Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popup and Fake alerts


  • This topic is locked This topic is locked
15 replies to this topic

#1 frankmc98

frankmc98

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 25 December 2010 - 12:17 PM

Merry Christmas!!! I had the same thing as another poster on my Windows Vista X64 partition of my laptop...programs blocked. fake virus announcements asking do I wish to start my antivirus etc. ALL programs that either tried to access online databases or updates were popping up as infected or were blocked from the internet. Had to use my Open SuSE Linux 11.3 partition to try and get Housecall, MBAM, HiJack, Loaris, and Avast. Ran Loaris and from my Linux partition using Wine and there were lots of issues. Took a chance, used system restore and got back to prior to installing my Trend Micro-Platinum update (my subscription not hacked). I did not use a browser and was able to utilize. MBAM, Housecall, Loaris and Avast on a thumbdrive to clean up stuff but was not able to run Hijack or MBAM aftwerards (I think something is blocking it). Each of the programs found different infections etc. and still I believe there are "bugs" in the partition. I have Trend Micro Platinum and Avast running now, access to email but am afraid to use my web browsers....Here are the different logs. Please help me get this cleaned up. There are just some things I can't yet do from SuSE that I still need Windows for.(Newsbin, Band in a Box, Sibelius) Please help me.Attached File  hijackthis.log   19.12KB   4 downloads Here is the last scan from LoarisAttached File  scan-2010-12-24 22-02-38.log   2.47KB   2 downloads

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:32 PM

Posted 02 January 2011 - 05:07 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 frankmc98

frankmc98
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 02 January 2011 - 09:52 PM

Attached File  DDS.zip   8.54KB   0 downloadsI have since my post run several tools: Loaris, Avast, and Trend Micro House call but was not able to run DDS or Hijack This until this morning. I kept getting some kind of run time error message. I posted the the results in my first post. Here are the results for DDS. I am not sure if there are any more issues so I continue to use the linux side of my Laptop.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/2/2008 4:49:21 AM
System Uptime: 1/1/2011 5:19:49 AM (26 hours ago)

Motherboard: Compal | | 30FC
Processor: AMD Turion™ X2 Dual-Core Mobile RM-70 | Socket M2/S1G1 | 500/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 222 GiB total, 8.599 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.818 GiB free.
E: is CDROM ()
G: is CDROM ()
H: is FIXED (EXT3) - 271 GiB total, 84.039 GiB free.
I: is FIXED (EXT3) - 20 GiB total, 12.822 GiB free.
K: is CDROM ()
P: is FIXED (NTFS) - 303 GiB total, 162.228 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP67: 12/30/2010 7:35:50 AM - Scheduled Checkpoint
RP68: 12/31/2010 7:26:28 AM - Scheduled Checkpoint
RP69: 1/1/2011 12:00:01 AM - Scheduled Checkpoint
RP70: 1/2/2011 12:00:01 AM - Scheduled Checkpoint

==== Installed Programs ======================


"Nero SoundTrax Help
AC3Filter (remove only)
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Advertising Center
Agogo AVI MPEG WMV MOV RM Video Joiner 5.21
Alive DVD Ripper (version 3.2.6.2)
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ArcSoft PhotoImpression 4
Ask Toolbar
AutocompletePro
AVI/MPEG/RM/WMV Joiner 4.11
Band-in-a-Box 2005
Boingo Wi-Fi
BS.Player PRO
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CyberLink DVD Suite
CyberLink YouCam
dBpowerAMP FLAC Codec
dBpowerAMP Monkeys Audio Codec
dBpowerAMP mp3PRO Input Codec
dBpowerAMP Mp4 Codec
dBpowerAMP Musepack Codec
dBpowerAMP Music Converter
dBpowerAMP Ogg Vorbis Codec
dBpowerAMP Shorten Codec
dBpowerAMP WMA V9.1 Codec
DBsign Web Signer
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DolbyFiles
DVD Decrypter (Remove Only)
DVDIdle Pro 5.9.7.2
dvdSanta 4.50
EASEUS Partition Master 5.5.1 Server Edition
EasyBCD 2.0
Encode360 2.03
ffdshow
FLAC 1.2.1a (remove only)
FLV Player 2.0 (build 25)
GB Manager
Google Chrome
Google Update Helper
GPL Ghostscript 8.63
GPL Ghostscript Fonts
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photosmart Essential 2.5
HP Quick Launch
HP Quick Launch Buttons
HP Update
HP User Guides 0103
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
IDT Audio
ImagXpress
InstallRoot 3.13
iPhone Configuration Utility
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
JMicron JMB38X Flash Media Controller
Junk Mail filter update
K-Lite Codec Pack 4.1.7 (Full)
LabelPrint
LightScribe System Software
LimeWire 4.18.8
Loaris Trojan Remover 1.2
M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
Medal of Honor Allied Assault
Media Center 13
Media Player Codec Pack 3.9.6
MegaCam
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft Choice Guard
Microsoft Encarta Premium 2009
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Streets and Trips
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Minefield (3.7a6pre)
Movie Templates - Starter Kit
Mozilla Firefox (3.6.13)
MP3 To Ringtone Gold 7.27
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Native Instruments Guitar Rig 3
Native Instruments Service Center
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero Mega Plugin Pack
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NewsBin Pro
oggcodecs 0.71.0946
Paragon Drive Backup 8.51 Professional Trial
PayPal Plug-In
PC Pitstop Optimize2 2.0
PDFCreator
pdfforge Toolbar v4.1
PG Music DirectX Plugins 1.3.3.1
PixiePack Codec Pack
PMP DV
Power2Go
PowerDirector
PowerISO
PSSWCORE
PureEdge Viewer 6.5
QLBCASL
Quicken 2008
QuickPar 0.9
QuickTime
QuickVerse 7.0
Quixel's Adventure French
R-Drive Image (remove only)
Real Alternative 2.0.2
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Rhapsody
Rosetta Stone Ltd Services
SA30xx Device Manager
SA30xx Media Converter
Safari
SCR531 Smartcard Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Sibelius 5
Sibelius Scorch
Sibelius Sounds Essentials
Sibelius Sounds Essentials Update
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista_2 (c:\SiLabs\MCU\CP210x\Windows_2K_XP_S2K3_Vista_2)
SimpleOCR 3.1
Skins
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SoundTrax
StarOffice 9
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Tunebite
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wksiper
TurboTax 2009 wrapper
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.5
WD Diagnostics
WebEx Support Manager for Internet Explorer
WinAVI Video Converter
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
WMP Tag Plus 1.2
Xvid 1.2.2 final uninstall
YouTube Downloader 2.6.2
YouTube Downloader Toolbar v4.1

==== Event Viewer Messages From Past Week ========

12/31/2010 7:27:49 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.
12/31/2010 5:01:45 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
12/31/2010 11:22:32 AM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCRx31 USB Smart Card Reader 0' rejected IOCTL GET_STATE: The device has been removed.
12/31/2010 10:27:27 AM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
12/30/2010 7:36:54 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy6.
12/30/2010 6:31:29 AM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCRx31 USB Smart Card Reader 0' rejected IOCTL POWER: The smart card is not responding to a reset.
12/30/2010 6:31:29 AM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCRx31 USB Smart Card Reader 0' rejected IOCTL POWER: The device does not recognize the command.
12/29/2010 10:32:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
12/29/2010 10:32:32 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2011 12:01:10 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy4.
1/1/2011 12:01:09 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy3.
1/1/2011 1:31:57 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

==== End Of File ===========================

Edited by frankmc98, 02 January 2011 - 09:58 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:32 PM

Posted 03 January 2011 - 11:53 AM

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 frankmc98

frankmc98
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 03 January 2011 - 01:39 PM

Here is MBCRCheck

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:32 PM

Posted 03 January 2011 - 02:00 PM

Can you run that again and make sure that you copy and paste the entire log. The attached log stopped halfaway :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 frankmc98

frankmc98
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 03 January 2011 - 09:56 PM

here is the entire log ...I guess I stopped the program before it was done:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Compal
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x000087dc

Kernel Drivers (total 203):
0x03009000 \SystemRoot\system32\ntoskrnl.exe
0x03520000 \SystemRoot\system32\hal.dll
0x0060D000 \SystemRoot\system32\kdcom.dll
0x00617000 \SystemRoot\system32\PSHED.dll
0x0062B000 \SystemRoot\system32\CLFS.SYS
0x00688000 \SystemRoot\system32\CI.dll
0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F1000 \SystemRoot\system32\drivers\acpi.sys
0x00947000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00950000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095A000 \SystemRoot\system32\drivers\pci.sys
0x0098A000 \SystemRoot\system32\drivers\isapnp.sys
0x00993000 \SystemRoot\system32\drivers\mpio.sys
0x009B5000 \SystemRoot\System32\drivers\partmgr.sys
0x009CA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009CE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009DA000 \SystemRoot\system32\drivers\volmgr.sys
0x0073A000 \SystemRoot\System32\drivers\volmgrx.sys
0x009EE000 \SystemRoot\system32\drivers\intelide.sys
0x007A0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009F6000 \SystemRoot\system32\drivers\pciide.sys
0x00800000 \SystemRoot\system32\drivers\aliide.sys
0x007B0000 \SystemRoot\system32\drivers\amdide.sys
0x007B7000 \SystemRoot\system32\drivers\cmdide.sys
0x007BF000 \SystemRoot\SysWOW64\drivers\hotcore3.sys
0x007CB000 \SystemRoot\System32\drivers\mountmgr.sys
0x007DE000 \SystemRoot\system32\drivers\msdsm.sys
0x00A06000 \SystemRoot\system32\drivers\nvraid.sys
0x00A29000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A55000 \SystemRoot\system32\drivers\viaide.sys
0x00A5D000 \SystemRoot\system32\drivers\iastorv.sys
0x00B24000 \SystemRoot\system32\drivers\atapi.sys
0x00B2C000 \SystemRoot\system32\drivers\ataport.SYS
0x00B50000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x00B6E000 \SystemRoot\system32\drivers\storport.sys
0x00BCB000 \SystemRoot\system32\drivers\nvstor.sys
0x00BDB000 \SystemRoot\system32\drivers\msahci.sys
0x00BE5000 \SystemRoot\system32\drivers\hpcisss.sys
0x00C0C000 \SystemRoot\system32\drivers\adp94xx.sys
0x00C85000 \SystemRoot\system32\drivers\adpahci.sys
0x00CDB000 \SystemRoot\system32\drivers\adpu160m.sys
0x00CFC000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x00D2A000 \SystemRoot\system32\drivers\adpu320.sys
0x00D59000 \SystemRoot\system32\drivers\djsvs.sys
0x00D71000 \SystemRoot\system32\drivers\arc.sys
0x00D8A000 \SystemRoot\system32\drivers\arcsas.sys
0x00E0B000 \SystemRoot\system32\drivers\elxstor.sys
0x00EAE000 \SystemRoot\system32\drivers\i2omp.sys
0x00EB9000 \SystemRoot\system32\drivers\iirsp.sys
0x00ECA000 \SystemRoot\system32\drivers\iteatapi.sys
0x00ED7000 \SystemRoot\system32\drivers\iteraid.sys
0x00EE4000 \SystemRoot\system32\drivers\lsi_fc.sys
0x00F02000 \SystemRoot\system32\drivers\lsi_sas.sys
0x00F1E000 \SystemRoot\system32\drivers\megasas.sys
0x00F2A000 \SystemRoot\system32\drivers\megasr.sys
0x00FF1000 \SystemRoot\system32\drivers\mraid35x.sys
0x00DA3000 \SystemRoot\system32\drivers\nfrd960.sys
0x0100B000 \SystemRoot\system32\drivers\ql2300.sys
0x0115D000 \SystemRoot\system32\drivers\ql40xx.sys
0x011BB000 \SystemRoot\system32\drivers\sisraid2.sys
0x011C9000 \SystemRoot\system32\drivers\sisraid4.sys
0x011DF000 \SystemRoot\system32\drivers\symc8xx.sys
0x011ED000 \SystemRoot\system32\drivers\sym_hi.sys
0x00DB3000 \SystemRoot\system32\drivers\sym_u3.sys
0x01209000 \SystemRoot\system32\drivers\uliahci.sys
0x01252000 \SystemRoot\system32\drivers\ulsata.sys
0x01281000 \SystemRoot\system32\drivers\ulsata2.sys
0x012C3000 \SystemRoot\system32\drivers\vsmraid.sys
0x012EA000 \SystemRoot\system32\drivers\fltmgr.sys
0x01331000 \SystemRoot\system32\drivers\fileinfo.sys
0x01345000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01400000 \SystemRoot\system32\drivers\ndis.sys
0x0160E000 \SystemRoot\system32\drivers\msrpc.sys
0x0165E000 \SystemRoot\system32\drivers\NETIO.SYS
0x0180C000 \SystemRoot\System32\drivers\tcpip.sys
0x01982000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A0F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B8F000 \SystemRoot\system32\drivers\wd.sys
0x01B97000 \SystemRoot\system32\drivers\volsnap.sys
0x01BDB000 \SystemRoot\System32\Drivers\spldr.sys
0x01BE3000 \SystemRoot\system32\drivers\sbp2port.sys
0x019AE000 \SystemRoot\System32\Drivers\mup.sys
0x019C0000 \SystemRoot\System32\drivers\ecache.sys
0x01A00000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x019EC000 \SystemRoot\system32\drivers\disk.sys
0x01800000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x016B7000 \SystemRoot\system32\drivers\crcdisk.sys
0x016E5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x016F2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x016FB000 \SystemRoot\system32\DRIVERS\processr.sys
0x12C0B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x132BC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x1339F000 \SystemRoot\System32\drivers\watchdog.sys
0x0170E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x133AF000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x12A08000 \SystemRoot\system32\DRIVERS\athrx.sys
0x12B24000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x12B55000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x12B71000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x12B7E000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x12B89000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x12BCF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x12BE0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x133D2000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x133DE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x13403000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x13459000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x1345B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x13467000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x1346C000 \SystemRoot\system32\DRIVERS\enecir.sys
0x13488000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x13494000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x1349D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x134D6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x134E3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x13506000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x13512000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x13543000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x13553000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x13571000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x13589000 \SystemRoot\system32\DRIVERS\termdd.sys
0x1359C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x1359E000 \SystemRoot\system32\DRIVERS\ks.sys
0x135D2000 \SystemRoot\system32\DRIVERS\circlass.sys
0x135E3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x135EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x14200000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x14248000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x1425C000 \SystemRoot\system32\drivers\HdAudio.sys
0x142A5000 \SystemRoot\system32\drivers\portcls.sys
0x142E0000 \SystemRoot\system32\drivers\drmk.sys
0x14303000 \SystemRoot\system32\drivers\ksthunk.sys
0x14309000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x14A08000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x14B44000 \SystemRoot\system32\drivers\modem.sys
0x14B53000 \SystemRoot\system32\DRIVERS\hidir.sys
0x14B5E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x14B70000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x14B78000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x14B83000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x14B8E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x14B98000 \SystemRoot\System32\Drivers\Null.SYS
0x14BA1000 \??\C:\Windows\system32\drivers\SBREdrv.sys
0x14BB0000 \SystemRoot\System32\drivers\vga.sys
0x14BBE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x14BE3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x14BEC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x14384000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x14C0A000 \SystemRoot\System32\Drivers\Ext2Fsd.SYS
0x14CC4000 \SystemRoot\System32\Drivers\RimUsb_AMD64.sys
0x14CCB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x14CD6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x14CEE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x14CFF000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x14D08000 \SystemRoot\system32\DRIVERS\tdx.sys
0x14D25000 \SystemRoot\system32\DRIVERS\smb.sys
0x14D40000 \SystemRoot\system32\drivers\afd.sys
0x14DAB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x143A0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x14DEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x143BE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x143D9000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x133EC000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x1500F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x1505C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x15068000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x15072000 \SystemRoot\System32\Drivers\dfsc.sys
0x1508F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x1509D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x150A9000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x150B3000 \SystemRoot\System32\drivers\Dxapi.sys
0x150BF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x150D2000 \SystemRoot\system32\drivers\luafv.sys
0x150F4000 \SystemRoot\system32\drivers\spsys.sys
0x1518E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x151A2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x151D6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x151E1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x16C03000 \SystemRoot\system32\drivers\HTTP.sys
0x16CA6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x16CCF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x16CED000 \SystemRoot\System32\drivers\mpsdrv.sys
0x16D07000 \SystemRoot\system32\drivers\mrxdav.sys
0x16D2E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x16D57000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x16DA0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x16DBF000 \SystemRoot\System32\DRIVERS\srv2.sys
0x16E06000 \SystemRoot\System32\DRIVERS\srv.sys
0x16E9A000 \SystemRoot\system32\DRIVERS\tmcomm.sys
0x16EC1000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
0x16ED7000 \SystemRoot\system32\DRIVERS\tmactmon.sys
0x16EF5000 \SystemRoot\system32\drivers\peauth.sys
0x16FAB000 \SystemRoot\system32\drivers\regi.sys
0x16FB3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x16FBE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x015C3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x013CC000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00690000 \SystemRoot\System32\cdd.dll
0x16FCE000 \SystemRoot\system32\drivers\SndTAudio.sys
0x76CF0000 \Windows\System32\ntdll.dll

Processes (total 105):
0 System Idle Process
4 System
548 C:\Windows\System32\smss.exe
616 csrss.exe
672 C:\Windows\System32\wininit.exe
692 csrss.exe
728 C:\Windows\System32\winlogon.exe
768 C:\Windows\System32\services.exe
780 C:\Windows\System32\lsass.exe
788 C:\Windows\System32\lsm.exe
944 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
452 C:\Windows\System32\Ati2evxx.exe
560 C:\Windows\System32\svchost.exe
12 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\stacsv64.exe
1180 C:\Windows\System32\audiodg.exe
1232 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\SLsvc.exe
1304 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\hpservice.exe
1432 C:\Windows\System32\Ati2evxx.exe
1560 C:\Windows\System32\svchost.exe
1692 C:\Windows\System32\wlanext.exe
1772 C:\Windows\System32\spoolsv.exe
1824 C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
1856 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
1864 C:\Windows\System32\svchost.exe
1160 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
2112 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
2140 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe
2164 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
2176 C:\Windows\System32\agr64svc.exe
2196 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2204 C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
2244 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
2272 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2288 C:\Windows\System32\svchost.exe
2324 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2368 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2480 C:\Windows\System32\lxcgcoms.exe
2496 C:\Windows\System32\spool\drivers\x64\3\lxdmserv.exe
2544 C:\Windows\System32\lxdmcoms.exe
2572 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
2628 C:\Windows\System32\svchost.exe
2644 C:\Windows\SMINST\BLService.exe
2684 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2712 C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
2744 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2780 C:\Windows\System32\svchost.exe
2804 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
2856 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
2876 C:\Windows\System32\svchost.exe
2900 C:\Windows\System32\SearchIndexer.exe
2536 C:\Windows\System32\taskeng.exe
1400 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1396 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
304 C:\Windows\System32\taskeng.exe
868 C:\Windows\System32\dwm.exe
3964 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
1084 C:\Program Files (x86)\Lexmark 5000 Series\lxdmmon.exe
3860 C:\Program Files (x86)\Lexmark 5000 Series\lxdmamon.exe
2488 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3396 C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe
3488 C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe
2972 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
1088 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
608 C:\Program Files\IDT\WDM\sttray64.exe
2980 C:\Program Files\Windows Sidebar\sidebar.exe
3224 C:\Windows\ehome\ehtray.exe
2728 C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE
3348 C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
400 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1056 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
156 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
4016 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4184 WmiPrvSE.exe
4240 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4432 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4528 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4904 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
4988 C:\Program Files\Ext2Fsd\Ext2Mgr.exe
5044 C:\Windows\System32\vds.exe
5092 C:\Program Files (x86)\iTunes\iTunesHelper.exe
1444 C:\Windows\ehome\ehmsas.exe
3632 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3592 C:\Program Files\iPod\bin\iPodService.exe
1448 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3000 C:\Windows\System32\wbem\unsecapp.exe
5948 C:\Windows\splwow64.exe
4884 C:\Windows\explorer.exe
2668 C:\Windows\System32\wuauclt.exe
2800 C:\Windows\System32\notepad.exe
3388 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1572 C:\Program Files\ActivIdentity\ActivClient\acCOMpkcs.exe
1360 C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
5460 C:\Program Files (x86)\Java\jre6\bin\java.exe
1132 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5600 C:\Program Files (x86)\NewsBin\nbpro.exe
3060 C:\Program Files (x86)\Loaris\Trojan Remover\ltr.exe
6464 C:\Windows\SysWOW64\snmvtsvc.exe
5636 C:\Program Files\Windows Mail\WinMail.exe
6392 C:\Program Files (x86)\Safari\Safari.exe
3832 C:\Users\Frank McCaskill\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`82500000 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000005`80800000 (EXT3)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`80700000 (EXT3)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000
\\.\P: --> \\.\PhysicalDrive1 at offset 0x00000049`5c16c200 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01
PhysicalDrive1 Model Number: ST9640320AS, Rev: 0001SDM1

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4D39668B1986B54C28E40688194C95F8697773B9
596 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 51674214071B43C2E7A2F309DC222540CF033851


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:32 PM

Posted 04 January 2011 - 08:15 PM

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:32 PM

Posted 08 January 2011 - 09:50 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#10 frankmc98

frankmc98
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 09 January 2011 - 01:11 PM

sorry I was gone for a few days I ran tdsskiller and it found nothing, here is the report:


2011/01/09 12:03:36.0258 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/09 12:03:36.0258 ================================================================================
2011/01/09 12:03:36.0258 SystemInfo:
2011/01/09 12:03:36.0258
2011/01/09 12:03:36.0258 OS Version: 6.0.6002 ServicePack: 2.0
2011/01/09 12:03:36.0258 Product type: Workstation
2011/01/09 12:03:36.0259 ComputerName: FRANKMCCASKI-PC
2011/01/09 12:03:36.0259 UserName: Frank McCaskill
2011/01/09 12:03:36.0259 Windows directory: C:\Windows
2011/01/09 12:03:36.0259 System windows directory: C:\Windows
2011/01/09 12:03:36.0259 Running under WOW64
2011/01/09 12:03:36.0259 Processor architecture: Intel x64
2011/01/09 12:03:36.0259 Number of processors: 2
2011/01/09 12:03:36.0259 Page size: 0x1000
2011/01/09 12:03:36.0259 Boot type: Normal boot
2011/01/09 12:03:36.0259 ================================================================================
2011/01/09 12:03:36.0260 Utility is running under WOW64
2011/01/09 12:03:40.0722 Initialize success
2011/01/09 12:03:48.0493 ================================================================================
2011/01/09 12:03:48.0493 Scan started
2011/01/09 12:03:48.0494 Mode: Manual;
2011/01/09 12:03:48.0494 ================================================================================
2011/01/09 12:03:51.0219 Accelerometer (a768c6f605bc395d3b57fa0dc3ac3457) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/01/09 12:03:51.0328 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/01/09 12:03:51.0398 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/01/09 12:03:51.0512 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/01/09 12:03:51.0587 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/01/09 12:03:51.0645 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/01/09 12:03:51.0765 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/01/09 12:03:51.0889 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/01/09 12:03:51.0998 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/01/09 12:03:52.0053 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/01/09 12:03:52.0125 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/01/09 12:03:52.0158 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/01/09 12:03:52.0196 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/09 12:03:52.0298 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/01/09 12:03:52.0331 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/01/09 12:03:52.0381 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/09 12:03:52.0436 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/01/09 12:03:52.0794 athr (7392080816811f6500ff685b8db66d7f) C:\Windows\system32\DRIVERS\athrx.sys
2011/01/09 12:03:53.0407 atikmdag (bef007dfbf5bd8d50c03500b247afae4) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/09 12:03:53.0623 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/01/09 12:03:53.0730 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/01/09 12:03:53.0867 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/01/09 12:03:53.0930 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/09 12:03:53.0969 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/01/09 12:03:54.0009 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/01/09 12:03:54.0051 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/01/09 12:03:54.0080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/01/09 12:03:54.0115 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/01/09 12:03:54.0160 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/01/09 12:03:54.0204 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/01/09 12:03:54.0233 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/01/09 12:03:54.0271 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
2011/01/09 12:03:54.0339 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
2011/01/09 12:03:54.0405 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
2011/01/09 12:03:54.0443 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/09 12:03:54.0522 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/09 12:03:54.0573 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/09 12:03:54.0656 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/01/09 12:03:54.0765 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/09 12:03:54.0802 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/01/09 12:03:54.0857 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/09 12:03:54.0895 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/01/09 12:03:55.0021 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/01/09 12:03:55.0089 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/01/09 12:03:55.0170 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/01/09 12:03:55.0265 DrmRAudio (fbc16fed3d4d390c9ce78e07b7fca9f3) C:\Windows\system32\drivers\DrmRAudio.sys
2011/01/09 12:03:55.0371 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/09 12:03:55.0439 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/01/09 12:03:55.0535 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/01/09 12:03:55.0633 ElbyCDIO (15814b675e9d08953f2c64e4e5ccb4f4) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/01/09 12:03:55.0720 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/01/09 12:03:55.0827 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
2011/01/09 12:03:55.0908 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
2011/01/09 12:03:55.0997 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/01/09 12:03:56.0056 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
2011/01/09 12:03:56.0187 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/01/09 12:03:56.0285 Ext2Fsd (77541bb9ea03008ff40035f2d3ef114e) C:\Windows\system32\drivers\Ext2Fsd.sys
2011/01/09 12:03:56.0399 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/01/09 12:03:56.0449 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/09 12:03:56.0551 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/01/09 12:03:56.0594 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/01/09 12:03:56.0632 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/09 12:03:56.0721 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/01/09 12:03:56.0832 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/01/09 12:03:56.0895 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/09 12:03:56.0948 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/09 12:03:57.0017 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/09 12:03:57.0113 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
2011/01/09 12:03:57.0227 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/09 12:03:57.0301 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/01/09 12:03:57.0379 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/09 12:03:57.0464 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/09 12:03:57.0589 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/01/09 12:03:57.0645 hpdskflt (4bebf72764caa516119a9c1287eda930) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/01/09 12:03:57.0719 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/01/09 12:03:57.0801 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/01/09 12:03:57.0903 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/01/09 12:03:58.0082 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/01/09 12:03:58.0251 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/01/09 12:03:58.0316 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/09 12:03:58.0388 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/01/09 12:03:58.0695 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/01/09 12:03:59.0564 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/01/09 12:03:59.0672 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/09 12:03:59.0805 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/09 12:03:59.0903 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/01/09 12:03:59.0940 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/01/09 12:04:00.0060 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/01/09 12:04:00.0124 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/01/09 12:04:00.0222 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/09 12:04:00.0249 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/01/09 12:04:00.0274 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/01/09 12:04:00.0365 ivusb (5c6671764e8411abc86f96a1d1fb30c9) C:\Windows\system32\DRIVERS\ivusb.sys
2011/01/09 12:04:00.0429 JMCR (f12fdd192cc5729304ac7ce9e89c81a0) C:\Windows\system32\DRIVERS\jmcr.sys
2011/01/09 12:04:00.0464 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/09 12:04:00.0535 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/09 12:04:00.0621 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/09 12:04:00.0675 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/01/09 12:04:00.0792 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/09 12:04:00.0890 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/09 12:04:00.0918 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/09 12:04:00.0950 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/09 12:04:00.0987 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/01/09 12:04:01.0132 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/01/09 12:04:01.0209 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/01/09 12:04:01.0264 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/01/09 12:04:01.0343 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/09 12:04:01.0376 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/09 12:04:01.0411 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/09 12:04:01.0450 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/01/09 12:04:01.0478 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/01/09 12:04:01.0520 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/09 12:04:01.0557 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/01/09 12:04:01.0647 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/09 12:04:01.0731 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/09 12:04:01.0828 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/09 12:04:01.0919 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/09 12:04:02.0000 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/01/09 12:04:02.0030 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/01/09 12:04:02.0089 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/01/09 12:04:02.0146 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/01/09 12:04:02.0191 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/09 12:04:02.0248 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/09 12:04:02.0288 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/01/09 12:04:02.0384 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/01/09 12:04:02.0448 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/09 12:04:02.0522 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/01/09 12:04:02.0551 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/01/09 12:04:02.0644 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/09 12:04:02.0757 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/01/09 12:04:02.0840 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/09 12:04:02.0890 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/09 12:04:02.0983 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/09 12:04:03.0028 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/01/09 12:04:03.0089 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/09 12:04:03.0201 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/09 12:04:03.0316 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/01/09 12:04:03.0397 nk_bus (a64d9014f43889b2da04e29702bd4170) C:\Windows\system32\Drivers\nk_bus.sys
2011/01/09 12:04:03.0500 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/01/09 12:04:03.0557 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/09 12:04:03.0684 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/01/09 12:04:03.0757 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/01/09 12:04:03.0816 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
2011/01/09 12:04:03.0887 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/01/09 12:04:03.0925 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/01/09 12:04:03.0972 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/01/09 12:04:04.0079 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/09 12:04:04.0152 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/01/09 12:04:04.0240 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/01/09 12:04:04.0327 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/01/09 12:04:04.0358 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/01/09 12:04:04.0401 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/01/09 12:04:04.0462 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/01/09 12:04:04.0692 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/09 12:04:04.0724 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
2011/01/09 12:04:04.0823 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/09 12:04:04.0894 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/01/09 12:04:04.0963 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/01/09 12:04:05.0004 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/09 12:04:05.0049 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/09 12:04:05.0145 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/09 12:04:05.0232 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/09 12:04:05.0318 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/09 12:04:05.0427 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/09 12:04:05.0472 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/09 12:04:05.0522 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/01/09 12:04:05.0558 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/09 12:04:05.0631 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/01/09 12:04:05.0703 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
2011/01/09 12:04:05.0810 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/01/09 12:04:05.0905 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/01/09 12:04:05.0984 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/01/09 12:04:06.0034 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
2011/01/09 12:04:06.0133 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/09 12:04:06.0180 RTL8169 (390482953c63e81bae52f20386394421) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/01/09 12:04:06.0264 S3XXx64 (d9693eb930b3ff0861d9f454cafe5b10) C:\Windows\system32\DRIVERS\S3XXx64.sys
2011/01/09 12:04:06.0310 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/01/09 12:04:06.0394 SBRE (7e07d2a5b910c71d6474e9aa0eaa1825) C:\Windows\system32\drivers\SBREdrv.sys
2011/01/09 12:04:06.0464 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
2011/01/09 12:04:06.0608 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/09 12:04:06.0659 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/01/09 12:04:06.0742 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/01/09 12:04:06.0779 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/01/09 12:04:06.0813 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/01/09 12:04:06.0876 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/01/09 12:04:06.0923 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/09 12:04:06.0961 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/01/09 12:04:06.0993 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/01/09 12:04:07.0105 silabenm (720088aad691ff1d90be8ec28727f6ca) C:\Windows\system32\DRIVERS\silabenm.sys
2011/01/09 12:04:07.0185 silabser (a2c45d9917f1d2136c17a32d9482c257) C:\Windows\system32\DRIVERS\silabser.sys
2011/01/09 12:04:07.0220 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/01/09 12:04:07.0253 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/01/09 12:04:07.0364 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/01/09 12:04:07.0467 SndTAudio (80987a8ac8ca774f7aaa14a7cdefcbff) C:\Windows\system32\drivers\SndTAudio.sys
2011/01/09 12:04:07.0562 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/01/09 12:04:07.0666 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2011/01/09 12:04:07.0785 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/09 12:04:07.0828 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/09 12:04:07.0966 STHDA (8d1ce4322a35f840711b87927cb57c05) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/01/09 12:04:08.0094 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/09 12:04:08.0141 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/01/09 12:04:08.0176 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/01/09 12:04:08.0226 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/01/09 12:04:08.0308 SynTP (c52b05821884f9a0ebee38c45dbd73cd) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/09 12:04:08.0425 tbhsd (380aa9606d56e3c7d05fbf3655ec64ea) C:\Windows\system32\drivers\tbhsd.sys
2011/01/09 12:04:08.0787 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/01/09 12:04:09.0058 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/09 12:04:09.0166 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/09 12:04:09.0252 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/01/09 12:04:09.0286 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/01/09 12:04:09.0371 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/09 12:04:09.0456 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/09 12:04:09.0595 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
2011/01/09 12:04:09.0706 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
2011/01/09 12:04:09.0745 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
2011/01/09 12:04:09.0805 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/01/09 12:04:09.0956 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/09 12:04:10.0000 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/01/09 12:04:10.0098 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/09 12:04:10.0132 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/01/09 12:04:10.0227 UCharger (eee9e6f8e952ccafa54e84e3404cc00d) C:\Windows\system32\Drivers\UCharger.sys
2011/01/09 12:04:10.0351 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/09 12:04:10.0430 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/09 12:04:10.0477 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/01/09 12:04:10.0527 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/01/09 12:04:10.0574 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/01/09 12:04:10.0700 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/09 12:04:10.0766 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2011/01/09 12:04:10.0845 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2011/01/09 12:04:10.0888 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/09 12:04:10.0982 USBCCID (f8e1cb9b8da037219953190cd2aca358) C:\Windows\system32\DRIVERS\usbccid.sys
2011/01/09 12:04:11.0032 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/01/09 12:04:11.0073 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/09 12:04:11.0155 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/09 12:04:11.0195 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/09 12:04:11.0273 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/09 12:04:11.0356 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/09 12:04:11.0463 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/09 12:04:11.0515 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/09 12:04:11.0574 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/01/09 12:04:11.0639 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/09 12:04:11.0678 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/01/09 12:04:11.0723 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/01/09 12:04:11.0822 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/01/09 12:04:11.0927 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/01/09 12:04:12.0052 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/01/09 12:04:12.0113 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/01/09 12:04:12.0226 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/01/09 12:04:12.0298 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/09 12:04:12.0320 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/09 12:04:12.0415 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/01/09 12:04:12.0485 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
2011/01/09 12:04:12.0539 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/09 12:04:12.0682 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/01/09 12:04:12.0874 winusb (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/01/09 12:04:12.0924 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/09 12:04:13.0018 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/01/09 12:04:13.0080 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/09 12:04:13.0227 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/09 12:04:13.0359 ================================================================================
2011/01/09 12:04:13.0359 Scan finished
2011/01/09 12:04:13.0359 ================================================================================
2011/01/09 12:05:21.0645 ================================================================================
2011/01/09 12:05:21.0645 Scan started
2011/01/09 12:05:21.0645 Mode: Manual;
2011/01/09 12:05:21.0645 ================================================================================
2011/01/09 12:05:23.0017 Accelerometer (a768c6f605bc395d3b57fa0dc3ac3457) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/01/09 12:05:23.0115 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/01/09 12:05:23.0173 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/01/09 12:05:23.0217 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/01/09 12:05:23.0261 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/01/09 12:05:23.0301 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/01/09 12:05:23.0418 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/01/09 12:05:23.0558 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/01/09 12:05:23.0596 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/01/09 12:05:23.0716 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/01/09 12:05:23.0767 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/01/09 12:05:23.0795 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/01/09 12:05:23.0838 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/09 12:05:23.0918 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/01/09 12:05:23.0961 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/01/09 12:05:24.0035 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/09 12:05:24.0100 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/01/09 12:05:24.0205 athr (7392080816811f6500ff685b8db66d7f) C:\Windows\system32\DRIVERS\athrx.sys
2011/01/09 12:05:24.0456 atikmdag (bef007dfbf5bd8d50c03500b247afae4) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/09 12:05:24.0547 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/01/09 12:05:24.0626 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/01/09 12:05:24.0675 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/01/09 12:05:24.0715 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/09 12:05:24.0743 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/01/09 12:05:24.0772 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/01/09 12:05:24.0814 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/01/09 12:05:24.0843 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/01/09 12:05:24.0879 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/01/09 12:05:24.0912 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/01/09 12:05:24.0956 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/01/09 12:05:24.0985 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/01/09 12:05:25.0023 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
2011/01/09 12:05:25.0079 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
2011/01/09 12:05:25.0124 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
2011/01/09 12:05:25.0162 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/09 12:05:25.0252 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/09 12:05:25.0292 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/09 12:05:25.0386 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/01/09 12:05:25.0606 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/09 12:05:25.0644 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/01/09 12:05:25.0687 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/09 12:05:25.0729 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/01/09 12:05:25.0839 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/01/09 12:05:25.0933 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/01/09 12:05:26.0234 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/01/09 12:05:26.0328 DrmRAudio (fbc16fed3d4d390c9ce78e07b7fca9f3) C:\Windows\system32\drivers\DrmRAudio.sys
2011/01/09 12:05:26.0425 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/09 12:05:26.0470 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/01/09 12:05:26.0565 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/01/09 12:05:26.0663 ElbyCDIO (15814b675e9d08953f2c64e4e5ccb4f4) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/01/09 12:05:26.0704 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/01/09 12:05:26.0779 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
2011/01/09 12:05:26.0849 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
2011/01/09 12:05:26.0883 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/01/09 12:05:26.0919 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
2011/01/09 12:05:27.0017 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/01/09 12:05:27.0093 Ext2Fsd (77541bb9ea03008ff40035f2d3ef114e) C:\Windows\system32\drivers\Ext2Fsd.sys
2011/01/09 12:05:27.0184 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/01/09 12:05:27.0246 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/09 12:05:27.0314 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/01/09 12:05:27.0346 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/01/09 12:05:27.0373 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/09 12:05:27.0462 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/01/09 12:05:27.0562 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/01/09 12:05:27.0603 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/09 12:05:27.0645 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/09 12:05:27.0713 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/09 12:05:27.0810 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
2011/01/09 12:05:27.0923 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/09 12:05:27.0986 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/01/09 12:05:28.0065 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/09 12:05:28.0128 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/09 12:05:28.0218 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/01/09 12:05:28.0264 hpdskflt (4bebf72764caa516119a9c1287eda930) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/01/09 12:05:28.0348 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/01/09 12:05:28.0431 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/01/09 12:05:28.0511 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/01/09 12:05:28.0654 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/01/09 12:05:28.0713 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/01/09 12:05:28.0756 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/09 12:05:28.0805 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/01/09 12:05:28.0857 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/01/09 12:05:28.0903 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/01/09 12:05:28.0944 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/09 12:05:29.0055 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/09 12:05:29.0131 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/01/09 12:05:29.0179 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/01/09 12:05:29.0233 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/01/09 12:05:29.0262 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/01/09 12:05:29.0350 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/09 12:05:29.0388 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/01/09 12:05:29.0414 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/01/09 12:05:29.0493 ivusb (5c6671764e8411abc86f96a1d1fb30c9) C:\Windows\system32\DRIVERS\ivusb.sys
2011/01/09 12:05:29.0557 JMCR (f12fdd192cc5729304ac7ce9e89c81a0) C:\Windows\system32\DRIVERS\jmcr.sys
2011/01/09 12:05:29.0590 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/09 12:05:29.0643 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/09 12:05:29.0738 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/09 12:05:29.0791 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/01/09 12:05:29.0875 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/09 12:05:29.0940 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/09 12:05:29.0979 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/09 12:05:30.0020 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/09 12:05:30.0137 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/01/09 12:05:30.0258 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/01/09 12:05:30.0337 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/01/09 12:05:30.0392 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/01/09 12:05:30.0471 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/09 12:05:30.0513 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/09 12:05:30.0550 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/09 12:05:30.0589 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/01/09 12:05:30.0617 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/01/09 12:05:30.0659 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/09 12:05:30.0707 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/01/09 12:05:30.0910 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/01/09 12:05:31.0137 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/09 12:05:31.0245 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/09 12:05:31.0325 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/09 12:05:31.0406 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/01/09 12:05:31.0436 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/01/09 12:05:31.0495 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/01/09 12:05:31.0540 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/01/09 12:05:31.0586 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/09 12:05:31.0642 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/09 12:05:31.0672 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/01/09 12:05:31.0757 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/01/09 12:05:31.0821 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/09 12:05:31.0851 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/01/09 12:05:31.0890 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/01/09 12:05:31.0983 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/09 12:05:32.0091 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/01/09 12:05:32.0157 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/09 12:05:32.0195 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/09 12:05:32.0300 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/09 12:05:32.0345 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/01/09 12:05:32.0397 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/09 12:05:32.0484 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/09 12:05:32.0557 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/01/09 12:05:32.0648 nk_bus (a64d9014f43889b2da04e29702bd4170) C:\Windows\system32\Drivers\nk_bus.sys
2011/01/09 12:05:32.0750 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/01/09 12:05:32.0818 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/09 12:05:32.0968 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/01/09 12:05:33.0099 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/01/09 12:05:33.0177 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
2011/01/09 12:05:33.0248 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/01/09 12:05:33.0287 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/01/09 12:05:33.0333 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/01/09 12:05:33.0451 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/09 12:05:33.0513 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/01/09 12:05:33.0590 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/01/09 12:05:33.0678 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/01/09 12:05:33.0720 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/01/09 12:05:33.0764 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/01/09 12:05:33.0826 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/01/09 12:05:34.0042 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/09 12:05:34.0108 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
2011/01/09 12:05:34.0207 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/09 12:05:34.0301 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/01/09 12:05:34.0380 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/01/09 12:05:34.0446 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/09 12:05:34.0477 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/09 12:05:34.0562 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/09 12:05:34.0649 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/09 12:05:34.0725 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/09 12:05:34.0811 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/09 12:05:34.0855 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/09 12:05:34.0906 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/01/09 12:05:34.0937 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/09 12:05:35.0003 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/01/09 12:05:35.0065 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
2011/01/09 12:05:35.0182 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/01/09 12:05:35.0278 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/01/09 12:05:35.0379 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/01/09 12:05:35.0429 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
2011/01/09 12:05:35.0528 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/09 12:05:35.0575 RTL8169 (390482953c63e81bae52f20386394421) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/01/09 12:05:35.0659 S3XXx64 (d9693eb930b3ff0861d9f454cafe5b10) C:\Windows\system32\DRIVERS\S3XXx64.sys
2011/01/09 12:05:35.0705 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/01/09 12:05:35.0788 SBRE (7e07d2a5b910c71d6474e9aa0eaa1825) C:\Windows\system32\drivers\SBREdrv.sys
2011/01/09 12:05:35.0854 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
2011/01/09 12:05:36.0003 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/09 12:05:36.0065 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/01/09 12:05:36.0125 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/01/09 12:05:36.0163 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/01/09 12:05:36.0196 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/01/09 12:05:36.0268 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/01/09 12:05:36.0306 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/09 12:05:36.0345 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/01/09 12:05:36.0388 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/01/09 12:05:36.0478 silabenm (720088aad691ff1d90be8ec28727f6ca) C:\Windows\system32\DRIVERS\silabenm.sys
2011/01/09 12:05:36.0546 silabser (a2c45d9917f1d2136c17a32d9482c257) C:\Windows\system32\DRIVERS\silabser.sys
2011/01/09 12:05:36.0593 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/01/09 12:05:36.0637 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/01/09 12:05:36.0759 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/01/09 12:05:36.0862 SndTAudio (80987a8ac8ca774f7aaa14a7cdefcbff) C:\Windows\system32\drivers\SndTAudio.sys
2011/01/09 12:05:36.0946 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/01/09 12:05:37.0039 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2011/01/09 12:05:37.0136 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/09 12:05:37.0191 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/09 12:05:37.0313 STHDA (8d1ce4322a35f840711b87927cb57c05) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/01/09 12:05:37.0378 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/09 12:05:37.0413 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/01/09 12:05:37.0441 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/01/09 12:05:37.0476 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/01/09 12:05:37.0557 SynTP (c52b05821884f9a0ebee38c45dbd73cd) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/09 12:05:37.0664 tbhsd (380aa9606d56e3c7d05fbf3655ec64ea) C:\Windows\system32\drivers\tbhsd.sys
2011/01/09 12:05:37.0782 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/01/09 12:05:37.0900 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/09 12:05:38.0016 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/09 12:05:38.0068 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/01/09 12:05:38.0114 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/01/09 12:05:38.0210 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/09 12:05:38.0294 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/09 12:05:38.0392 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
2011/01/09 12:05:38.0445 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
2011/01/09 12:05:38.0484 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
2011/01/09 12:05:38.0532 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/01/09 12:05:38.0628 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/09 12:05:38.0672 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/01/09 12:05:38.0758 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/09 12:05:38.0793 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/01/09 12:05:38.0876 UCharger (eee9e6f8e952ccafa54e84e3404cc00d) C:\Windows\system32\Drivers\UCharger.sys
2011/01/09 12:05:38.0968 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/09 12:05:39.0046 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/09 12:05:39.0114 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/01/09 12:05:39.0155 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/01/09 12:05:39.0213 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/01/09 12:05:39.0360 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/09 12:05:39.0460 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2011/01/09 12:05:39.0561 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2011/01/09 12:05:39.0626 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/09 12:05:39.0709 USBCCID (f8e1cb9b8da037219953190cd2aca358) C:\Windows\system32\DRIVERS\usbccid.sys
2011/01/09 12:05:39.0759 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/01/09 12:05:39.0800 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/09 12:05:39.0882 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/09 12:05:39.0923 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/09 12:05:40.0000 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/09 12:05:40.0083 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/09 12:05:40.0168 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/09 12:05:40.0220 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/09 12:05:40.0267 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/01/09 12:05:40.0322 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/09 12:05:40.0361 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/01/09 12:05:40.0394 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/01/09 12:05:40.0494 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/01/09 12:05:40.0599 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/01/09 12:05:40.0688 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/01/09 12:05:40.0729 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/01/09 12:05:40.0808 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/01/09 12:05:40.0880 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/09 12:05:40.0903 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/09 12:05:40.0976 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/01/09 12:05:41.0056 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
2011/01/09 12:05:41.0123 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/09 12:05:41.0265 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/01/09 12:05:41.0446 winusb (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/01/09 12:05:41.0485 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/09 12:05:41.0575 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/01/09 12:05:41.0651 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/09 12:05:41.0765 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/09 12:05:41.0910 ================================================================================
2011/01/09 12:05:41.0910 Scan finished
2011/01/09 12:05:41.0910 ================================================================================
2011/01/09 12:05:50.0544 Deinitialize success

Attached Files



#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:32 PM

Posted 09 January 2011 - 07:00 PM

Please now run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#12 frankmc98

frankmc98
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 10 January 2011 - 02:15 AM

here's the result:
ComboFix 11-01-09.02 - Frank McCaskill 01/10/2011 0:42.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2170 [GMT -6:00]
Running from: c:\users\Frank McCaskill\Desktop\ComFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
/wow section - STAGE 50
The system cannot find the file LockedB.
The system cannot find the file lockedB.
The system cannot find the path specified.
The system cannot find the file LockedB.
The system cannot find the file LockedB.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

P:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.

2011-01-10 06:58 . 2011-01-10 06:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-10 06:34 . 2011-01-10 06:35 -------- d-----w- C:\32788R22FWJFW
2011-01-10 05:28 . 2011-01-10 05:28 -------- d-----w- c:\users\Frank McCaskill\{45bc7754-d91a-45d5-95d1-e4dda4ceb265}
2011-01-10 05:17 . 2011-01-10 05:17 58704 ----a-r- c:\users\Frank McCaskill\AppData\Roaming\Microsoft\Installer\{9F153AD3-3523-4542-818E-AE2F92249667}\ARPPRODUCTICON.exe
2011-01-10 03:17 . 2011-01-10 03:17 -------- d-----w- c:\users\Frank McCaskill\{dcb83fec-85fe-456c-b843-4a18da0d57eb}
2011-01-10 03:07 . 2011-01-10 03:18 -------- d-----w- c:\program files (x86)\Samsung
2011-01-10 03:03 . 2011-01-10 03:17 -------- d-----w- c:\program files\SAMSUNG
2011-01-10 01:36 . 2011-01-10 01:36 -------- d-----w- c:\users\Frank McCaskill\AppData\Roaming\HPAppData
2011-01-04 01:45 . 2011-01-04 01:45 -------- d-----w- C:\Converted
2010-12-28 20:22 . 2010-12-28 20:22 -------- d-----w- c:\program files\iPod
2010-12-28 20:22 . 2010-12-28 20:23 -------- d-----w- c:\program files\iTunes
2010-12-28 20:22 . 2010-12-28 20:23 -------- d-----w- c:\program files (x86)\iTunes
2010-12-28 07:21 . 1998-06-24 06:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2010-12-28 07:21 . 1998-07-06 06:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2010-12-28 07:21 . 1999-03-08 06:00 147728 ----a-w- c:\windows\SysWow64\ASYCFILT.DLL
2010-12-24 17:46 . 2010-12-24 17:46 -------- d-----w- c:\program files\Alwil Software
2010-12-24 02:57 . 2010-12-24 02:57 -------- d-----w- c:\program files (x86)\Loaris
2010-12-23 19:20 . 2010-12-23 19:20 -------- d-----w- c:\users\Frank McCaskill\AppData\Roaming\Malwarebytes
2010-12-20 20:00 . 2010-12-20 20:00 -------- d-----w- c:\program files (x86)\ATI Stream
2010-12-20 19:46 . 2010-12-20 19:46 -------- d-----w- C:\ATI
2010-12-20 18:24 . 2010-12-24 05:37 -------- d-----w- c:\program files (x86)\AutocompletePro
2010-12-20 18:22 . 2010-12-20 18:22 142 ---ha-w- C:\aaw7boot.cmd
2010-12-19 16:41 . 2010-12-19 16:41 -------- d-----w- c:\windows\SysWow64\custom matrices
2010-12-19 16:40 . 2010-12-19 16:42 -------- d-----w- c:\windows\SysWow64\C2MP
2010-12-19 16:40 . 2010-12-19 16:40 -------- d-----w- c:\windows\SysWow64\QuickTime
2010-12-19 16:02 . 2009-10-09 20:51 77824 ----a-w- c:\program files (x86)\Windows Media Player\wmp.dll
2010-12-19 16:02 . 2010-12-19 16:02 -------- d-----w- c:\program files (x86)\WMP Tag Plus
2010-12-19 11:26 . 2010-12-19 11:26 -------- d-----w- c:\users\Frank McCaskill\AppData\Local\DFX
2010-12-18 22:25 . 2010-12-18 22:25 -------- d-----w- c:\users\Frank McCaskill\AppData\Local\DrmRemoval
2010-12-18 21:44 . 2010-12-30 04:48 -------- d-----w- c:\program files (x86)\Common Files\Real
2010-12-18 21:07 . 2010-12-18 21:07 -------- d-----w- c:\program files\Common Files\DFX
2010-12-17 22:11 . 2002-11-12 18:22 569397 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2010-12-17 22:11 . 2010-12-25 01:09 -------- d-----w- c:\program files (x86)\Rhapsody
2010-12-17 21:26 . 2010-12-17 21:27 -------- d-----w- c:\users\Frank McCaskill\AppData\Roaming\Engelmann Media
2010-12-17 20:55 . 2010-12-17 20:56 -------- d-----w- c:\users\Frank McCaskill\AppData\Roaming\PowerMp3WmaConverter
2010-12-15 14:06 . 2010-10-28 15:44 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-15 14:06 . 2010-10-28 13:27 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-15 14:06 . 2010-06-16 15:30 72704 ----a-w- c:\windows\SysWow64\fontsub.dll
2010-12-15 14:06 . 2010-11-03 10:53 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 14:06 . 2010-11-03 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2010-12-15 14:04 . 2010-10-12 17:43 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 14:04 . 2010-10-12 15:53 33280 ----a-w- c:\program files (x86)\Windows Mail\wabfind.dll
2010-12-15 14:04 . 2010-10-12 15:19 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 14:04 . 2010-10-12 15:19 68096 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 14:04 . 2010-10-12 13:41 66048 ----a-w- c:\program files (x86)\Windows Mail\wabmig.exe
2010-12-15 14:04 . 2010-10-12 13:41 515584 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-15 14:03 . 2010-10-28 13:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-15 14:02 . 2010-11-04 18:55 352768 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-15 14:02 . 2010-11-04 18:55 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-15 14:02 . 2010-11-04 16:34 171520 ----a-w- c:\windows\SysWow64\taskeng.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-02 20:52 . 2010-11-02 20:52 12 ----a-w- c:\windows\Fonts\wfonts.key
2010-10-25 10:57 . 2010-10-25 10:57 1409 ----a-w- c:\windows\SysWow64\PGChords.FOT
2010-10-25 10:57 . 2010-10-25 10:57 1409 ----a-w- c:\windows\SysWow64\PGTEXTJE.FOT
2010-10-25 10:57 . 2010-10-25 10:57 1409 ----a-w- c:\windows\SysWow64\PGTEXTJ_.FOT
2010-10-25 10:57 . 2010-10-25 10:57 1409 ----a-w- c:\windows\SysWow64\PGTEXT.FOT
2010-10-25 10:57 . 2010-10-25 10:57 1409 ----a-w- c:\windows\SysWow64\PGMUS.FOT
2010-10-25 10:57 . 2010-10-25 10:57 1409 ----a-w- c:\windows\SysWow64\pgjazz__.FOT
2010-06-02 03:59 . 2010-06-02 03:59 8474512 ----a-w- c:\program files (x86)\Common Files\Samsung_Mobile_USB_Driver_V1.3.550.0.exe
2002-01-14 23:30 . 2002-01-14 23:30 21823560 ----a-w- c:\program files\dotnetfx.exe
2002-01-14 23:30 . 2002-01-14 23:30 21823560 ----a-w- c:\program files (x86)\dotnetfx.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 21:12 1244040 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"E09AXLRD_3748563"="c:\program files (x86)\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE" [2008-06-03 351000]
"Loaris Trojan Remover"="c:\program files (x86)\Loaris\Trojan Remover\ltr.exe" [2010-12-16 4688896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"masqform.exe"="c:\program files (x86)\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-04-27 601656]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-20 2303]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Ext2 Volume Manager"="c:\program files\Ext2Fsd\Ext2Mgr.exe" [2009-07-31 1216648]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files (x86)\DVDIdle Pro\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 12:58 75008 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 18:08 49208 ----a-w- c:\program files (x86)\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2009-07-23 16:04 498744 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 23:11 61440 ----a-w- c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 11:25 144784 ----a-w- c:\program files (x86)\Java\jre1.6.0_05\bin\jusched.exe

R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-09 135664]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2010-12-05 34040]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 9096]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 28696]
R3 nk_bus;Nokia USB Bus Service;c:\windows\system32\Drivers\nk_bus.sys [2007-08-10 32256]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2010-01-07 68224]
R3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\DRIVERS\SCR131C.sys [x]
R3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33X2K.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2009-08-10 23040]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2009-08-10 71680]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-04-16 33264]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-25 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 UCharger;Usb Charger Driver;c:\windows\system32\Drivers\UCharger.sys [2007-06-21 10880]
R3 UltraCrypt;UltraCrypt;c:\program files (x86)\UltraLeecher\UltraCrypt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 hotcore3;hotcore3;c:\windows\SysWOW64\drivers\hotcore3.sys [2007-11-06 35096]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 49752]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe [2009-03-03 89600]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2010-10-22 386560]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-04-27 26168]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-12-20 67664]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 60928]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 125328]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 16:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 20:04 8192 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-09 03:27]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-09 03:27]

2011-01-10 c:\windows\Tasks\HPCeeScheduleForFrank McCaskill.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-10 03:03]

2011-01-10 c:\windows\Tasks\User_Feed_Synchronization-{DCB241F0-1F5B-4C86-A4C3-81F18A7AC819}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"lxdmmon.exe"="c:\program files (x86)\Lexmark 5000 Series\lxdmmon.exe" [2007-12-14 455336]
"lxdmamon"="c:\program files (x86)\Lexmark 5000 Series\lxdmamon.exe" [2007-12-14 25256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCGtime.dll" [2007-02-22 28672]
"lxcgmon.exe"="c:\program files (x86)\Lexmark 2300 Series\lxcgmon.exe" [2007-04-30 205744]
"EzPrint"="c:\program files (x86)\Lexmark 2300 Series\ezprint.exe" [2007-04-30 103344]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2010-07-23 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2010-07-23 485416]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-13 456192]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-12-20 192008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Frank McCaskill\AppData\Roaming\Mozilla\Firefox\Profiles\ncjo2t4a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LimeWire Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - %profile%\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Ext: DoD Configuration: {d15c1608-ba3e-4aa0-aa6f-aa9337226087} - %profile%\extensions\{d15c1608-ba3e-4aa0-aa6f-aa9337226087}
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-UIWatcher - c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
Wow6432Node-HKCU-Run-SystemUpdater - \System Updater\Google AdWare.exe
Wow6432Node-HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-(Default) - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-dBpowerAMP FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP mp3PRO Input Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Mp4 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Musepack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Shorten Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP WMA V9.1 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Attached Files



#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:32 PM

Posted 10 January 2011 - 07:22 PM

the Ask toolbar is not recommended. This toolbar enhances internet browsing and provides a direct link to the "ask.com" search engine. This program is not known to be bundled with spyware - The company strongly denies the toolbar as being malware.

Please read why it might be good to remove it here.

If you choose to remove it then follow the instructions below.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick (or right-click, if you are using Vista) the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":



Ask.com



Additional instructions can be found here if needed.


Now the moment of truth. How are the popups and fake alerts now?
Posted Image
m0le is a proud member of UNITE

#14 frankmc98

frankmc98
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 11 January 2011 - 08:22 PM

none that I have seen, however my Loaris program found the following:

Loaris Trojan Remover v.1.2.3.0
Report file date: 1/10/2011 8:12:21 AM

Scanning for 570635 virus strains and unwanted programs.

Licensed for: smccaskill@cox.net
Serial number: R7H6J-RVV29-6W94R-3Z34Z-34MM4
Windows version: Windows ™ Vista Home Premium (version 6.0)
Username: Frank McCaskill
Computer name: FRANKMCCASKI-PC

Starting the file scan:

Hijack.Registry - fixed
Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scanning process...
----- C:\Windows\NIRCMD.exe ---- General
Application.NirCmd
ProdVer: 2.35
FileVer: 2.35
Name : NirCmd
Company: NirSoft
NAC: 2E0CDB653115F1899985071CA6985F40:13
MD5: AE72E8619CB31D84DA25E2435E55003C:31232
EP: 60 BE 00 C0 40 00 8D BE 00 50 FF FF 57 EB 0B 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:61AC5157516E5E2E687D300707DDF5DF:28160
.rsrc:C926C07C18604758648052E6FADC348C:2048


----- C:\Windows\PEV.exe ---- General
W32/Heuristic-210!Eldorado!L
MD5: F1FBA6185A6A2BC6456970914875078E:256512
EP: B8 60 EF 4C 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00 D5 40 9A 9B 09 C8 B2 2C DA DA 5E FF D0 84 18 7F 3F 9A DB 80 6E D8 46 98 0A 9E A7 93 EA E1
SEC:
.text:10FD9CD92EDC7A153B218DDEE60205C2:250368
.rsrc:819809785C41FB4F99E9A4BBDA6774BA:4608
.reloc:3C3C8A3260698CDFD07B5610E18E4E45:512


Scan completed!

Scan result: 2 detected items
Scan completed in: Scan completed in 2 hour(s) 37 min. 27 sec.
Files were scanned: 56294

Attached Files



#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:32 PM

Posted 12 January 2011 - 05:56 AM

They are both legitimate - I believe they are both installed as part of Combofix.

If you are happy then let's go to the final instructions

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it frankmc98, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users