404c86-2236-11df-a6eb-001167cc8b22}\Shell\AutoRun\command - "" = I:\Setup.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/09 16:43:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\benny\Desktop\OTL.exe
[2010/12/09 04:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/12/09 04:38:12 | 000,000,000 | ---D | C] -- C:\Users\benny\Desktop\siw
[2010/12/09 04:18:45 | 000,000,000 | ---D | C] -- C:\symbols
[2010/12/09 02:38:19 | 000,000,000 | ---D | C] -- C:\DriveKey
[2010/12/09 00:03:43 | 000,000,000 | ---D | C] -- C:\Users\benny\Desktop\gigabyte
[2010/12/08 23:19:27 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2010/12/08 23:19:27 | 000,000,000 | ---D | C] -- C:\Users\benny\AppData\Local\eSupport.com
[2010/12/08 22:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/12/08 22:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/12/08 22:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/12/08 22:32:01 | 000,000,000 | ---D | C] -- C:\Users\benny\AppData\Local\{BA57D674-59F8-4AF2-AF8F-30195DF13703}
[2010/12/08 22:17:28 | 000,000,000 | ---D | C] -- C:\Users\benny\AppData\Local\Windows Live
[2010/12/08 02:09:33 | 181,448,745 | ---- | C] (Research In Motion Ltd. ) -- C:\Users\benny\Desktop\9700AllLang_PBr6.0.0_rel1478_PL6.6.0.86_A6.0.0.380.exe
[2010/12/06 23:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit
[2010/12/06 23:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2010/12/06 23:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier
[2010/12/06 23:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/12/06 08:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\ActiveSMART 2.8
[2010/12/06 08:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ActiveSMART
[2010/12/06 08:19:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/03 15:32:27 | 000,000,000 | ---D | C] -- C:\Users\benny\Desktop\comp progs
[2010/12/02 04:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2010/12/01 19:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/12/01 19:51:05 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/11/26 15:42:31 | 000,000,000 | ---D | C] -- C:\Users\benny\AppData\Roaming\AVG10
[2010/11/26 15:41:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/26 15:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/26 15:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/26 15:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/26 13:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer Platform Preview
[2010/11/26 03:29:03 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/11/26 01:50:59 | 000,000,000 | ---D | C] -- C:\Users\benny\AppData\Local\VS Revo Group
[2010/11/26 01:50:54 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2010/11/26 01:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/11/26 01:34:42 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2010/11/26 01:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/11/25 20:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/11/25 20:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/11/25 20:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/11/25 20:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/11/25 18:57:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/25 18:57:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/25 18:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/25 18:44:13 | 000,000,000 | ---D | C] -- C:\Users\benny\AppData\Roaming\Malwarebytes
[2010/11/25 18:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/22 01:45:45 | 162,720,848 | ---- | C] (Research In Motion Ltd. ) -- C:\Users\benny\Desktop\9700M_PBr6.0.0_rel1308_PL6.6.0.63_A6.0.0.358.exe
[2010/11/11 02:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/09 16:45:01 | 000,762,368 | ---- | M] () -- C:\Windows\System32\drivers\xbmgivmzc.sys
[2010/12/09 16:43:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\benny\Desktop\OTL.exe
[2010/12/09 14:46:02 | 000,015,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/09 14:46:02 | 000,015,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/09 14:42:25 | 000,004,756 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
[2010/12/09 14:42:25 | 000,001,094 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2010/12/09 14:42:25 | 000,000,100 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI
[2010/12/09 14:42:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/09 04:43:22 | 000,000,893 | ---- | M] () -- C:\Users\benny\Desktop\SIW.lnk
[2010/12/09 02:59:21 | 2816,598,016 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/09 02:40:37 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/09 02:40:37 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/09 02:38:19 | 000,000,409 | ---- | M] () -- C:\Users\Public\Desktop\HP USB Disk Storage Format Tool.lnk
[2010/12/09 01:15:05 | 005,899,029 | ---- | M] () -- C:\Users\benny\Desktop\bootbios.zip
[2010/12/08 23:19:27 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2010/12/08 22:30:02 | 000,131,072 | ---- | M] () -- C:\Users\benny\Desktop\120810-43711-01.dmp
[2010/12/08 22:29:35 | 259,374,262 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/08 22:20:52 | 000,027,386 | ---- | M] () -- C:\Users\Public\Documents\Contacts for buffboi18 (hotmail) 0812.ctt
[2010/12/08 21:55:41 | 000,000,206 | ---- | M] () -- C:\Users\benny\Desktop\hwmonitorw.ini
[2010/12/08 03:09:36 | 039,673,661 | ---- | M] () -- C:\Users\benny\Documents\LoaderBackup-(2010-12-08).ipd
[2010/12/08 02:21:01 | 181,448,745 | ---- | M] (Research In Motion Ltd. ) -- C:\Users\benny\Desktop\9700AllLang_PBr6.0.0_rel1478_PL6.6.0.86_A6.0.0.380.exe
[2010/12/07 21:52:39 | 000,007,600 | ---- | M] () -- C:\Users\benny\AppData\Local\Resmon.ResmonCfg
[2010/12/07 21:33:46 | 006,378,969 | ---- | M] () -- C:\Users\benny\Desktop\w7l195.rar
[2010/12/07 02:38:25 | 000,083,077 | ---- | M] () -- C:\Users\benny\Desktop\mem-corrupt.docx
[2010/12/06 09:03:18 | 000,556,966 | ---- | M] () -- C:\Users\benny\Desktop\ssp.zip
[2010/12/04 15:59:20 | 000,245,721 | ---- | M] () -- C:\Users\benny\Desktop\EG_AD_2_EGLL_2-2_en_2010-11-18.pdf
[2010/12/03 04:27:33 | 000,159,840 | ---- | M] () -- C:\Users\benny\Desktop\120310-43742-01.dmp
[2010/12/02 04:49:02 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/27 19:30:08 | 000,187,992 | ---- | M] () -- C:\Users\Public\Documents\internet settings backup.reg
[2010/11/27 19:22:01 | 012,804,230 | ---- | M] () -- C:\Users\Public\Documents\backup nov 2010.reg
[2010/11/26 04:08:23 | 038,577,402 | ---- | M] () -- C:\Users\benny\Documents\LoaderBackup-(2010-11-26).ipd
[2010/11/26 01:50:55 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/11/26 01:34:36 | 001,125,239 | ---- | M] () -- C:\Users\benny\Desktop\kavremover.zip
[2010/11/25 18:51:57 | 000,105,330 | ---- | M] () -- C:\Users\benny\AppData\Local\eyuhuwonezonus.dll
[2010/11/23 23:53:00 | 000,065,856 | ---- | M] (WinMount International Inc) -- C:\Windows\System32\drivers\WMDrive.sys
[2010/11/22 01:56:00 | 162,720,848 | ---- | M] (Research In Motion Ltd. ) -- C:\Users\benny\Desktop\9700M_PBr6.0.0_rel1308_PL6.6.0.63_A6.0.0.358.exe
[2010/11/15 02:30:23 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2010/11/12 18:57:53 | 090,020,222 | ---- | M] () -- C:\Users\benny\Desktop\Dashboard-2.0.12416.rar
[2010/11/11 02:36:52 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/09 04:43:22 | 000,000,893 | ---- | C] () -- C:\Users\benny\Desktop\SIW.lnk
[2010/12/08 23:05:57 | 000,131,072 | ---- | C] () -- C:\Users\benny\Desktop\120810-43711-01.dmp
[2010/12/08 03:09:36 | 039,673,661 | ---- | C] () -- C:\Users\benny\Documents\LoaderBackup-(2010-12-08).ipd
[2010/12/07 21:33:36 | 006,378,969 | ---- | C] () -- C:\Users\benny\Desktop\w7l195.rar
[2010/12/07 02:38:25 | 000,083,077 | ---- | C] () -- C:\Users\benny\Desktop\mem-corrupt.docx
[2010/12/06 09:03:18 | 000,556,966 | ---- | C] () -- C:\Users\benny\Desktop\ssp.zip
[2010/12/04 15:59:20 | 000,245,721 | ---- | C] () -- C:\Users\benny\Desktop\EG_AD_2_EGLL_2-2_en_2010-11-18.pdf
[2010/12/03 21:21:06 | 000,159,840 | ---- | C] () -- C:\Users\benny\Desktop\120310-43742-01.dmp
[2010/11/28 05:49:58 | 001,839,104 | ---- | C] () -- C:\Users\benny\Desktop\mt410.iso
[2010/11/27 19:30:08 | 000,187,992 | ---- | C] () -- C:\Users\Public\Documents\internet settings backup.reg
[2010/11/27 19:22:01 | 012,804,230 | ---- | C] () -- C:\Users\Public\Documents\backup nov 2010.reg
[2010/11/26 04:08:23 | 038,577,402 | ---- | C] () -- C:\Users\benny\Documents\LoaderBackup-(2010-11-26).ipd
[2010/11/26 01:50:55 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/11/26 01:34:36 | 001,125,239 | ---- | C] () -- C:\Users\benny\Desktop\kavremover.zip
[2010/11/25 18:51:55 | 000,105,330 | ---- | C] () -- C:\Users\benny\AppData\Local\eyuhuwonezonus.dll
[2010/11/25 18:50:39 | 000,762,368 | ---- | C] () -- C:\Windows\System32\drivers\xbmgivmzc.sys
[2010/11/11 02:40:07 | 000,230,424 | ---- | C] () -- C:\img2-001.raw
[2010/11/11 02:36:52 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2010/08/30 03:53:36 | 000,225,280 | ---- | C] () -- C:\Windows\System32\net_rim_plazmic_flint_dialog.dll
[2010/08/26 22:02:32 | 000,004,004 | ---- | C] () -- C:\Users\benny\AppData\Roaming\Rim.Desktop.Exception.log
[2010/08/26 21:59:46 | 000,004,916 | ---- | C] () -- C:\Users\benny\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/05/20 15:27:26 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2010/05/17 17:12:21 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\System32\vfprintpthelper.dll
[2010/01/31 00:15:47 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2009/12/03 20:40:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/29 16:04:30 | 000,000,637 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/11/05 14:04:53 | 000,204,800 | ---- | C] () -- C:\Windows\System32\DBCDBF32.DLL
[2009/11/05 14:04:53 | 000,184,320 | ---- | C] () -- C:\Windows\System32\dbcmdb32.dll
[2009/11/05 14:04:53 | 000,141,824 | ---- | C] () -- C:\Windows\System32\dbcjpg32.dll
[2009/11/05 14:04:53 | 000,135,168 | ---- | C] () -- C:\Windows\System32\DBCMEM32.DLL
[2009/11/05 14:04:53 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dbcgeo32.dll
[2009/11/02 15:55:47 | 000,000,136 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2009/11/02 15:50:55 | 000,004,756 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2009/11/02 15:50:55 | 000,000,100 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2009/11/02 15:47:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2009/11/01 17:00:24 | 000,831,488 | ---- | C] () -- C:\Windows\System32\SaiC0763.Dll
[2009/11/01 17:00:24 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0763_0C.dll
[2009/11/01 17:00:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0763_10.dll
[2009/11/01 17:00:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0763_0A.dll
[2009/11/01 17:00:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0763_07.dll
[2009/11/01 17:00:24 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0763_09.dll
[2009/11/01 17:00:24 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0763_0402.dll
[2009/11/01 17:00:24 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0763_11.dll
[2009/10/25 17:35:07 | 000,003,584 | ---- | C] () -- C:\Users\benny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/25 02:48:41 | 000,007,600 | ---- | C] () -- C:\Users\benny\AppData\Local\Resmon.ResmonCfg
[2009/10/23 02:25:47 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/10/23 02:25:47 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/16 23:17:36 | 000,031,007 | ---- | C] () -- C:\Users\benny\AppData\Roaming\UserTile.png
[2009/10/07 04:09:39 | 000,028,109 | ---- | C] () -- C:\Users\benny\AppData\Roaming\OFMissionEditorConfig.xml
[2009/09/28 12:14:07 | 000,839,680 | ---- | C] () -- C:\Windows\System32\SaiC0BAC.Dll
[2009/09/28 12:14:07 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0C.dll
[2009/09/28 12:14:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_10.dll
[2009/09/28 12:14:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0A.dll
[2009/09/28 12:14:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_07.dll
[2009/09/28 12:14:07 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_09.dll
[2009/09/28 12:14:07 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_0402.dll
[2009/09/28 12:14:07 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0BAC_11.dll
[2009/09/23 15:26:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 16:14:13 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/09/15 20:10:25 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/15 20:10:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/09/15 20:10:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/09/15 20:10:23 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/15 20:08:19 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/15 20:08:19 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/04/21 10:09:32 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2008/11/13 13:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008/07/09 20:51:28 | 000,001,094 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2008/07/09 20:40:42 | 000,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
[2008/06/04 18:30:44 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
[2008/06/04 18:30:22 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
[2008/06/04 18:30:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
[2008/06/04 18:29:48 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
[2008/06/04 18:27:10 | 000,118,880 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
[2008/06/04 18:27:02 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2008/03/07 13:54:22 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
[2007/12/04 12:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 12:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2007/03/19 10:59:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2005/03/08 13:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2005/02/24 23:59:49 | 000,318,014 | ---- | C] () -- C:\Windows\System32\flt1chk4.dll
[2005/01/14 22:51:21 | 000,000,151 | ---- | C] () -- C:\Windows\swfl5.ini
[2002/03/13 22:46:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/11/27 19:26:39 | 000,000,000 | ---D | M] -- C:\Users\benni 22\AppData\Roaming\AVG10
[2009/10/26 17:25:30 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\Ariane
[2010/11/26 15:42:31 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\AVG10
[2010/05/27 18:10:59 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\Bioshock
[2010/02/11 23:58:55 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\Bioshock2
[2010/08/30 04:03:13 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\Composer
[2010/02/27 02:23:52 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\DAEMON Tools Lite
[2009/10/23 02:39:19 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\Games
[2010/02/20 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\ImgBurn
[2009/10/23 02:39:20 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\Leadertech
[2009/10/25 23:28:49 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\nHancer
[2009/10/16 23:17:36 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\PeerNetworking
[2010/08/30 03:53:36 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\Research In Motion
[2010/12/06 11:53:13 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\uTorrent
[2010/02/01 16:32:50 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\Virtuali
[2010/11/23 23:53:41 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\WinMount
[2010/02/06 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\benny\AppData\Roaming\XRay Engine
[2010/09/15 10:42:40 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

-------------------------------------------- Extra.txt --------------------------------

OTL Extras logfile created on: 09/12/2010 16:43:53 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\benny\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 4219 4219 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 225.19 Gb Free Space | 48.35% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 84.23 Gb Free Space | 56.51% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 82.15 Gb Free Space | 17.64% Space Free | Partition Type: NTFS
Drive H: | 372.61 Gb Total Space | 297.09 Gb Free Space | 79.73% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 71.90 Gb Free Space | 7.72% Space Free | Partition Type: NTFS

Computer Name: BENNY-PC | User Name: benny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{12A57BF1-0B2E-44D5-AD07-CF9E584FDD7A}" = Application Suite
"{135AD763-5024-4896-ACB9-20E19CDE9788}" = Logitech Gaming Software 5.07
"{164360E5-0AAD-48AD-8A36-3F8A859FAB6F}" = PMDG747_400F
"{1819F22A-8B42-4CF5-88C1-97B6F4A7849A}" = ActiveSky Version 6 and ActiveSky Graphics
"{182C5618-801C-4FB2-B2B0-F389FACC900E}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 20
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B2206D8-839C-483D-986F-AB5465B2FEB3}" = Bluesoleil 6.2.227.10
"{3F64C088-9A45-41B3-8B99-71AFAB720A56}" = Sherlock Holmes versus Jack the Ripper
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46559469-7C15-49F4-BB76-21480BE1BEF4}" = Real Environment Xtreme FS2004
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur™
"{5F2C7928-68CC-4886-8919-BCEAE3AF75FE}" = Windows Internet Explorer Platform Preview
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{6291FC10-FDF0-4022-A1A5-710C728D49C2}" = Vancouver 2010
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.4.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86B32074-0F48-4CF9-BA4B-529B470FB47F}" = BlackBerry Desktop Software 5.0
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{960B5908-CB3C-439A-9BEA-1C920DD81F3C}" = Saitek SD6 Programming Software 6.0.7.0
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97679567-0095-464E-B5F2-E218A1CF3421}" = PMDG747_400 Queen of the Skies
"{9A0906C7-D472-4C22-8D12-11D6AB2819E4}" = aerosoft's - German Airports 3 - Bremen
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A663BED9-978C-4A04-82A3-3029245055BE}" = Aerosoft's - F-16 Fighting Falcon
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis True Image WD Edition
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D41CAD6D-DB4C-4D7C-BABA-D1A4B1599741}" = aerosoft's - German Airports 3-Berlin Tegel
"{D734A52D-624E-428E-8DE6-B2665E3621CC}" = Microsoft Windows Debugging Symbols
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDE7EA22-C7A3-41A1-B16A-6128FA771638}" = Unigine Tropics Demo v1.2
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2D89E72-2A46-42ED-ABDB-1F93E5918807}" = Just Flight - 757 Captain FS2004
"{F72CC350-CDF1-47AF-A474-4E2404EBBEB8}_is1" = CTDP Formula One 2005 v1.2
"{F928FCC7-DEA6-486C-9FAE-87A4A02DF8AA}" = BBSAK
"{FB647DBE-2231-405D-AC36-C73246CBE305}" = PMDG BAe JS4100
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3F930CC3EE841B82D6D463716B5F67BD240BBD46" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
"763v2" = Level-D Simulations 767-300
"763v21" = Level-D Simulations 767-300 Update
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Active Camera 2004 update to version 2.1 (FS 9.1)" = Active Camera 2004 update to version 2.1 (FS 9.1)
"Active Camera 2004 version 2.0" = Active Camera 2004 version 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AirSimmer A320 Family SL" = AirSimmer A320 Family SL 0.5.0
"ArmA 2" = ArmA 2 Uninstall
"AudioCS" = Creative Audio Control Panel
"BlackBerry Theme Studio 5.0" = BlackBerry Theme Studio 5.0
"BlackBerry_{86B32074-0F48-4CF9-BA4B-529B470FB47F}" = BlackBerry Desktop Software 5.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"blackberrymastercontrolprogram" = BlackBerry Master Control Program 0.9.3.0
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DriverAgent.exe" = DriverAgent by eSupport.com
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"F1-2010-OWC for rFactor" = F1-2010-OWC for rFactor
"Fallout 3 - Mothership Zeta Addon_is1" = Fallout 3 - Mothership Zeta Addon
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Flight Environment" = Flight Environment
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.5
"FS Global 2010" = FS Global 2010
"FS_Real_Time" = FS Real Time v1.88
"FSBuild 2" = FSBuild 2
"FSDreamTeam OHareX 1.3_is1" = FSDreamTeam OHareX 1.3
"GameSaike SixaxisDriver_is1" = SixaxisDriver 0.91
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"Ground Environment Professional" = Ground Environment Professional
"ImgBurn" = ImgBurn
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"Just Cause 2_is1" = Just Cause 2
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McLaren Screensaver 2010" = McLaren Screensaver 2010
"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1
"NewsBin5" = NewsBin Pro
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"QuickPar" = QuickPar 0.9
"rFactor" = rFactor (remove only)
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SPACESHUTTLE" = Space Shuttle
"SpeedFan" = SpeedFan (remove only)
"SquawkBox" = SquawkBox
"SSTSIM1.04F" = SSTSIM
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"TOPCAT" = TOPCAT 2.60 - Take-Off and Landing Performance Calculation Tool
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.7.2.1 Beta
"TVUPlayer" = TVUPlayer 2.5.3.1
"TweakFPS for FSX_is1" = TweakFPS for FSX
"UK2000 Heathrow Xtreme" = Remove UK2000 Heathrow Xtreme files
"ULTIMATER" = Microsoft Office Ultimate 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VFR Netherlands" = VFR Netherlands v1.1
"VFR Netherlands Area 1" = VFR Netherlands Area 1 v1.1
"VFR Netherlands Area 2" = VFR Netherlands Area 2 v1.1
"VFR Netherlands Area 4" = VFR Netherlands Area 4 v1.1
"VFR Netherlands Area 5" = VFR Netherlands Area 5 v1.1
"VFR Netherlands DTM" = VFR Netherlands DTM v1.1
"Visual Flight London" = Visual Flight London
"Win7 Taskbar" = Win7 Taskbar v1.12
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"X3Reunion_is1" = X3 Reunion v2.5
"X3TerranConflict_is1" = X3 Terran Conflict v2.5
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3076628812-813032057-600001485-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"171a3bd25b2ddd36" = vroute.info
"Airbus Series Vol.1 Deluxe (FS2004)" = Airbus Series Vol.1 Deluxe (FS2004)
"Airbus Series Vol.2 (FS2004)" = Airbus Series Vol.2 (FS2004)
"F1 2009 F1RL TRACKPACK" = F1 2009 F1RL TRACKPACK
"MOD F1RL09 FINAL VERSION" = MOD F1RL09 FINAL VERSION

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

---------------- Rootkitunhooker --------------------

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #8
==============================================
>Drivers
==============================================
0x95216000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10080256 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 260.99 )
0x84E4C000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x84E4C000 PnpManager 4259840 bytes
0x84E4C000 RAW 4259840 bytes
0x84E4C000 WMIxWDM 4259840 bytes
0x9F230000 Win32k 2400256 bytes
0x9F230000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x96E23000 C:\Windows\system32\drivers\P17.sys 1409024 bytes (Creative Technology Ltd., WDM Audio Miniport (Basic) Driver)
0x8F022000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8EC45000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8E89A000 PCI_PNP4964 995328 bytes
0x8E89A000 C:\Windows\System32\Drivers\spqf.sys 995328 bytes
0x8E89A000 sptd 995328 bytes
0x8EA03000 C:\Windows\System32\Drivers\xbmgivmzc.sys 782336 bytes
0x95C1C000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8EEAB000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8E6FA000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA8007000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x934B3000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8E627000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8E81B000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8F20A000 C:\Windows\system32\DRIVERS\timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0x9493C000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8EE37000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x9482A000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8F2BD000 C:\Windows\system32\DRIVERS\tdrpman.sys 364544 bytes (Acronis, Acronis Try&Decide and Restore Points Volume Filter Driver)
0xA8191000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x9AF55000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA8142000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9F4E0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x95D36000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8EAD2000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8E7A5000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8EBAC000 C:\Windows\system32\DRIVERS\storport.sys 290816 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x9AED5000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8E6B8000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x948DB000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8F27E000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8EF62000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x93586000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x95BB5000 C:\Windows\System32\Drivers\am5bsxwt.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x95CD3000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x84E15000 ACPI_HAL 225280 bytes
0x84E15000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8EC00000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x96FC3000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8F385000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8EDB2000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8F16B000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xA6A42000 C:\Windows\System32\Drivers\RDPWD.SYS 200704 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x96F7B000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8F33F000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x95DB5000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8ED74000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xA6A82000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8E9C7000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8E600000 C:\Windows\system32\DRIVERS\nvstor32.sys 155648 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x8E996000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8F3C8000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8EFA0000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8EB87000 C:\Windows\system32\DRIVERS\nvstor.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0xA6A06000 C:\Windows\System32\drivers\rdpdr.sys 151552 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x95D90000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x8EB64000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x93563000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9AE1D000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9AF34000 C:\Windows\system32\drivers\nvhda32v.sys 135168 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)
0xA80A8000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x949C6000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F000000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x93411000 C:\Windows\system32\DRIVERS\SaiH0763.sys 131072 bytes (Saitek, Saitek Hid Driver)
0x93431000 C:\Windows\system32\DRIVERS\SaiH0BAC.sys 131072 bytes (Saitek, Saitek Hid Driver)
0x8F1B8000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x95D0C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x9488B000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F320000 C:\Windows\system32\DRIVERS\snapman.sys 126976 bytes (Acronis, Acronis Snapshot API)
0x9F4C0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x93451000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x935C1000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x93476000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x93538000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x96FAA000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x949A0000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x94800000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9AE3F000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9AE57000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9AE6E000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8EE00000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8EDE4000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8F19C000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8EB45000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x935DC000 C:\Windows\System32\Drivers\SENTINEL.SYS 86016 bytes (SafeNet, Inc., Sentinel System Driver (NT Parallel driver))
0x9AFEC000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8ED9F000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x934A0000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x948B8000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x95BEE000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x949E7000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x93551000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8F3B7000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9AFC6000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8EC34000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9AF23000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8E800000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8E69F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x93490000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8F36C000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x948CB000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8EAC2000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x95D81000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x9AEB8000 C:\Windows\system32\drivers\WmXlCore.sys 61440 bytes (Logitech Inc., Logitech WingMan Translation Driver)
0x949B8000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x948AA000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8EFE8000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8EB37000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8EE94000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x9AEC7000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8E88C000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x95DE1000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x9AFA5000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x9AE98000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x95C00000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x9AEA5000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA8133000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xA6A35000 C:\Windows\System32\DRIVERS\tssecsrv.sys 53248 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8F1F1000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x94930000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x94818000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8F1E5000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8EB25000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x9AFB2000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x96E00000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x9AFE1000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9520B000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x9AE09000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8EFDD000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x95C0D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x95200000 C:\Windows\system32\DRIVERS\point32k.sys 45056 bytes (Microsoft Corporation, Point32k.sys)
0x8EE17000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x95D2B000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8E9BC000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x9AFD7000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9AF19000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x94926000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9491C000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9AE8E000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA809E000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xA6A2B000 C:\Windows\system32\drivers\tdtcp.sys 40960 bytes (Microsoft Corporation, TCP Transport Driver)
0x9346C000 C:\Windows\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0x8EBF3000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA6AF2000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8EB5B000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9AFBD000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8EEA2000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA6B8A000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x9F490000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8F275000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x96E11000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8E98D000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xA6A7A000 C:\Users\benny\AppData\Local\Temp\ALSysIO.sys 32768 bytes
0x8E6B0000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x9AE14000 C:\Windows\System32\Drivers\btcusb.sys 32768 bytes (IVT Corporation., Bluetooth USB Device Driver)
0x8EB1D000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8F37C000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BD4000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8E9F1000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8EFC5000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8EFCD000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8EFD5000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x95DEE000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x8F316000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8F1DE000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x9AE00000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8F1D7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8EB30000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x9AE87000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x94884000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x96E0B000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x96E1A000 C:\Windows\System32\Drivers\VcommMgr.sys 24576 bytes (IVT Corporation., Bluetooth VcommMgr Driver)
0x96FF7000 C:\Windows\System32\Drivers\IvtBtBus.sys 20480 bytes (IVT Corporation., IVT Bluetooth Bus Device Driver)
0x8F3ED000 C:\Windows\System32\Drivers\BtHidBus.sys 16384 bytes (IVT Corporation., Bluetooth HID BUS Driver)
0xA6A73000 C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys 16384 bytes (IVT Corporation., Bluetooth Network Filter Driver)
0x9AEB4000 C:\Windows\system32\drivers\WmBEnum.sys 16384 bytes (Logitech Inc., Logitech WingMan Virtual Bus Enumerator Driver)
0xA6A77000 C:\Windows\system32\drivers\WmVirHid.sys 12288 bytes (Logitech Inc., Logitech WingMan Virtual Hid Device Driver)
0xA6ACD000 C:\Windows\system32\502.tmp 8192 bytes
0x9AE85000 C:\Windows\system32\DRIVERS\btnetdrv.sys 8192 bytes (IVT Corporation., Bluetooth PAN Network Adapter Driver)
0x95BB3000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 260.99 )
0x8F31E000 C:\Windows\system32\speedfan.sys 8192 bytes (Windows ® 2000 DDK provider, SpeedFan Device Driver)
0x9AEB2000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9AE07000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xA8140000 C:\Windows\system32\DRIVERS\VComm.sys 8192 bytes (IVT Corporation., Bluetooth Serial Port Driver)
0x8F384000 C:\Windows\system32\giveio.sys 4096 bytes
0x87D2C1F8 unknown_irp_handler 3592 bytes
0x8B1D31F8 unknown_irp_handler 3592 bytes
0x87D281F8 unknown_irp_handler 3592 bytes
0x87E221F8 unknown_irp_handler 3592 bytes
0x87D2A1F8 unknown_irp_handler 3592 bytes
0x88E131F8 unknown_irp_handler 3592 bytes
0x895C21F8 unknown_irp_handler 3592 bytes
0x892381F8 unknown_irp_handler 3592 bytes
0x87D261F8 unknown_irp_handler 3592 bytes
0x87D2B1F8 unknown_irp_handler 3592 bytes
0x87D291F8 unknown_irp_handler 3592 bytes
0x8AB8D1F8 unknown_irp_handler 3592 bytes
0x88D083E0 unknown_irp_handler 3104 bytes
0x8921F500 unknown_irp_handler 2816 bytes
0x89508500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
WARNING: File locked for read access [C:\Windows\system32\drivers\xbmgivmzc.sys]
0xA6B97F2E Unknown thread object [ ETHREAD 0x89A8A678 ] , 600 bytes
0xA80F3F2E Unknown thread object [ ETHREAD 0x8AC77848 ] , 600 bytes
0xA6B25F2E Unknown thread object [ ETHREAD 0x88401370 ] , 600 bytes
0xA6AB2F2E Unknown thread object [ ETHREAD 0x88727D48 ] , 600 bytes
0xA6B29F2E Unknown thread object [ ETHREAD 0x8AAF6D48 ] , 600 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,617 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:22 PM

Posted 09 December 2010 - 12:12 PM

Oh yes, the rootkit is definitely there.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 lolhy22

lolhy22
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 09 December 2010 - 12:49 PM

ComboFix 10-12-08.04 - benny 09/12/2010 17:23:41.1.8 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3581.2611 [GMT 0:00]
Running from: c:\users\benny\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Public\Documents\backup nov 2010.reg


.
((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 17:36 . 2010-12-09 17:36 -------- d-----w- c:\users\Mcx2-BENNY-PC\AppData\Local\temp
2010-12-09 17:36 . 2010-12-09 17:36 -------- d-----w- c:\users\Mcx1-BENNY-PC\AppData\Local\temp
2010-12-09 17:36 . 2010-12-09 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-09 04:43 . 2010-12-09 04:43 -------- d-----w- c:\program files\SIW
2010-12-09 04:18 . 2010-12-09 04:22 -------- d-----w- C:\symbols
2010-12-09 02:38 . 2010-12-09 02:38 -------- d-----w- C:\DriveKey
2010-12-08 23:19 . 2010-12-08 23:19 -------- d-----w- c:\users\benny\AppData\Local\eSupport.com
2010-12-08 23:19 . 2010-12-08 23:19 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-12-08 22:52 . 2010-12-08 22:52 -------- d-----w- c:\program files\Microsoft
2010-12-08 22:52 . 2010-12-08 22:52 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-12-08 22:52 . 2010-12-08 22:52 -------- d-----w- c:\program files\Windows Live
2010-12-08 22:32 . 2010-12-08 22:32 -------- d-----w- c:\users\benny\AppData\Local\{BA57D674-59F8-4AF2-AF8F-30195DF13703}
2010-12-08 22:17 . 2010-12-08 22:32 -------- d-----w- c:\users\benny\AppData\Local\Windows Live
2010-12-08 14:25 . 2010-11-16 12:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD53531D-79A8-499E-A97F-EAB850BA1552}\mpengine.dll
2010-12-08 02:25 . 2010-12-08 02:25 69632 ----a-r- c:\users\benny\AppData\Roaming\Microsoft\Installer\{182C5618-801C-4FB2-B2B0-F389FACC900E}\BlackBerry.exe
2010-12-06 23:18 . 2010-12-06 23:18 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2010-12-06 23:18 . 2010-12-06 23:18 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-12-06 23:18 . 2010-12-06 23:18 -------- d-----w- c:\program files\Application Verifier
2010-12-06 23:18 . 2010-12-06 23:18 -------- d-----w- c:\program files\Microsoft SDKs
2010-12-06 08:34 . 2010-12-06 11:52 -------- d-----w- c:\programdata\ActiveSMART
2010-12-06 08:34 . 2010-12-06 11:52 -------- d-----w- c:\program files\ActiveSMART 2.8
2010-12-02 04:49 . 2010-03-01 20:51 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll
2010-12-02 04:49 . 2010-08-18 15:10 809560 ----a-r- c:\windows\system32\tmpFF27.tmp
2010-12-02 04:49 . 2010-06-02 04:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-12-02 04:49 . 2010-06-02 04:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-12-02 04:49 . 2010-06-02 04:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-12-02 04:49 . 2010-05-26 11:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-12-02 04:49 . 2010-05-26 11:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-12-02 04:49 . 2010-05-26 11:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-12-02 04:49 . 2010-05-26 11:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-12-02 04:49 . 2010-05-26 11:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-12-02 04:43 . 2010-12-02 04:43 -------- d-----w- c:\program files\Codemasters
2010-11-27 19:26 . 2010-12-06 11:53 -------- d-----w- c:\users\benni 22
2010-11-26 15:42 . 2010-11-26 15:42 -------- d-----w- c:\users\benny\AppData\Roaming\AVG10
2010-11-26 15:41 . 2010-11-26 15:41 -------- d--h--w- c:\programdata\Common Files
2010-11-26 15:40 . 2010-12-07 04:17 -------- d-----w- c:\programdata\AVG10
2010-11-26 15:40 . 2010-11-26 15:40 -------- d-----w- c:\program files\AVG
2010-11-26 15:38 . 2010-11-26 15:40 -------- d-----w- c:\programdata\MFAData
2010-11-26 13:58 . 2010-11-26 13:58 -------- d-----w- c:\program files\Internet Explorer Platform Preview
2010-11-26 03:29 . 2010-11-26 03:29 -------- d-----w- c:\windows\CheckSur
2010-11-26 01:50 . 2010-11-26 01:50 -------- d-----w- c:\users\benny\AppData\Local\VS Revo Group
2010-11-26 01:50 . 2010-11-26 01:50 -------- d-----w- c:\program files\VS Revo Group
2010-11-26 01:50 . 2009-12-30 11:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-11-26 01:34 . 2010-11-26 01:34 -------- d-----w- C:\WINSSLog
2010-11-26 01:02 . 2010-11-26 01:12 -------- d-----w- c:\program files\Windows Live Safety Center
2010-11-25 20:15 . 2010-11-25 20:18 -------- d-----w- c:\programdata\Kaspersky Lab
2010-11-25 20:15 . 2010-11-25 20:15 -------- d-----w- c:\program files\Kaspersky Lab
2010-11-25 20:14 . 2010-11-25 20:14 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-11-25 20:05 . 2010-11-26 13:54 -------- d-----w- c:\programdata\Norton
2010-11-25 18:57 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 18:57 . 2010-12-07 04:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-25 18:57 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 18:51 . 2010-11-25 18:51 105330 ----a-w- c:\users\benny\AppData\Local\eyuhuwonezonus.dll
2010-11-25 18:44 . 2010-11-25 18:44 -------- d-----w- c:\users\benny\AppData\Roaming\Malwarebytes
2010-11-25 18:43 . 2010-11-26 08:45 -------- d-----w- c:\programdata\Malwarebytes
2010-11-24 00:13 . 2010-11-24 00:13 2493643 ----a-w- c:\windows\system32\abgx360.exe
2010-11-11 02:36 . 2010-11-11 02:36 -------- d-----w- c:\program files\Microsoft LifeCam

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 04:49 . 2009-10-23 03:08 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-02 04:49 . 2009-10-23 03:08 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-11-23 23:53 . 2009-09-15 19:27 65856 ----a-w- c:\windows\system32\drivers\WMDrive.sys
2010-10-22 06:23 . 2010-12-01 19:51 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-22 06:23 . 2010-01-31 23:05 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-19 10:41 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 12:42 . 2010-10-16 12:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:42 . 2010-10-16 12:42 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-10-16 12:42 . 2010-10-16 12:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:42 . 2010-10-16 12:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:42 . 2010-10-16 12:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-07-12 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-07-12 131072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-07-09 229888]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-10 1326080]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-10 904840]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-10 136472]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-06-23 96264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

c:\users\benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-11-29 17:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

R3 ALSysIO;ALSysIO;c:\users\benny\AppData\Local\Temp\ALSysIO.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 5188096]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 125440]
R3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-09-14 79360]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-12-08 23456]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-02-19 17488]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-21 46192]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2010-02-19 24944]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\502.tmp [x]
R3 PORTIO64;PORTIO64;c:\users\benny\Desktop\xbox360\JungleFlasher v0.1.76 Beta (166)\portio32.sys [2008-09-10 2560]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2008-01-21 21512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-08 691696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 172032]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-06-04 143467]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-01-21 26248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [2007-07-13 135296]
S3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2007-07-13 135168]


--- Other Services/Drivers In Memory ---

*Deregistered* - xbmgivmzc

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Ynibohera - c:\users\benny\AppData\Local\ntMtec32.dll
AddRemove-SPACESHUTTLE - e:\microsoft games\Microsoft Flight Simulator X\css001_uninstall.exe
AddRemove-{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1 - d:\program files\bitComposer Games\S.T.A.L.K.E.R. - Call of Pripyat\unins000.exe



[HKEY_LOCAL_MACHINE\system\ControlSet003\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\502.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet003\services\xbmgivmzc]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3076628812-813032057-600001485-1000\Software\SecuROM\License information*]
"datasecu"=hex:fb,c4,45,b0,0d,6c,13,f8,38,b3,ec,6a,a2,15,02,17,2b,85,d2,c4,91,
58,ca,a5,77,7e,c4,9f,f4,be,06,d0,dd,db,00,44,0a,88,8d,79,47,df,ab,8f,cc,22,\
"rkeysecu"=hex:7a,cb,29,8b,a3,90,5d,ae,3f,ed,f1,28,6c,d9,1a,2f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3960)
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\windows\system32\taskhost.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2010-12-09 17:45:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-09 17:45

Pre-Run: 245,177,479,168 bytes free
Post-Run: 247,495,622,656 bytes free

- - End Of File - - 5B297508A8724CD7BAA19C40E1EBE1E5

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,617 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:22 PM

Posted 09 December 2010 - 12:59 PM

Hi again,

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
Rootkit::
c:\windows\system32\drivers\xbmgivmzc.sys

Driver::
xbmgivmzc

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 lolhy22

lolhy22
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 09 December 2010 - 01:23 PM

ComboFix 10-12-08.04 - benny 09/12/2010 18:06:02.2.8 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3581.2386 [GMT 0:00]
Running from: c:\users\benny\Desktop\ComboFix.exe
Command switches used :: c:\users\benny\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XBMGIVMZC
-------\Service_xbmgivmzc


((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 18:14 . 2010-12-09 18:14 -------- d-----w- c:\users\Mcx2-BENNY-PC\AppData\Local\temp
2010-12-09 18:14 . 2010-12-09 18:14 -------- d-----w- c:\users\Mcx1-BENNY-PC\AppData\Local\temp
2010-12-09 04:43 . 2010-12-09 04:43 -------- d-----w- c:\program files\SIW
2010-12-09 04:18 . 2010-12-09 04:22 -------- d-----w- C:\symbols
2010-12-09 02:38 . 2010-12-09 02:38 -------- d-----w- C:\DriveKey
2010-12-08 23:19 . 2010-12-08 23:19 -------- d-----w- c:\users\benny\AppData\Local\eSupport.com
2010-12-08 23:19 . 2010-12-08 23:19 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-12-08 22:52 . 2010-12-08 22:52 -------- d-----w- c:\program files\Microsoft
2010-12-08 22:52 . 2010-12-08 22:52 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-12-08 22:52 . 2010-12-08 22:52 -------- d-----w- c:\program files\Windows Live
2010-12-08 22:32 . 2010-12-08 22:32 -------- d-----w- c:\users\benny\AppData\Local\{BA57D674-59F8-4AF2-AF8F-30195DF13703}
2010-12-08 22:17 . 2010-12-08 22:32 -------- d-----w- c:\users\benny\AppData\Local\Windows Live
2010-12-08 14:25 . 2010-11-16 12:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD53531D-79A8-499E-A97F-EAB850BA1552}\mpengine.dll
2010-12-08 02:25 . 2010-12-08 02:25 69632 ----a-r- c:\users\benny\AppData\Roaming\Microsoft\Installer\{182C5618-801C-4FB2-B2B0-F389FACC900E}\BlackBerry.exe
2010-12-06 23:18 . 2010-12-06 23:18 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2010-12-06 23:18 . 2010-12-06 23:18 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-12-06 23:18 . 2010-12-06 23:18 -------- d-----w- c:\program files\Application Verifier
2010-12-06 23:18 . 2010-12-06 23:18 -------- d-----w- c:\program files\Microsoft SDKs
2010-12-06 08:34 . 2010-12-06 11:52 -------- d-----w- c:\programdata\ActiveSMART
2010-12-06 08:34 . 2010-12-06 11:52 -------- d-----w- c:\program files\ActiveSMART 2.8
2010-12-02 04:49 . 2010-03-01 20:51 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll
2010-12-02 04:49 . 2010-08-18 15:10 809560 ----a-r- c:\windows\system32\tmpFF27.tmp
2010-12-02 04:49 . 2010-06-02 04:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-12-02 04:49 . 2010-06-02 04:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-12-02 04:49 . 2010-06-02 04:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-12-02 04:49 . 2010-05-26 11:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-12-02 04:49 . 2010-05-26 11:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-12-02 04:49 . 2010-05-26 11:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-12-02 04:49 . 2010-05-26 11:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-12-02 04:49 . 2010-05-26 11:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-12-02 04:43 . 2010-12-02 04:43 -------- d-----w- c:\program files\Codemasters
2010-11-27 19:26 . 2010-12-06 11:53 -------- d-----w- c:\users\benni 22
2010-11-26 15:42 . 2010-11-26 15:42 -------- d-----w- c:\users\benny\AppData\Roaming\AVG10
2010-11-26 15:41 . 2010-11-26 15:41 -------- d--h--w- c:\programdata\Common Files
2010-11-26 15:40 . 2010-12-07 04:17 -------- d-----w- c:\programdata\AVG10
2010-11-26 15:40 . 2010-11-26 15:40 -------- d-----w- c:\program files\AVG
2010-11-26 15:38 . 2010-11-26 15:40 -------- d-----w- c:\programdata\MFAData
2010-11-26 13:58 . 2010-11-26 13:58 -------- d-----w- c:\program files\Internet Explorer Platform Preview
2010-11-26 03:29 . 2010-11-26 03:29 -------- d-----w- c:\windows\CheckSur
2010-11-26 01:50 . 2010-11-26 01:50 -------- d-----w- c:\users\benny\AppData\Local\VS Revo Group
2010-11-26 01:50 . 2010-11-26 01:50 -------- d-----w- c:\program files\VS Revo Group
2010-11-26 01:50 . 2009-12-30 11:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-11-26 01:34 . 2010-11-26 01:34 -------- d-----w- C:\WINSSLog
2010-11-26 01:02 . 2010-11-26 01:12 -------- d-----w- c:\program files\Windows Live Safety Center
2010-11-25 20:15 . 2010-11-25 20:18 -------- d-----w- c:\programdata\Kaspersky Lab
2010-11-25 20:15 . 2010-11-25 20:15 -------- d-----w- c:\program files\Kaspersky Lab
2010-11-25 20:14 . 2010-11-25 20:14 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-11-25 20:05 . 2010-11-26 13:54 -------- d-----w- c:\programdata\Norton
2010-11-25 18:57 . 2010-11-29 17:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 18:57 . 2010-12-07 04:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-25 18:57 . 2010-11-29 17:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 18:51 . 2010-11-25 18:51 105330 ----a-w- c:\users\benny\AppData\Local\eyuhuwonezonus.dll
2010-11-25 18:50 . 2010-12-09 18:14 762368 ----a-w- c:\windows\system32\drivers\xbmgivmzc.sys
2010-11-25 18:44 . 2010-11-25 18:44 -------- d-----w- c:\users\benny\AppData\Roaming\Malwarebytes
2010-11-25 18:43 . 2010-11-26 08:45 -------- d-----w- c:\programdata\Malwarebytes
2010-11-24 00:13 . 2010-11-24 00:13 2493643 ----a-w- c:\windows\system32\abgx360.exe
2010-11-11 02:36 . 2010-11-11 02:36 -------- d-----w- c:\program files\Microsoft LifeCam

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 04:49 . 2009-10-23 03:08 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-02 04:49 . 2009-10-23 03:08 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-11-23 23:53 . 2009-09-15 19:27 65856 ----a-w- c:\windows\system32\drivers\WMDrive.sys
2010-10-22 06:23 . 2010-12-01 19:51 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-22 06:23 . 2010-01-31 23:05 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-19 10:41 . 2009-10-14 09:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 12:42 . 2010-10-16 12:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:42 . 2010-10-16 12:42 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-10-16 12:42 . 2010-10-16 12:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:42 . 2010-10-16 12:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:42 . 2010-10-16 12:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-07-12 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-07-12 131072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-07-09 229888]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-10 1326080]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-10 904840]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-10 136472]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-06-23 96264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

c:\users\benny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-11-29 17:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

R3 ALSysIO;ALSysIO;c:\users\benny\AppData\Local\Temp\ALSysIO.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 5188096]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 125440]
R3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-09-14 79360]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-12-08 23456]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-02-19 17488]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-21 46192]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2010-02-19 24944]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\502.tmp [x]
R3 PORTIO64;PORTIO64;c:\users\benny\Desktop\xbox360\JungleFlasher v0.1.76 Beta (166)\portio32.sys [2008-09-10 2560]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2008-01-21 21512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-08 691696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 172032]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-06-04 143467]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-01-21 26248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [2007-07-13 135296]
S3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2007-07-13 135168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
.

[HKEY_LOCAL_MACHINE\system\ControlSet003\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\502.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3076628812-813032057-600001485-1000\Software\SecuROM\License information*]
"datasecu"=hex:fb,c4,45,b0,0d,6c,13,f8,38,b3,ec,6a,a2,15,02,17,2b,85,d2,c4,91,
58,ca,a5,77,7e,c4,9f,f4,be,06,d0,dd,db,00,44,0a,88,8d,79,47,df,ab,8f,cc,22,\
"rkeysecu"=hex:7a,cb,29,8b,a3,90,5d,ae,3f,ed,f1,28,6c,d9,1a,2f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1272)
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-12-09 18:21:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-09 18:21
ComboFix2.txt 2010-12-09 17:45

Pre-Run: 247,398,465,536 bytes free
Post-Run: 247,102,468,096 bytes free

- - End Of File - - 17B21DF4EF685C6A67E830713B34D408

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,617 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:22 PM

Posted 09 December 2010 - 01:29 PM

Hi again, that ought to have done the trick. :)


P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 lolhy22

lolhy22
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 09 December 2010 - 01:50 PM

scanning with MBAM now, as for the Utorrent part in your post, its onlyh been installed for the past couple of weeks as i have been downloading blackberry device updates via it as it uses my connection better. But i understand what you are saying and will take note.

Also just a question, xbmgivmzc.sys is still there in my drivers folders, i take it that it is now a legit file? as before i could find no details on it when i clicked properties, but now its listing details eg: what its for etc

Edited by lolhy22, 09 December 2010 - 01:56 PM.


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,617 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:22 PM

Posted 09 December 2010 - 02:44 PM

Hi there,
The fact that you see the file, means the rootkit is no longer active (otherwise you would not be able to see the file there). MBAM ought to detect and delete the file.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 lolhy22

lolhy22
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 09 December 2010 - 06:48 PM

Have just noticed MBAM have released a database update so i will re-scan so it makes the scan very up to date then :)

Edited by lolhy22, 10 December 2010 - 01:48 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users