Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible rootkit infection


  • This topic is locked This topic is locked
22 replies to this topic

#1 idwl

idwl

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 01 July 2011 - 08:05 AM

Hi,
I have an infection problem and I need some expert help, please.

I had a malware infection a couple of weeks ago which first came up with a fake virus report. Rkill followed by Malwarebytes didn't find anything, but Superantispyware identified and removed the infection.
On reboot, Win7 did a BSOD just after login every time it started. Safe mode did the same, but safe mode with command line was fine. Eventually did a system restore from before the infection and restored normality (it seemed).
A week ago I found that AVG was disabled, and trying to install MS Security essentials cased a BSOD. Ran TDSSkiller, which found the following.
2011/06/29 11:23:31.0000 2196 ForgedFile.Multi.Generic(MpKsle621b9b8) - User select action: Delete
2011/06/29 11:23:31.0000 2196 LockedFile.Multi.Generic(SafeBoot) - User select action: Skip
All seemed fine and MSE installed and scanned OK.
However, every time I try to download an EXE file from the web, I get the message "xxx.exe contained a virus and was deleted" where xxx was the name of the exe file.

I've run defogger and DDS, but GMER causes a BSOD.
DDS logs attached.

Where do I go from here? Any help gratefully received.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by ilake at 12:17:17.54 on 01/07/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3036.1449 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Network Edition *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Network Edition *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\System32\svchost.exe -k Cognizance
C:\windows\System32\svchost.exe -k Bioscrypt
c:\Program Files\Fingerprint Sensor\AtService.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\Hpservice.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
c:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\AEADISRV.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\altera\61\quartus\bin\jtagserver.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\windows\System32\mobsync.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnp2uvc.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
J:\srigfdsuofgils.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [pdfFactory Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [FixCamera] c:\windows\FixCamera.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
AppInit_DLLs: c:\progra~1\hewlet~1\iam\bin\APSHook.dll avgrsstx.dll
LSA: Notification Packages = scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-4 52872]
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-4-27 13936]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2009-7-30 51408]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-7-30 12960]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-4 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-4 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-4 243152]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2010-9-14 659592]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-20 214024]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl4b5256c8;MpKsl4b5256c8;c:\programdata\microsoft\microsoft antimalware\definition updates\{c30fe84e-1f50-483c-b2d3-60bb97075c6d}\MpKsl4b5256c8.sys [2011-7-1 28752]
R1 MpKslf794f9a1;MpKslf794f9a1;c:\programdata\microsoft\microsoft antimalware\definition updates\{c30fe84e-1f50-483c-b2d3-60bb97075c6d}\MpKslf794f9a1.sys [2011-7-1 28752]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-7-30 12528]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-4 207400]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-4 176128]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-7-14 20992]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Bioscrypt [2009-7-14 20992]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-7-29 1201400]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2010-11-26 5236072]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2009-7-30 45056]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2009-7-30 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2010-1-20 77824]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-2-26 26168]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-1-20 635416]
R3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\drivers\5U876.sys [2010-5-4 118656]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-5-4 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-1-20 228408]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort_5.5.29055.0.sys [2010-11-26 21888]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-4-27 179312]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-6-14 6758912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-1-8 316416]
S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\ftdibus.sys [2010-9-2 47249]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-7-29 482176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-6-29 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-6-30 362040]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-1-20 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-1-20 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-1-20 34248]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2010-3-5 227600]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-13 1120752]
S3 rt70x86;Belkin Wireless G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr70.sys [2007-10-9 291840]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-7 1343400]
.
=============== File Associations ===============
.
.scr=AutoCADLTScriptFile
.
=============== Created Last 30 ================
.
2011-07-01 11:11:08 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{c30fe84e-1f50-483c-b2d3-60bb97075c6d}\MpKsl4b5256c8.sys
2011-07-01 10:59:11 -------- d-----w- c:\program files\ESET
2011-07-01 07:45:20 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{c30fe84e-1f50-483c-b2d3-60bb97075c6d}\MpKslf794f9a1.sys
2011-06-30 19:11:10 7074640 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{c30fe84e-1f50-483c-b2d3-60bb97075c6d}\mpengine.dll
2011-06-29 10:39:39 7074640 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-06-29 01:18:16 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 01:18:13 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 01:18:13 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 01:18:12 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 01:18:12 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 01:18:12 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 01:18:12 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 01:18:11 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 01:18:11 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 01:18:09 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 09:56:57 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9b06fb8d-80a0-47a8-8b61-9bded5f660b5}\gapaengine.dll
2011-06-28 08:50:58 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-06-22 13:13:52 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-22 08:18:11 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-06-22 08:17:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-21 07:59:24 -------- d-----w- c:\progra~2\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2011-06-17 09:48:46 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-17 09:48:46 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 09:48:46 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 09:48:39 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 09:48:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 09:48:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-17 09:48:30 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-17 09:48:28 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 09:48:26 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-17 09:48:13 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 09:48:13 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 09:48:13 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-06 09:03:11 0 ----a-w- c:\users\ilake.trt\appdata\local\Kziqigi.bin
2011-06-06 09:03:10 -------- d-----w- c:\users\ilake.trt\appdata\local\{C721E11B-9FFB-4C18-94A3-D251540761DB}
.
==================== Find3M ====================
.
2011-06-15 07:01:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-27 06:05:49 0 ----a-w- c:\windows\system32\dlumd9.dll
2011-04-27 06:05:49 0 ----a-w- c:\windows\system32\dlumd11.dll
2011-04-27 06:05:49 0 ----a-w- c:\windows\system32\dlumd10.dll
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: TOSHIBA_ rev.LH01 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83214000]<< >>UNKNOWN [0x8BE00000]<< >>UNKNOWN [0x8C600000]<< >>UNKNOWN [0x8CC18000]<< >>UNKNOWN [0x83624000]<< >>UNKNOWN [0x8C0B2000]<< >>UNKNOWN [0x8C316000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83250428] -> \Device\Harddisk0\DR0[0x87B54030]
\Driver\Disk[0x87B53B60] -> IRP_MJ_CREATE -> 0x8BE0439F
3 [0x8BE0459E] -> ntkrnlpa!IofCallDriver[0x83250428] -> [0x87B52AA0]
\Driver\hpdskflt[0x8637B938] -> IRP_MJ_CREATE -> 0x8CC19FB0
5 [0x8CC1A090] -> ntkrnlpa!IofCallDriver[0x83250428] -> [0x8711F388]
\Driver\ACPI[0x8630D990] -> IRP_MJ_CREATE -> 0x8C0BB4AA
7 [0x8C0BB3B2] -> ntkrnlpa!IofCallDriver[0x83250428] -> \Device\Ide\IAAStorageDevice-1[0x8709E028]
\Driver\iaStor[0x870E68E0] -> IRP_MJ_CREATE -> 0x8C35A954
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:25:54.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:31 PM

Posted 04 July 2011 - 01:19 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 idwl

idwl
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 06 July 2011 - 04:43 AM

Hello ST, and thank you for your help. Sorry about the delay replying - I don't think my notifications are getting through and I've just seen the response.
I'll go through your list of stuff to do today.
Thanks,
IDWL

#4 idwl

idwl
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 06 July 2011 - 05:36 AM

Hi ST,
Here we go...
Thanks,
IDWL

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x9BE22000 C:\windows\system32\DRIVERS\NETw5s32.sys 6799360 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x93E11000 C:\windows\system32\DRIVERS\atikmdag.sys 5328896 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x8321A000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x8321A000 PnpManager 4259840 bytes
0x8321A000 RAW 4259840 bytes
0x8321A000 WMIxWDM 4259840 bytes
0x82B50000 Win32k 2404352 bytes
0x82B50000 C:\windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8CA12000 C:\windows\system32\DRIVERS\ql2300.sys 1568768 bytes (QLogic Corporation, QLogic Fibre Channel Stor Miniport Driver)
0x8CE19000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8CC23000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8C249000 C:\windows\system32\drivers\iaStorV.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8D08B000 C:\windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x8C324000 C:\windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x95C18000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C93E000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8BF06000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x92C17000 C:\windows\System32\Drivers\Ext2Fsd.SYS 667648 bytes (www.ext2fsd.com, Ext2 File System Driver for Windows)
0xA7C23000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8C800000 C:\windows\system32\DRIVERS\MegaSR.sys 598016 bytes (LSI Corporation, Inc., LSI MegaRAID Software RAID Driver)
0xA4A1C000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x81E93000 C:\windows\system32\drivers\btwaudio.sys 528384 bytes (Broadcom Corporation., Bluetooth Audio Device)
0x8BE33000 C:\windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x81E20000 C:\windows\system32\DRIVERS\btwavdt.sys 471040 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x8C6A2000 C:\windows\system32\DRIVERS\elxstor.sys 471040 bytes (Emulex, Storport Miniport Driver for LightPulse HBAs)
0x8C03E000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8C4B0000 C:\windows\system32\DRIVERS\adp94xx.sys 434176 bytes (Adaptec, Inc., Adaptec Windows SAS/SATA Storport Driver)
0x9C88A000 C:\windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x926CC000 C:\windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x9C815000 C:\windows\system32\drivers\ADIHdAud.sys 405504 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x8CD90000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x92D6D000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8CB91000 C:\windows\system32\DRIVERS\ql40xx.sys 348160 bytes (QLogic Corporation, QLogic iSCSI Storport Miniport Driver)
0xA7D41000 C:\windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x9C4A8000 C:\windows\system32\DRIVERS\yk62x86.sys 331776 bytes (Marvell, NDIS6.20 Miniport Driver for Marvell Yukon Ethernet Controller)
0xA7CF2000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82A00000 C:\windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8C51A000 C:\windows\system32\DRIVERS\adpahci.sys 311296 bytes (Adaptec, Inc., Adaptec Windows SATA Storport Driver)
0x95D32000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8C1B2000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8C0BD000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8C44C000 C:\windows\system32\DRIVERS\storport.sys 290816 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x9C99E000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x94326000 C:\windows\system32\drivers\dlkmd.sys 278528 bytes (DisplayLink Corp., DisplayLink WDDM KMD)
0x9436A000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8BEC4000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x92638000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8CFA4000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C774000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8C62E000 C:\windows\system32\DRIVERS\amdsbs.sys 249856 bytes (AMD Technologies Inc., AMD Technology AHCI Compatible Controller Driver for Windows family)
0xA4AF9000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x92D01000 C:\windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x95CCF000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8362A000 ACPI_HAL 225280 bytes
0x8362A000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x92786000 C:\windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x8C900000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x95DC4000 C:\windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x9268D000 C:\windows\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0x9C527000 C:\windows\system32\DRIVERS\SynTP.sys 208896 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8D035000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x92D3B000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8CF62000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x92600000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C600000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8CD52000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x92756000 C:\windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8C116000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8D1A3000 C:\windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x8C566000 C:\windows\system32\DRIVERS\adpu320.sys 155648 bytes (Adaptec, Inc., Adaptec StorPort Ultra320 SCSI Driver)
0x8C5A0000 C:\windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8C215000 C:\windows\system32\drivers\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C7B2000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8C8A0000 C:\windows\system32\drivers\nvstor.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x8C8DB000 C:\windows\system32\DRIVERS\vsmraid.sys 151552 bytes (VIA Technologies Inc.,Ltd, VIA RAID DRIVER FOR AMD-X86-64)
0x8C15A000 C:\windows\system32\DRIVERS\mpio.sys 147456 bytes (Microsoft Corporation, MultiPath Support Bus-Driver)
0x9C930000 C:\windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x8C411000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA4AD6000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9C5D8000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA7CC4000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x927BA000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D000000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA4B85000 C:\windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8BFC7000 C:\windows\system32\DRIVERS\msdsm.sys 131072 bytes (Microsoft Corporation, Microsoft Device Specific Module)
0x8D184000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x95D08000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8BE00000 C:\windows\system32\drivers\nvraid.sys 126976 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver)
0x92DCE000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x82DE0000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x9C905000 C:\windows\system32\DRIVERS\5U876.sys 118784 bytes (Ricoh co.,Ltd., Ricoh USB Camera driver)
0x943BF000 C:\windows\system32\drivers\AtiHdmi.sys 118784 bytes (ATI Technologies, Inc., ATI High Definition Audio Function Driver)
0x9C961000 C:\windows\system32\DRIVERS\bthpan.sys 110592 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x81FE0000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA4B34000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8C725000 C:\windows\system32\DRIVERS\lsi_fc.sys 106496 bytes (LSI Corporation, LSI Fusion-MPT FC Driver (StorPort))
0x8C74F000 C:\windows\system32\DRIVERS\lsi_scsi.sys 106496 bytes (LSI Corporation, LSI Fusion-MPT SCSI Driver (StorPort))
0x81E00000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA4AA1000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x943DC000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8C7D7000 C:\windows\System32\Drivers\SafeBoot.sys 102400 bytes
0x8C68A000 C:\windows\system32\DRIVERS\arcsas.sys 98304 bytes (Adaptec, Inc., Adaptec SAS RAID WS03 Driver)
0x92730000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x9C4F9000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8C434000 C:\windows\system32\DRIVERS\lsi_sas.sys 98304 bytes (LSI Corporation, LSI Fusion-MPT SAS Driver (StorPort))
0x9C5B5000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9BE00000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8CE00000 C:\windows\system32\DRIVERS\sbp2port.sys 98304 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0x8C5C6000 C:\windows\system32\drivers\amdsata.sys 94208 bytes (Advanced Micro Devices, AHCI 1.2 Device Driver)
0x95D8C000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x95DA3000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x92CD3000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x9C8EE000 C:\windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA7C0B000 C:\windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8C674000 C:\windows\system32\DRIVERS\arc.sys 90112 bytes (Adaptec, Inc., Adaptec RAID Storport Driver)
0x8BFB1000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8C8C5000 C:\windows\system32\DRIVERS\sisraid4.sys 90112 bytes (Silicon Integrated Systems, SiS AHCI Stor-Miniport Driver)
0xA4B67000 C:\windows\System32\Drivers\SENTINEL.SYS 86016 bytes (SafeNet, Inc., Sentinel System Driver (NT Parallel driver))
0xA7DA2000 C:\windows\system32\DRIVERS\ax88772.sys 81920 bytes (ASIX Electronics Corp., ASIX AX88772/AX88772A Network Driver)
0x8C58C000 C:\windows\system32\DRIVERS\djsvs.sys 81920 bytes (Adaptec, Inc., Adaptec Ultra SCSI miniport)
0xA4A00000 C:\windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x81F22000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8C49D000 C:\windows\system32\DRIVERS\HpSAMD.sys 77824 bytes (Hewlett-Packard Company, Smart Array SAS/SATA Controller Media Driver)
0x8CD7D000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9C800000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8C5DD000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9C5A3000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9C97C000 C:\windows\system32\DRIVERS\bthmodem.sys 73728 bytes (Microsoft Corporation, Bluetooth Communications Driver)
0x9C878000 C:\windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x927DB000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0xA4ABA000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8D06E000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x81FCF000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8CA00000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x943AE000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8C17E000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8BEAB000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x92DED000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x8C715000 C:\windows\system32\DRIVERS\iirsp.sys 65536 bytes (Intel Corp./ICP vortex GmbH, Intel/ICP Raid Storport Driver)
0x9C98E000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C73F000 C:\windows\system32\DRIVERS\lsi_sas2.sys 65536 bytes (LSI Corporation, LSI SAS Gen2 Driver (StorPort))
0x8C7F0000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x9C9E4000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8C5F0000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8C1A2000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8C14B000 C:\windows\system32\DRIVERS\isapnp.sys 61440 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xA7D93000 C:\windows\system32\DRIVERS\NisDrvWFP.sys 61440 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
0x95D7D000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x92748000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x92C00000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C892000 C:\windows\system32\DRIVERS\nfrd960.sys 57344 bytes (IBM Corporation, IBM ServeRAID Controller Driver)
0x92CC5000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8C007000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8CDED000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x9C922000 C:\windows\system32\DRIVERS\STREAM.SYS 57344 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x95C00000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8C0AF000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9C954000 C:\windows\system32\DRIVERS\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x9C581000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x81FC1000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x9C51A000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9C596000 C:\windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x9C55C000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x8CBE6000 C:\windows\system32\DRIVERS\SiSRaid2.sys 53248 bytes (Silicon Integrated Systems Corp., SiS RAID Stor Miniport Driver)
0xA7CE5000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D021000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8D07F000 C:\windows\System32\Drivers\avgrkx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x926C0000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0xA7DE6000 C:\windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x92CF5000 C:\windows\system32\drivers\mfetdik.sys 49152 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x8D1D8000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x9C569000 C:\windows\system32\DRIVERS\Accelerometer.sys 45056 bytes (Hewlett-Packard Company, HP Accelerometer)
0x8C197000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x81F14000 C:\windows\system32\DRIVERS\btwl2cap.sys 45056 bytes (Broadcom Corporation., Broadcom Bluetooth L2CAP Service)
0xA7DD2000 C:\windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8C769000 C:\windows\system32\DRIVERS\megasas.sys 45056 bytes (LSI Corporation, MEGASAS RAID Controller Driver for Windows 7 for x86)
0xA7DB6000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0xA7C00000 C:\windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x92CBA000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9C5CD000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8CBF3000 C:\windows\System32\Drivers\SbAlg.sys 45056 bytes (SafeBoot N.V., SafeBoot FIPS AES Algorithm (256 bit))
0x8CC00000 C:\windows\system32\DRIVERS\storvsc.sys 45056 bytes (Microsoft Corporation, Storage VSC Driver)
0x92CEA000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x95D27000 C:\windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8C140000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x81F3C000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0xA4ACC000 C:\windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x8C493000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x92683000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x92679000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8C934000 C:\windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x95DBA000 C:\windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA7CBA000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9C49E000 C:\windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x8C66B000 C:\windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA7DC9000 C:\windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8C200000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xA4BA6000 C:\windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8CC0B000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8CC14000 C:\windows\system32\DRIVERS\hpdskflt.sys 36864 bytes (Hewlett-Packard Company, HP Disk Filter - SATA/RAID)
0x9C511000 C:\windows\system32\DRIVERS\HpqKbFiltr.sys 36864 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0xA7DDD000 C:\windows\system32\DRIVERS\KMWDFILTER.sys 36864 bytes (Windows ® Codename Longhorn DDK provider, KMWDFilter Driver from UASSOFT.COM)
0x8CFE3000 C:\windows\system32\DRIVERS\stexstor.sys 36864 bytes (Promise Technology, Promise SuperTrak EX Series Driver for Windows )
0x82DB0000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8CF93000 C:\windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0xA4B7C000 C:\windows\system32\DRIVERS\vwifimp.sys 36864 bytes (Microsoft Corporation, Virtual WiFi Miniport Driver)
0x9C578000 C:\windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8C105000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8BEBC000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8C023000 C:\windows\system32\DRIVERS\cmdide.sys 32768 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0x8C18F000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8CFF4000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BB1000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8C10E000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D1E4000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D1EC000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8D1F4000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x9C58E000 C:\windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x8CFEC000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C241000 C:\windows\system32\DRIVERS\viaide.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0x8CF9C000 C:\windows\system32\DRIVERS\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0x8C015000 C:\windows\system32\DRIVERS\aliide.sys 28672 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0x8C01C000 C:\windows\system32\DRIVERS\amdide.sys 28672 bytes (Microsoft Corporation, AMD IDE Driver)
0x8D1D1000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D067000 C:\windows\system32\drivers\dlkmdldr.sys 28672 bytes (DisplayLink Corp., DisplayLink WDDM KMD Loader)
0x81F35000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8C000000 C:\windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8D1CA000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8C23A000 C:\windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x9BE18000 C:\windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x92DC7000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x92780000 C:\windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xA7DC1000 C:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.5.29055.0.sys 24576 bytes (http://libusb-win32.sourceforge.net, DisplayLinkUsb - Kernel Driver)
0xA7DF2000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54B97D55-44CC-476C-AF82-FA1E8F98C70D}\MpKsl8d2e4e56.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x9C574000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x81F1F000 C:\windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)
0x92C0E000 C:\windows\System32\Drivers\RsvLock.SYS 8192 bytes (SafeBoot International, SafeBoot Reserved Files Lock Driver)
0x8CBFE000 C:\windows\System32\Drivers\SbFsLock.sys 8192 bytes (SafeBoot International, SafeBoot FS Locker)
0x9BE1F000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9C55A000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x81FCE000 C:\windows\System32\Drivers\dump_SbHiber.sys 4096 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\windows\system32\drivers\SafeBoot.sys]



OTL logfile created on: 06/07/2011 11:03:40 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = D:\
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.58% Memory free
5.93 Gb Paging File | 3.71 Gb Available in Paging File | 62.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.80 Gb Total Space | 146.74 Gb Free Space | 52.26% Space Free | Partition Type: NTFS
Drive D: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.91% Space Free | Partition Type: FAT32
Drive E: | 1.99 Gb Total Space | 1.91 Gb Free Space | 96.34% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 344.43 Gb Free Space | 73.95% Space Free | Partition Type: NTFS
Drive H: | 4.88 Gb Total Space | 1.82 Gb Free Space | 37.37% Space Free | Partition Type: NTFS
Drive I: | 14.65 Gb Total Space | 3.16 Gb Free Space | 21.56% Space Free | Partition Type: NTFS
Drive N: | 123.08 Mb Total Space | 109.94 Mb Free Space | 89.33% Space Free | Partition Type: FAT
Drive P: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive Q: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive R: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive S: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive U: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive V: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive W: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive X: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive Y: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive Z: | 14.65 Gb Total Space | 3.16 Gb Free Space | 21.56% Space Free | Partition Type: NTFS

Computer Name: ILAKELAPTOP | User Name: ilake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 10:51:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/19 11:00:40 | 002,062,680 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/17 21:49:12 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/25 17:38:44 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010/11/26 02:32:02 | 001,029,480 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2010/11/26 02:32:01 | 000,841,064 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2010/11/26 02:31:59 | 005,236,072 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2010/11/25 10:52:05 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/22 08:58:49 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 08:58:45 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/03/05 09:46:22 | 001,206,544 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/08/25 17:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/25 17:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/04 20:52:26 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/04 20:51:58 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/30 22:28:18 | 000,354,360 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2009/07/30 22:24:02 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2009/07/30 16:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/30 16:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/30 00:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/07/29 21:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) -- c:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/07/28 00:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/23 10:12:00 | 000,078,608 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/07 00:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/07/07 00:34:58 | 011,227,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2009/06/18 18:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/06/04 01:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- c:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/04 01:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/04 01:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/04 01:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2008/07/15 22:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2008/01/22 14:17:32 | 000,331,776 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
PRC - [2007/07/11 16:09:48 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2006/11/20 23:05:04 | 000,139,264 | ---- | M] () -- c:\altera\61\quartus\bin\jtagserver.exe
PRC - [1997/07/11 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/06 10:51:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/06/22 08:58:49 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/30 16:49:56 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
MOD - [2009/07/23 10:05:44 | 000,081,168 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll
MOD - [2009/07/23 10:05:18 | 000,089,872 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/15 19:07:39 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/26 02:31:59 | 005,236,072 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2010/06/22 08:58:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/07 17:05:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/05 08:13:07 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/03/05 09:45:22 | 000,227,600 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/08/25 17:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/08/04 20:51:58 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/30 22:24:02 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/30 00:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/07/29 21:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- c:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/07/23 10:05:32 | 000,192,784 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2009/07/23 10:05:26 | 000,150,288 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/07 00:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/06/30 01:10:26 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/06/18 18:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 19:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/04 01:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2008/07/15 22:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2006/11/20 23:05:04 | 000,139,264 | ---- | M] () [Auto | Running] -- c:\altera\61\quartus\bin\jtagserver.exe -- (JTAGServer)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 06:32:53 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54B97D55-44CC-476C-AF82-FA1E8F98C70D}\MpKsl8d2e4e56.sys -- (MpKsl8d2e4e56)
DRV - [2011/05/06 09:24:10 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/26 02:32:26 | 000,179,312 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\windows\system32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2010/11/26 02:32:26 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2010/11/26 01:31:56 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.5.29055.0.sys -- (DisplayLinkUsbPort)
DRV - [2010/10/20 07:05:02 | 000,038,472 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2010/06/22 08:58:45 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/14 17:33:20 | 000,060,928 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ax88772.sys -- (AX88772)
DRV - [2010/06/14 08:25:54 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2010/06/04 08:08:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/04 17:18:30 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/12 18:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2010/02/26 20:34:18 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/02/26 20:33:56 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/01/08 11:23:00 | 000,316,416 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/17 07:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2009/08/04 21:25:40 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/30 00:30:28 | 000,051,408 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/07/30 00:30:20 | 000,012,960 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/07/30 00:30:18 | 000,012,528 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/07/30 00:30:16 | 000,109,216 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/07/29 22:00:52 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/07/26 22:39:24 | 000,659,592 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2009/07/24 11:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/06/30 14:01:14 | 000,118,656 | ---- | M] (Ricoh co.,Ltd.) [2 MP series] [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U876.sys -- (5U876UVC)
DRV - [2009/06/29 23:45:56 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2009/05/16 03:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/16 03:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 03:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 03:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 03:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/04/29 17:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/29 15:37:26 | 000,025,088 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2007/10/09 05:43:58 | 000,291,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2006/09/09 04:00:48 | 000,007,680 | ---- | M] (Altera Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\pgdhdlc.sys -- (AlteraByteBlaster)
DRV - [2006/05/18 08:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (AlteraUSBBlaster)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/2


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1151580578-3301685223-1810830458-1129\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/2
IE - HKU\S-1-5-21-1151580578-3301685223-1810830458-1129\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1151580578-3301685223-1810830458-1129\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\software\mozilla\Firefox\Extensions\\{C721E11B-9FFB-4C18-94A3-D251540761DB}: C:\Users\ilake.TRT\AppData\Local\{C721E11B-9FFB-4C18-94A3-D251540761DB} [2011/06/06 10:03:10 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{C721E11B-9FFB-4C18-94A3-D251540761DB}: C:\Users\ilake.TRT\AppData\Local\{C721E11B-9FFB-4C18-94A3-D251540761DB} [2011/06/06 10:03:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKU\S-1-5-21-1151580578-3301685223-1810830458-1129\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] c:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [pdfFactory Dispatcher v3] C:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [snp2uvc] File not found
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\S-1-5-21-1151580578-3301685223-1810830458-1129\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.101 158.152.1.58 158.152.1.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = trt.lan
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll) - c:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{da6f6a6f-f86b-11df-832a-08007bb1b6e5}\Shell - "" = AutoRun
O33 - MountPoints2\{da6f6a6f-f86b-11df-832a-08007bb1b6e5}\Shell\AutoRun\command - "" = J:\.\Setup.exe /n,.\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/05 06:54:41 | 000,000,000 | ---D | C] -- C:\Users\ilake.TRT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2011/07/01 11:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/30 07:31:52 | 000,000,000 | ---D | C] -- C:\Users\ilake.TRT\Desktop\Books & reference
[2011/06/29 02:18:13 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll
[2011/06/29 02:18:13 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll
[2011/06/29 02:18:12 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll
[2011/06/29 02:18:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssph.dll
[2011/06/29 02:18:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll
[2011/06/29 02:18:09 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscntrs.dll
[2011/06/28 09:50:58 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2011/06/22 16:16:09 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2011/06/22 16:16:09 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/06/22 16:16:08 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/06/22 16:16:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/06/22 16:16:08 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/06/22 16:16:08 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2011/06/22 16:16:08 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2011/06/22 16:16:08 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/06/22 16:16:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2011/06/22 16:16:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/06/22 16:16:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2011/06/22 16:16:08 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/06/22 16:16:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/06/22 16:16:07 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2011/06/22 16:16:07 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/06/22 16:16:07 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2011/06/22 16:16:07 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2011/06/22 16:16:07 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/06/22 16:16:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/06/22 16:16:07 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2011/06/22 16:16:07 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/06/22 16:16:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2011/06/22 16:16:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/06/22 16:16:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2011/06/22 16:16:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/06/22 16:16:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/06/22 16:16:06 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011/06/22 16:16:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/06/22 16:16:06 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/06/22 16:16:06 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/06/22 16:16:06 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2011/06/22 16:16:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2011/06/22 16:16:06 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2011/06/22 16:16:06 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2011/06/22 16:16:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/06/22 16:16:06 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/06/22 16:16:06 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2011/06/22 16:16:06 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2011/06/22 16:16:06 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/06/22 14:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/22 09:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/22 09:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/21 08:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
[2011/06/17 10:48:26 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/03/31 20:03:00 | 000,184,320 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/05/06 10:10:44 | 000,030,208 | ---- | C] ( ) -- C:\windows\System32\RC00C150.dll
[2010/05/05 08:59:30 | 000,018,944 | ---- | C] ( ) -- C:\windows\System32\Implode.dll

========== Files - Modified Within 30 Days ==========

[2011/07/06 10:56:14 | 000,633,464 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/07/06 10:56:14 | 000,112,456 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/07/06 10:55:13 | 020,790,927 | ---- | M] () -- C:\Users\ilake.TRT\Desktop\X140A ST25DE Control unit 0.06.skp
[2011/07/06 08:16:35 | 020,791,192 | ---- | M] () -- C:\Users\ilake.TRT\Desktop\X140A ST25DE Control unit 0.06.skb
[2011/07/06 08:11:38 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 08:11:38 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 06:20:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/05 17:30:27 | 000,605,610 | ---- | M] () -- C:\Users\ilake.TRT\Desktop\001882-G1.dwg
[2011/07/05 16:01:03 | 000,002,002 | -H-- | M] () -- C:\Users\ilake.TRT\Documents\Default.rdp
[2011/07/05 15:40:53 | 000,605,610 | ---- | M] () -- C:\Users\ilake.TRT\Desktop\001882-G1.bak
[2011/07/05 15:20:49 | 000,007,792 | ---- | M] () -- C:\windows\ilake8.xlb
[2011/07/04 07:44:01 | 2387,816,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/01 12:38:04 | 445,304,454 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/07/01 11:44:15 | 000,000,000 | ---- | M] () -- C:\Users\ilake.TRT\defogger_reenable
[2011/06/29 03:18:48 | 000,556,608 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/06/28 09:53:31 | 000,002,154 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/06/23 07:15:34 | 000,000,320 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForilake.job
[2011/06/22 16:59:56 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/06/22 16:29:35 | 000,001,411 | ---- | M] () -- C:\Users\ilake.TRT\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/22 16:16:09 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2011/06/22 16:16:09 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/06/22 16:16:08 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/06/22 16:16:08 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2011/06/22 16:16:08 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/06/22 16:16:08 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/06/22 16:16:08 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2011/06/22 16:16:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2011/06/22 16:16:08 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/06/22 16:16:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2011/06/22 16:16:08 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/06/22 16:16:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2011/06/22 16:16:08 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/06/22 16:16:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/06/22 16:16:07 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2011/06/22 16:16:07 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/06/22 16:16:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2011/06/22 16:16:07 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2011/06/22 16:16:07 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/06/22 16:16:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/06/22 16:16:07 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2011/06/22 16:16:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/06/22 16:16:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2011/06/22 16:16:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/06/22 16:16:07 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2011/06/22 16:16:07 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2011/06/22 16:16:07 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/06/22 16:16:06 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/06/22 16:16:06 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011/06/22 16:16:06 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/06/22 16:16:06 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/06/22 16:16:06 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/06/22 16:16:06 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2011/06/22 16:16:06 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2011/06/22 16:16:06 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2011/06/22 16:16:06 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/06/22 16:16:06 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/06/22 16:16:06 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2011/06/22 16:16:06 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2011/06/22 16:16:06 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/06/21 21:23:41 | 000,001,876 | ---- | M] () -- C:\Users\ilake.TRT\AppData\Roaming\1.gif
[2011/06/21 21:23:40 | 000,000,012 | ---- | M] () -- C:\Users\ilake.TRT\AppData\Roaming\ct_start
[2011/06/21 08:09:26 | 078,305,009 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2011/06/15 08:01:49 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/06/14 09:05:28 | 000,084,992 | ---- | M] () -- C:\Users\ilake.TRT\Desktop\envelope 14x11.pub
[2011/06/13 10:00:48 | 000,082,432 | ---- | M] () -- C:\Users\ilake.TRT\Desktop\envelope.pub
[2011/06/09 09:41:35 | 000,001,849 | ---- | M] () -- C:\Users\ilake.TRT\AppData\Roaming\GhostObjGAFix.xml
[2011/06/08 08:04:38 | 000,000,000 | ---- | M] () -- C:\Users\ilake.TRT\AppData\Local\Kziqigi.bin
[2011/06/07 17:10:55 | 000,000,120 | ---- | M] () -- C:\Users\ilake.TRT\AppData\Local\Cyate.dat

========== Files Created - No Company Name ==========

[2011/07/06 08:15:24 | 020,791,192 | ---- | C] () -- C:\Users\ilake.TRT\Desktop\X140A ST25DE Control unit 0.06.skb
[2011/07/05 17:23:03 | 020,790,927 | ---- | C] () -- C:\Users\ilake.TRT\Desktop\X140A ST25DE Control unit 0.06.skp
[2011/07/01 11:44:15 | 000,000,000 | ---- | C] () -- C:\Users\ilake.TRT\defogger_reenable
[2011/06/28 09:53:31 | 000,002,154 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/06/28 09:51:45 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/27 08:13:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/22 17:06:08 | 000,000,320 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForilake.job
[2011/06/22 16:59:56 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/06/22 16:29:35 | 000,001,417 | ---- | C] () -- C:\Users\ilake.TRT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/06/22 16:16:07 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2011/06/21 21:23:41 | 000,001,876 | ---- | C] () -- C:\Users\ilake.TRT\AppData\Roaming\1.gif
[2011/06/21 21:23:40 | 000,000,012 | ---- | C] () -- C:\Users\ilake.TRT\AppData\Roaming\ct_start
[2011/06/18 08:02:15 | 005,967,727 | ---- | C] () -- C:\Users\ilake.TRT\Desktop\60617 Database Snapshot (2001).pdf
[2011/06/17 10:59:38 | 000,605,610 | ---- | C] () -- C:\Users\ilake.TRT\Desktop\001882-G1.dwg
[2011/06/17 10:59:38 | 000,605,610 | ---- | C] () -- C:\Users\ilake.TRT\Desktop\001882-G1.bak
[2011/06/14 08:38:18 | 000,084,992 | ---- | C] () -- C:\Users\ilake.TRT\Desktop\envelope 14x11.pub
[2011/06/13 10:00:48 | 000,082,432 | ---- | C] () -- C:\Users\ilake.TRT\Desktop\envelope.pub
[2011/06/06 10:03:11 | 000,000,120 | ---- | C] () -- C:\Users\ilake.TRT\AppData\Local\Cyate.dat
[2011/06/06 10:03:11 | 000,000,000 | ---- | C] () -- C:\Users\ilake.TRT\AppData\Local\Kziqigi.bin
[2011/05/17 09:45:19 | 000,007,680 | ---- | C] () -- C:\Users\ilake.TRT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/27 07:05:49 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd9.dll
[2011/04/27 07:05:49 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd11.dll
[2011/04/27 07:05:49 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd10.dll
[2011/04/05 08:04:03 | 000,001,849 | ---- | C] () -- C:\Users\ilake.TRT\AppData\Roaming\GhostObjGAFix.xml
[2011/03/31 20:02:57 | 000,331,776 | ---- | C] () -- C:\windows\tsnp2uvc.exe
[2011/03/28 09:50:30 | 000,020,480 | ---- | C] () -- C:\windows\FixCamera.exe
[2011/03/14 14:07:08 | 000,012,969 | ---- | C] () -- C:\Users\ilake.TRT\AppData\Roaming\Comma Separated Values (Windows).CAL
[2011/01/05 12:02:49 | 000,038,433 | ---- | C] () -- C:\Users\ilake.TRT\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/12/21 09:49:40 | 000,275,114 | ---- | C] () -- C:\windows\Electrostatics Toolkit Uninstaller.exe
[2010/11/01 14:32:53 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/10/04 08:13:36 | 000,081,920 | ---- | C] () -- C:\windows\System32\MPMapTrace.dll
[2010/10/04 07:22:22 | 000,364,544 | ---- | C] () -- C:\windows\System32\mpPathan.dll
[2010/09/28 15:32:58 | 000,147,456 | ---- | C] () -- C:\windows\System32\ssleay32.dll
[2010/09/28 15:32:56 | 000,651,264 | ---- | C] () -- C:\windows\System32\libeay32.dll
[2010/05/26 13:52:00 | 000,009,136 | ---- | C] () -- C:\windows\System32\Inetwh16.dll
[2010/05/08 19:57:48 | 000,000,256 | ---- | C] () -- C:\windows\System32\pool.bin
[2010/05/06 12:38:29 | 000,210,944 | ---- | C] () -- C:\windows\System32\MSVCRT10.DLL
[2010/05/06 12:38:29 | 000,040,129 | ---- | C] () -- C:\windows\iccsigs.dat
[2010/05/06 12:38:28 | 000,000,149 | ---- | C] () -- C:\windows\KPCMS.INI
[2010/05/06 10:10:47 | 000,000,068 | ---- | C] () -- C:\windows\ricdb.ini
[2010/05/06 08:30:22 | 000,000,000 | ---- | C] () -- C:\windows\System32\RPCS.ini
[2010/05/05 09:00:01 | 000,000,173 | ---- | C] () -- C:\windows\ODBCINST.INI
[2010/05/05 08:59:36 | 000,032,256 | ---- | C] () -- C:\windows\System32\_UNODBC.dll
[2010/05/05 08:59:31 | 000,061,440 | ---- | C] () -- C:\windows\System32\u25store.dll
[2010/05/05 08:59:31 | 000,059,904 | ---- | C] () -- C:\windows\System32\u25total.dll
[2010/05/05 08:59:31 | 000,044,544 | ---- | C] () -- C:\windows\System32\u25dts.dll
[2010/05/05 08:59:31 | 000,040,960 | ---- | C] () -- C:\windows\System32\u2lbar.dll
[2010/05/05 08:59:31 | 000,038,400 | ---- | C] () -- C:\windows\System32\u2ldts.dll
[2010/05/05 08:59:31 | 000,027,136 | ---- | C] () -- C:\windows\System32\u2lsamp1.dll
[2010/05/05 08:59:19 | 000,424,960 | ---- | C] () -- C:\windows\System32\C4dll.dll
[2010/05/05 01:00:11 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/05/04 16:50:49 | 000,002,846 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/30 00:30:16 | 000,109,216 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2009/07/16 02:50:42 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,556,608 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,633,464 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,112,456 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:19:49 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/30 01:10:06 | 000,300,600 | ---- | C] () -- C:\windows\System32\flcdlmsg.dll
[2009/06/19 00:29:04 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/02/18 22:55:22 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2009/02/04 01:52:04 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2006/12/13 17:03:14 | 000,074,240 | ---- | C] () -- C:\windows\System32\zlibwapi.dll
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\windows\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\windows\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\windows\System32\HLINKPRX.DLL

< End of report >


OTL Extras logfile created on: 06/07/2011 11:03:41 - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = D:\
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 50.58% Memory free
5.93 Gb Paging File | 3.71 Gb Available in Paging File | 62.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.80 Gb Total Space | 146.74 Gb Free Space | 52.26% Space Free | Partition Type: NTFS
Drive D: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.91% Space Free | Partition Type: FAT32
Drive E: | 1.99 Gb Total Space | 1.91 Gb Free Space | 96.34% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 344.43 Gb Free Space | 73.95% Space Free | Partition Type: NTFS
Drive H: | 4.88 Gb Total Space | 1.82 Gb Free Space | 37.37% Space Free | Partition Type: NTFS
Drive I: | 14.65 Gb Total Space | 3.16 Gb Free Space | 21.56% Space Free | Partition Type: NTFS
Drive N: | 123.08 Mb Total Space | 109.94 Mb Free Space | 89.33% Space Free | Partition Type: FAT
Drive P: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive Q: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive R: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive S: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive U: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive V: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive W: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive X: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive Y: | 117.19 Gb Total Space | 23.39 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive Z: | 14.65 Gb Total Space | 3.16 Gb Free Space | 21.56% Space Free | Partition Type: NTFS

Computer Name: ILAKELAPTOP | User Name: ilake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1151580578-3301685223-1810830458-1129\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00191BE6-1F73-4E61-824B-52E8410CF705}" = Quartus II 6.1 Web Edition
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0934E41E-D8EE-478A-A540-AE9FAE399D5D}" = HP ProtectTools Security Manager
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel® PROSet/Wireless WiFi Software
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2479F3D6-D57E-4833-8867-20E5E3E0AFD6}" = XL Designer
"{253E8962-B5F9-4B69-8BE2-3CF96E336B9B}" = Theft Recovery
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
"{2AD34BE6-9D8D-4EC8-AA73-5AAF407217ED}" = MPLAB Tools v8.60
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{3291E190-DB36-45F8-A119-A5C58645D382}" = HP QuickLook
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3360D505-B0AA-4284-92DF-F872AF90A448}" = BlackBerry Device Software Updater
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB digital microscope
"{3B84CB71-78CA-4E9B-9167-1B877D60FB97}" = HP JavaCard for HP ProtectTools
"{3BEF5A09-1EE7-4C07-8943-2B1D4F4D695B}" = DisplayLink Core Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CD5E925-0EFE-4E0E-849E-BAF2E6D9E1C5}" = Credential Manager for HP ProtectTools
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A48FBE1-723F-4297-9DD0-9D7E123D78D9}" = BIOS Configuration for HP ProtectTools
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{504B7439-03BB-4C23-B17E-A1EC2D1D47B1}" = Sentinel System Driver Installer 7.5.2
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light
"{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian
"{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing
"{5783F2D7-6009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2008 - English
"{5783F2D7-9009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2011 - English
"{5783F2D7-9009-0409-1002-0060B0CE6BBA}" = AutoCAD LT 2011 Language Pack - English
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English
"{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AF275F4-E707-4A98-A4BF-2F13F3EF1498}" = Nios II Embedded Design Suite 6.1
"{6B3F693F-A252-46A7-8D0F-7F409B13F738}" = Scope
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional
"{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1961E5-F4AB-4B77-A08F-182A0B739F22}" = XL Designer
"{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager
"{8FA56857-3CDC-4E2B-8A27-51B5D3BCBE57}" = Crystal Merge Modules
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94A57834-D876-4104-BA5F-F5C711224E35}" = Render Plus 3D PDF
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New
"{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-2448-0000-A00000000003}" = Chinese Traditional Fonts Support For Adobe Reader X
"{ADAE6A0F-3038-4F17-8B6F-F29CFBDCFD42}" = eWebEditPro 2 Client
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0344B38-378B-47E0-BDCC-977785D24768}" = Integrated Camera Driver Installer Package Ver.1.30.110.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{C267CC50-0D84-46D6-91A3-A2A4DB8A25CB}" = HP USB Docking Video
"{C4518D5B-C62C-4984-A615-1FC1DD55B86A}" = Drive Encryption for HP ProtectTools
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CA9483A2-742A-4A72-881D-B81C6B1ACB3E}" = Google SketchUp Pro 7
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B427BE-81D7-48D9-8AB5-A74A4246D136}" = HP User Guides 0137
"{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A160F1-127B-43AC-AF96-EBB6319B01C7}" = Google SketchUp Pro 8
"{E2AC8456-E8E8-41CD-9344-D505FBF1F68F}" = MPLAB Tools v8.56
"{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{E95DA7AA-2CC9-47FE-A2DE-90D506EC5F94}" = MegaCore IP Library 6.1
"{E97F509F-A2E8-4C19-94D3-0814F92D7703}" = KeePass for BlackBerry v2
"{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech
"{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFBDA363-A033-4F32-8DE0-AEF0F105410E}" = HP ESU for Microsoft Windows 7
"7-Zip" = 7-Zip 9.14 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Aide PDF to DXF Converter_is1" = Aide PDF to DXF Converter 5.1
"AutoCAD LT 2008 - English" = AutoCAD LT 2008 - English
"AutoCAD LT 2008 - English SP1" = AutoCAD LT 2008 - English SP1
"AutoCAD LT 2011 - English" = AutoCAD LT 2011 - English
"AutoCAD LT 2011 - English Version 2.1" = AutoCAD LT 2011 - English Version 2.1
"AVG9Uninstall" = AVG 9.0
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CD Recovery Toolbox Free_is1" = CD Recovery Toolbox Free 1.1
"Electrostatics Toolkit" = Electrostatics Toolkit
"ESET Online Scanner" = ESET Online Scanner v3
"Ext2Fsd_is1" = Ext2Fsd 0.48
"gcprevue" = GC-PREVUE
"InstallShield_{253E8962-B5F9-4B69-8BE2-3CF96E336B9B}" = Theft Recovery
"InstallShield_{2AD34BE6-9D8D-4EC8-AA73-5AAF407217ED}" = MPLAB Tools v8.60
"InstallShield_{E2AC8456-E8E8-41CD-9344-D505FBF1F68F}" = MPLAB Tools v8.56
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mathcad 8" = Mathcad 8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MPLAB C18 v3.36 Standard Evaluation" = MPLAB C18 v3.36 Standard Evaluation
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office8.0" = Microsoft Office 97, Professional Edition
"PDF Complete" = PDF Complete Special Edition
"pdfFactory" = pdfFactory
"PICC 9.71PL1" = HI-TECH C Compiler for the PIC10/12/16 MCUs V9.71aPL1
"PICC 9.80" = HI-TECH C Compiler for the PIC10/12/16 MCUs V9.80PL0
"ProInst" = Intel PROSet Wireless
"QCAD Professional" = QCAD Professional 2.2.2.1
"Rainbow Sentinel Driver" = Sentinel System Driver
"RS232 Data Logger_is1" = RS232 Data Logger 2.7 (Build 2.7.0.117)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TightVNC" = TightVNC 2.0.2
"UFS Explorer Standard Access_is1" = UFS Explorer Standard Access Edition, version 4.4.2
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2010 04:27:20 | Computer Name = ilakelaptop.trt.lan | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 11/12/2010 08:09:09 | Computer Name = ilakelaptop.trt.lan | Source = Application Error | ID = 1000
Description = Faulting application name: hpasset.exe, version: 3.0.0.3, time stamp:
0x4ab90f9f Faulting module name: hpasset.exe, version: 3.0.0.3, time stamp: 0x4ab90f9f
Exception
code: 0xc0000005 Fault offset: 0x0003f1c9 Faulting process id: 0x1fdc Faulting application
start time: 0x01cb992c35133661 Faulting application path: C:\Program Files\Hewlett-Packard\HP
Health Check\HPAsset\hpasset.exe Faulting module path: C:\Program Files\Hewlett-Packard\HP
Health Check\HPAsset\hpasset.exe Report Id: 74bd5610-051f-11e0-bad8-002713c2c46b

Error - 13/12/2010 11:54:02 | Computer Name = ilakelaptop.trt.lan | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 9.4.0.195, time
stamp: 0x4c9b3e3c Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000374 Fault offset: 0x000c2913 Faulting process
id: 0x878 Faulting application start time: 0x01cb9aa41e55e57c Faulting application
path: C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe Faulting module path:
C:\windows\SYSTEM32\ntdll.dll Report Id: 346a0acf-06d1-11e0-8874-08007bb1b6e5

Error - 16/12/2010 05:29:25 | Computer Name = ilakelaptop.trt.lan | Source = Application Error | ID = 1000
Description = Faulting application name: Dwm.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc225 Faulting module name: atiumdag.dll, version: 8.14.10.678, time
stamp: 0x4a785579 Exception code: 0xc0000005 Fault offset: 0x00018531 Faulting process
id: 0x898 Faulting application start time: 0x01cb9cf85dc1ba82 Faulting application
path: C:\windows\system32\Dwm.exe Faulting module path: C:\windows\system32\atiumdag.dll
Report
Id: f8930548-08f6-11e0-b5bb-08007bb1b6e5

Error - 18/12/2010 04:28:12 | Computer Name = ilakelaptop.trt.lan | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 21/12/2010 11:39:05 | Computer Name = ilakelaptop.trt.lan | Source = Application Hang | ID = 1002
Description = The program AcroRd32.exe version 9.4.0.195 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1a74 Start
Time: 01cba1004f7fd118 Termination Time: 31 Application Path: C:\Program Files\Adobe\Reader
9.0\Reader\AcroRd32.exe Report Id: 6995b78c-0d18-11e0-9f31-08007bb1b6e5

Error - 22/12/2010 08:29:33 | Computer Name = ilakelaptop.trt.lan | Source = Application Error | ID = 1000
Description = Faulting application name: Dwm.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc225 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0005682e Faulting process
id: 0x1328 Faulting application start time: 0x01cba1aa82506624 Faulting application
path: C:\windows\system32\Dwm.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 2126c52b-0dc7-11e0-92f0-08007bb1b6e5

Error - 31/12/2010 13:56:19 | Computer Name = ilakelaptop.trt.lan | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 01/01/2011 03:49:51 | Computer Name = ilakelaptop.trt.lan | Source = Application Error | ID = 1000
Description = Faulting application name: MPLAB.exe, version: 8.60.0.0, time stamp:
0x4caf91ea Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdaae Exception code: 0xc0000005 Fault offset: 0x0000a890 Faulting process id:
0x1ce0 Faulting application start time: 0x01cba90a37132067 Faulting application path:
C:\Program Files\Microchip\MPLAB IDE\Core\MPLAB.exe Faulting module path: C:\windows\system32\KERNELBASE.dll
Report
Id: b653b04b-157b-11e0-872b-002713c2c46b

Error - 01/01/2011 03:49:55 | Computer Name = ilakelaptop.trt.lan | Source = Application Error | ID = 1000
Description = Faulting application name: MPLAB.exe, version: 8.60.0.0, time stamp:
0x4caf91ea Faulting module name: MPEditor4.dll, version: 4.56.0.0, time stamp: 0x4ca9dcf6
Exception
code: 0xc0000005 Fault offset: 0x0000ac6e Faulting process id: 0x1ce0 Faulting application
start time: 0x01cba90a37132067 Faulting application path: C:\Program Files\Microchip\MPLAB
IDE\Core\MPLAB.exe Faulting module path: C:\Program Files\Microchip\MPLAB IDE\Core\Editor\MPEditor4.dll
Report
Id: b8cf3fb4-157b-11e0-872b-002713c2c46b

[ Credential Manager Events ]
Error - 22/01/2011 16:48:48 | Computer Name = ilakelaptop.trt.lan | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
ilake@TRT Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client Address:
127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 22/01/2011 16:48:48 | Computer Name = ilakelaptop.trt.lan | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ilake@TRT Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 16/03/2011 03:39:48 | Computer Name = ilakelaptop.trt.lan | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
ilake@TRT Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client Address:
127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 16/03/2011 03:39:48 | Computer Name = ilakelaptop.trt.lan | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ilake@TRT Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 25/03/2011 14:31:39 | Computer Name = ilakelaptop.trt.lan | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
ilake@TRT Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client Address:
127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 25/03/2011 14:31:40 | Computer Name = ilakelaptop.trt.lan | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ilake@TRT Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 02/04/2011 04:45:23 | Computer Name = ilakelaptop.trt.lan | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
ilake@TRT Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client Address:
127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 02/04/2011 04:45:23 | Computer Name = ilakelaptop.trt.lan | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ilake@TRT Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 02/04/2011 04:45:31 | Computer Name = ilakelaptop.trt.lan | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
ilake@TRT Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client Address:
127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 02/04/2011 04:45:31 | Computer Name = ilakelaptop.trt.lan | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: ilake@TRT Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ Hewlett-Packard Events ]
Error - 07/07/2010 16:59:16 | Computer Name = ilakelaptop.trt.lan | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainTuneUpProgress.bgScan_RunWorkerCompleted(Object sender,
RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 07/07/2010 16:59:16 | Computer Name = ilakelaptop.trt.lan | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainTuneUpProgress.bgScan_RunWorkerCompleted(Object sender,
RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 19/07/2010 02:41:09 | Computer Name = ilakelaptop.trt.lan | Source = Hewlett-Packard | ID = 0
Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 01/09/2010 03:04:32 | Computer Name = ilakelaptop.trt.lan | Source = Hewlett-Packard | ID = 0
Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 05/04/2011 03:03:54 | Computer Name = ilakelaptop.trt.lan | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041105080350.xml
File not created by asset agent

Error - 07/04/2011 02:21:46 | Computer Name = ilakelaptop.trt.lan | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041107072141.xml
File not created by asset agent

Error - 11/04/2011 02:47:12 | Computer Name = ilakelaptop.trt.lan | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041111074708.xml
File not created by asset agent

Error - 12/04/2011 03:32:48 | Computer Name = ilakelaptop.trt.lan | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041112083245.xml
File not created by asset agent

Error - 17/05/2011 03:26:31 | Computer Name = ilakelaptop.trt.lan | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051117082628.xml
File not created by asset agent

Error - 19/05/2011 03:02:09 | Computer Name = ilakelaptop.trt.lan | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051119080204.xml
File not created by asset agent

[ System Events ]
Error - 06/07/2011 01:21:54 | Computer Name = ilakelaptop.trt.lan | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the TrkWks service.

Error - 06/07/2011 01:40:30 | Computer Name = ilakelaptop.trt.lan | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 06/07/2011 01:40:31 | Computer Name = ilakelaptop.trt.lan | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 06/07/2011 03:04:39 | Computer Name = ilakelaptop.trt.lan | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 06/07/2011 03:27:14 | Computer Name = ilakelaptop.trt.lan | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Browser service.

Error - 06/07/2011 03:27:44 | Computer Name = ilakelaptop.trt.lan | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Browser service.

Error - 06/07/2011 03:28:14 | Computer Name = ilakelaptop.trt.lan | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Browser service.

Error - 06/07/2011 03:44:22 | Computer Name = ilakelaptop.trt.lan | Source = atikmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field

Error - 06/07/2011 03:44:24 | Computer Name = ilakelaptop.trt.lan | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 06/07/2011 05:46:51 | Computer Name = ilakelaptop.trt.lan | Source = AX88772 | ID = 17
Description =


< End of report >

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:31 PM

Posted 06 July 2011 - 04:05 PM

Hi!

You can click on the Watch Topic button, and then click on Immediate Notifications. Click on the Proceed button.

Do you recognize this file?

[2011/06/21 21:23:40 | 000,000,012 | ---- | M] () -- C:\Users\ilake.TRT\AppData\Roaming\ct_start

Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV - [2010/06/22 08:58:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    DRV - [2011/05/06 09:24:10 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/06/22 08:58:45 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2010/06/04 08:08:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2010/05/04 17:18:30 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [snp2uvc] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O33 - MountPoints2\{da6f6a6f-f86b-11df-832a-08007bb1b6e5}\Shell - "" = AutoRun
    O33 - MountPoints2\{da6f6a6f-f86b-11df-832a-08007bb1b6e5}\Shell\AutoRun\command - "" = J:\.\Setup.exe /n,.\
    [2011/06/08 08:04:38 | 000,000,000 | ---- | M] () -- C:\Users\ilake.TRT\AppData\Local\Kziqigi.bin
    [2011/06/07 17:10:55 | 000,000,120 | ---- | M] () -- C:\Users\ilake.TRT\AppData\Local\Cyate.dat
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 idwl

idwl
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 07 July 2011 - 12:52 AM

Hi ST,

No, I don't recognise this file:
[2011/06/21 21:23:40 | 000,000,012 | ---- | M] () -- C:\Users\ilake.TRT\AppData\Roaming\ct_start

Here's the TDSS log. OTL to follow.

IDWL

2011/07/07 06:36:11.0863 17620 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/07 06:36:12.0643 17620 ================================================================================
2011/07/07 06:36:12.0643 17620 SystemInfo:
2011/07/07 06:36:12.0643 17620
2011/07/07 06:36:12.0643 17620 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/07 06:36:12.0643 17620 Product type: Workstation
2011/07/07 06:36:12.0643 17620 ComputerName: ILAKELAPTOP
2011/07/07 06:36:12.0643 17620 UserName: ilake
2011/07/07 06:36:12.0643 17620 Windows directory: C:\windows
2011/07/07 06:36:12.0643 17620 System windows directory: C:\windows
2011/07/07 06:36:12.0643 17620 Processor architecture: Intel x86
2011/07/07 06:36:12.0643 17620 Number of processors: 2
2011/07/07 06:36:12.0643 17620 Page size: 0x1000
2011/07/07 06:36:12.0643 17620 Boot type: Normal boot
2011/07/07 06:36:12.0643 17620 ================================================================================
2011/07/07 06:36:14.0812 17620 Initialize success
2011/07/07 06:36:29.0429 16476 ================================================================================
2011/07/07 06:36:29.0429 16476 Scan started
2011/07/07 06:36:29.0429 16476 Mode: Manual;
2011/07/07 06:36:29.0429 16476 ================================================================================
2011/07/07 06:36:40.0832 16476 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/07/07 06:36:41.0035 16476 5U876UVC (080a40550fb95a328917512f3f5a0409) C:\windows\system32\DRIVERS\5U876.sys
2011/07/07 06:36:41.0800 16476 Accelerometer (5c41679e1a2e0830069e45d288fa8499) C:\windows\system32\DRIVERS\Accelerometer.sys
2011/07/07 06:36:41.0956 16476 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/07/07 06:36:42.0252 16476 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/07/07 06:36:42.0455 16476 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\windows\system32\drivers\ADIHdAud.sys
2011/07/07 06:36:43.0563 16476 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/07/07 06:36:43.0781 16476 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/07/07 06:36:43.0984 16476 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/07/07 06:36:44.0202 16476 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
2011/07/07 06:36:44.0592 16476 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/07/07 06:36:44.0779 16476 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/07/07 06:36:45.0091 16476 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/07/07 06:36:45.0294 16476 AlteraByteBlaster (5c3d047466af6fc35a273f558f14ef2b) C:\windows\system32\drivers\pgdhdlc.sys
2011/07/07 06:36:46.0324 16476 AlteraUSBBlaster (b283f1bc1ff852bd232449a4b3e3ce63) C:\windows\system32\drivers\ftdibus.sys
2011/07/07 06:36:47.0182 16476 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/07/07 06:36:47.0260 16476 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/07/07 06:36:47.0525 16476 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/07/07 06:36:47.0821 16476 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/07/07 06:36:48.0445 16476 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
2011/07/07 06:36:48.0570 16476 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/07/07 06:36:48.0648 16476 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
2011/07/07 06:36:49.0023 16476 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/07/07 06:36:49.0709 16476 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/07/07 06:36:49.0787 16476 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/07/07 06:36:50.0286 16476 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/07/07 06:36:50.0895 16476 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/07/07 06:36:51.0097 16476 AtiHdmiService (e2398389648b5d44dc63ca43fdd5b3f8) C:\windows\system32\drivers\AtiHdmi.sys
2011/07/07 06:36:51.0737 16476 atikmdag (a4252328d2b1520571102992ef0b0e5c) C:\windows\system32\DRIVERS\atikmdag.sys
2011/07/07 06:36:52.0345 16476 ATSwpWDF (1ec637725aebe586508626ba50af3324) C:\windows\system32\Drivers\ATSwpWDF.sys
2011/07/07 06:36:52.0860 16476 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\windows\system32\Drivers\avgldx86.sys
2011/07/07 06:36:52.0907 16476 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\windows\system32\Drivers\avgmfx86.sys
2011/07/07 06:36:53.0016 16476 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\windows\system32\Drivers\avgrkx86.sys
2011/07/07 06:36:53.0063 16476 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\windows\system32\Drivers\avgtdix.sys
2011/07/07 06:36:53.0406 16476 AX88772 (8c057610a593664907cf2b7709078401) C:\windows\system32\DRIVERS\ax88772.sys
2011/07/07 06:36:53.0640 16476 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/07/07 06:36:54.0077 16476 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/07/07 06:36:54.0139 16476 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/07/07 06:36:54.0701 16476 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/07/07 06:36:54.0826 16476 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/07/07 06:36:55.0481 16476 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/07/07 06:36:55.0528 16476 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/07/07 06:36:55.0653 16476 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/07/07 06:36:56.0152 16476 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/07/07 06:36:56.0370 16476 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/07/07 06:36:56.0823 16476 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/07/07 06:36:56.0994 16476 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/07/07 06:36:57.0400 16476 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/07/07 06:36:57.0618 16476 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/07/07 06:36:58.0086 16476 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/07/07 06:36:58.0305 16476 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/07/07 06:36:58.0695 16476 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
2011/07/07 06:36:58.0773 16476 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
2011/07/07 06:36:59.0209 16476 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
2011/07/07 06:36:59.0287 16476 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
2011/07/07 06:36:59.0599 16476 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/07/07 06:36:59.0787 16476 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/07/07 06:37:00.0255 16476 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/07/07 06:37:00.0473 16476 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/07/07 06:37:00.0863 16476 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/07/07 06:37:01.0081 16476 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/07/07 06:37:01.0191 16476 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/07/07 06:37:01.0674 16476 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/07/07 06:37:01.0830 16476 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/07/07 06:37:02.0064 16476 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/07/07 06:37:02.0251 16476 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
2011/07/07 06:37:02.0719 16476 DAMDrv (a05433f6218dcb8f0dec232de65f8b26) C:\windows\system32\DRIVERS\DAMDrv.sys
2011/07/07 06:37:02.0891 16476 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
2011/07/07 06:37:03.0250 16476 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/07/07 06:37:03.0437 16476 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/07/07 06:37:03.0999 16476 DisplayLinkUsbPort (2aa4049c79eb179f40249279b86eb8f3) C:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.5.29055.0.sys
2011/07/07 06:37:04.0591 16476 dlkmd (9470f41751ea44f5429c32f868d9eda9) C:\windows\system32\drivers\dlkmd.sys
2011/07/07 06:37:04.0732 16476 dlkmdldr (b0a027364265d1fca68c27c9596dda0f) C:\windows\system32\drivers\dlkmdldr.sys
2011/07/07 06:37:05.0153 16476 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/07/07 06:37:05.0247 16476 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/07/07 06:37:05.0730 16476 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/07/07 06:37:06.0183 16476 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/07/07 06:37:06.0214 16476 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/07/07 06:37:06.0385 16476 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/07/07 06:37:06.0838 16476 Ext2Fsd (0f8f910c369d8b45facfda04cbb8008e) C:\windows\system32\drivers\Ext2Fsd.sys
2011/07/07 06:37:07.0041 16476 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/07/07 06:37:07.0540 16476 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/07/07 06:37:07.0680 16476 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/07/07 06:37:07.0727 16476 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/07/07 06:37:08.0226 16476 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/07/07 06:37:08.0335 16476 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/07/07 06:37:08.0413 16476 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/07/07 06:37:08.0632 16476 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/07/07 06:37:08.0803 16476 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/07/07 06:37:08.0944 16476 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/07/07 06:37:09.0256 16476 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/07/07 06:37:09.0521 16476 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/07/07 06:37:09.0880 16476 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/07/07 06:37:10.0020 16476 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/07/07 06:37:10.0067 16476 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/07/07 06:37:10.0566 16476 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/07/07 06:37:10.0769 16476 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/07/07 06:37:11.0268 16476 hpdskflt (cc2148a432c351b9b0d289cde198b530) C:\windows\system32\DRIVERS\hpdskflt.sys
2011/07/07 06:37:11.0424 16476 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/07 06:37:11.0877 16476 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/07/07 06:37:12.0126 16476 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/07/07 06:37:12.0173 16476 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/07/07 06:37:12.0610 16476 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/07/07 06:37:12.0813 16476 iaStor (01446278d4563b3013c92830ae6cbb26) C:\windows\system32\DRIVERS\iaStor.sys
2011/07/07 06:37:13.0156 16476 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
2011/07/07 06:37:13.0468 16476 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/07/07 06:37:13.0889 16476 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/07/07 06:37:13.0951 16476 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/07/07 06:37:14.0061 16476 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/07/07 06:37:14.0170 16476 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/07/07 06:37:14.0653 16476 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/07/07 06:37:14.0731 16476 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/07/07 06:37:15.0340 16476 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/07/07 06:37:15.0402 16476 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/07/07 06:37:15.0465 16476 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/07/07 06:37:15.0979 16476 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/07/07 06:37:16.0073 16476 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/07/07 06:37:16.0260 16476 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\windows\system32\DRIVERS\KMWDFILTER.sys
2011/07/07 06:37:16.0354 16476 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/07/07 06:37:16.0572 16476 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/07/07 06:37:16.0869 16476 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/07/07 06:37:17.0305 16476 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/07/07 06:37:17.0524 16476 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/07/07 06:37:17.0851 16476 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/07/07 06:37:18.0054 16476 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/07/07 06:37:18.0304 16476 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/07/07 06:37:18.0553 16476 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/07/07 06:37:18.0803 16476 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/07/07 06:37:19.0068 16476 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys
2011/07/07 06:37:19.0287 16476 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys
2011/07/07 06:37:19.0380 16476 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys
2011/07/07 06:37:19.0599 16476 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys
2011/07/07 06:37:19.0786 16476 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys
2011/07/07 06:37:19.0833 16476 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/07/07 06:37:20.0176 16476 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/07/07 06:37:20.0472 16476 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/07/07 06:37:20.0753 16476 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/07/07 06:37:20.0847 16476 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/07/07 06:37:21.0034 16476 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys
2011/07/07 06:37:21.0252 16476 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/07/07 06:37:21.0627 16476 MpKsl8d2e4e56 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54B97D55-44CC-476C-AF82-FA1E8F98C70D}\MpKsl8d2e4e56.sys
2011/07/07 06:37:21.0861 16476 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/07/07 06:37:21.0970 16476 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/07/07 06:37:22.0110 16476 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/07/07 06:37:22.0407 16476 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/07/07 06:37:22.0641 16476 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/07/07 06:37:23.0077 16476 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/07/07 06:37:23.0249 16476 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/07/07 06:37:23.0296 16476 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/07/07 06:37:23.0670 16476 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/07/07 06:37:23.0873 16476 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/07/07 06:37:24.0201 16476 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/07/07 06:37:24.0325 16476 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/07/07 06:37:24.0903 16476 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/07/07 06:37:25.0027 16476 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/07/07 06:37:25.0386 16476 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/07/07 06:37:25.0511 16476 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/07/07 06:37:25.0636 16476 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/07/07 06:37:26.0088 16476 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/07/07 06:37:26.0182 16476 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/07/07 06:37:26.0634 16476 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/07/07 06:37:26.0837 16476 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/07/07 06:37:27.0211 16476 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/07/07 06:37:27.0305 16476 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/07/07 06:37:27.0726 16476 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/07/07 06:37:27.0789 16476 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/07/07 06:37:27.0867 16476 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/07/07 06:37:27.0929 16476 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/07/07 06:37:28.0335 16476 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/07/07 06:37:28.0834 16476 NETw5s32 (3577b851e59da59e6d65419a057c9914) C:\windows\system32\DRIVERS\NETw5s32.sys
2011/07/07 06:37:30.0004 16476 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\windows\system32\DRIVERS\netw5v32.sys
2011/07/07 06:37:30.0565 16476 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/07/07 06:37:30.0628 16476 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/07 06:37:30.0784 16476 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/07/07 06:37:31.0158 16476 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/07/07 06:37:31.0314 16476 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
2011/07/07 06:37:31.0579 16476 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/07/07 06:37:31.0751 16476 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
2011/07/07 06:37:31.0798 16476 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
2011/07/07 06:37:31.0938 16476 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/07/07 06:37:32.0250 16476 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/07/07 06:37:32.0812 16476 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/07/07 06:37:32.0968 16476 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/07/07 06:37:33.0358 16476 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/07/07 06:37:33.0467 16476 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/07/07 06:37:33.0529 16476 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/07/07 06:37:33.0592 16476 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/07/07 06:37:33.0685 16476 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/07/07 06:37:34.0029 16476 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/07/07 06:37:34.0341 16476 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/07/07 06:37:34.0653 16476 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/07/07 06:37:34.0887 16476 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/07/07 06:37:35.0214 16476 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\windows\system32\Drivers\PxHelp20.sys
2011/07/07 06:37:35.0542 16476 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/07/07 06:37:35.0932 16476 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/07/07 06:37:36.0072 16476 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/07/07 06:37:36.0369 16476 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/07/07 06:37:36.0618 16476 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/07/07 06:37:36.0696 16476 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/07/07 06:37:36.0977 16476 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/07/07 06:37:37.0227 16476 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/07/07 06:37:37.0289 16476 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/07/07 06:37:37.0757 16476 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/07/07 06:37:37.0866 16476 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/07/07 06:37:37.0944 16476 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
2011/07/07 06:37:38.0475 16476 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/07/07 06:37:38.0568 16476 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/07/07 06:37:38.0615 16476 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/07/07 06:37:38.0755 16476 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/07/07 06:37:39.0099 16476 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/07/07 06:37:39.0255 16476 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\windows\system32\Drivers\RimUsb.sys
2011/07/07 06:37:39.0567 16476 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
2011/07/07 06:37:40.0222 16476 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
2011/07/07 06:37:40.0440 16476 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/07/07 06:37:40.0830 16476 RsvLock (13335d083935ab88e09c9acc077355b5) C:\windows\system32\drivers\RsvLock.sys
2011/07/07 06:37:41.0017 16476 rt70x86 (ca30e52ada0cab3a29dde5c146644eec) C:\windows\system32\DRIVERS\netr70.sys
2011/07/07 06:37:41.0517 16476 s3cap (5423d8437051e89dd34749f242c98648) C:\windows\system32\DRIVERS\vms3cap.sys
2011/07/07 06:37:41.0610 16476 SafeBoot (062b82fa74c895382ab0784d493c8c9c) C:\windows\system32\drivers\SafeBoot.sys
2011/07/07 06:37:41.0610 16476 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 062b82fa74c895382ab0784d493c8c9c
2011/07/07 06:37:41.0610 16476 SafeBoot - detected LockedFile.Multi.Generic (1)
2011/07/07 06:37:41.0673 16476 SbAlg (c9cb2c392c35cbee2733c836d23dc642) C:\windows\system32\drivers\SbAlg.sys
2011/07/07 06:37:41.0782 16476 SbFsLock (b5a8ecdee930b52fd3ba35700a15ea53) C:\windows\system32\drivers\SbFsLock.sys
2011/07/07 06:37:42.0141 16476 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/07/07 06:37:42.0328 16476 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/07/07 06:37:42.0780 16476 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/07/07 06:37:43.0092 16476 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\windows\System32\Drivers\SENTINEL.SYS
2011/07/07 06:37:43.0357 16476 Ser2pl (ac1f2a09b76b57356f906eeda43ccc2a) C:\windows\system32\DRIVERS\ser2pl.sys
2011/07/07 06:37:43.0997 16476 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/07/07 06:37:44.0215 16476 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/07/07 06:37:44.0387 16476 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/07/07 06:37:44.0543 16476 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/07/07 06:37:44.0574 16476 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/07/07 06:37:44.0621 16476 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/07/07 06:37:44.0699 16476 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/07/07 06:37:45.0042 16476 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/07/07 06:37:45.0183 16476 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/07/07 06:37:45.0292 16476 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/07/07 06:37:45.0651 16476 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/07/07 06:37:45.0885 16476 SNTNLUSB (4cd88cd1891b63d0d84c1a0fa3786b47) C:\windows\system32\DRIVERS\SNTNLUSB.SYS
2011/07/07 06:37:46.0103 16476 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/07/07 06:37:46.0259 16476 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
2011/07/07 06:37:46.0587 16476 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
2011/07/07 06:37:47.0086 16476 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
2011/07/07 06:37:47.0351 16476 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/07/07 06:37:47.0757 16476 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\windows\system32\DRIVERS\vmstorfl.sys
2011/07/07 06:37:47.0850 16476 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\windows\system32\DRIVERS\storvsc.sys
2011/07/07 06:37:47.0881 16476 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/07/07 06:37:47.0975 16476 SynTP (1de40024679cde0e573465253519730e) C:\windows\system32\DRIVERS\SynTP.sys
2011/07/07 06:37:48.0459 16476 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\drivers\tcpip.sys
2011/07/07 06:37:48.0568 16476 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\DRIVERS\tcpip.sys
2011/07/07 06:37:48.0911 16476 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/07/07 06:37:49.0020 16476 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/07/07 06:37:49.0161 16476 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/07/07 06:37:49.0629 16476 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/07/07 06:37:49.0722 16476 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/07/07 06:37:50.0097 16476 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
2011/07/07 06:37:50.0175 16476 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/07/07 06:37:50.0627 16476 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/07/07 06:37:50.0783 16476 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/07/07 06:37:50.0861 16476 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
2011/07/07 06:37:51.0189 16476 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/07/07 06:37:51.0298 16476 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/07/07 06:37:51.0407 16476 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/07/07 06:37:51.0813 16476 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\windows\system32\drivers\usbaudio.sys
2011/07/07 06:37:51.0969 16476 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/07/07 06:37:52.0359 16476 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/07/07 06:37:52.0452 16476 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/07/07 06:37:52.0577 16476 usbhub (0db84eda895894ba222e27acf597c806) C:\windows\system32\DRIVERS\usbhub.sys
2011/07/07 06:37:53.0014 16476 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/07/07 06:37:53.0123 16476 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/07/07 06:37:53.0201 16476 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/07/07 06:37:53.0279 16476 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/07/07 06:37:53.0419 16476 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\system32\Drivers\usbvideo.sys
2011/07/07 06:37:53.0653 16476 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/07/07 06:37:53.0778 16476 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/07/07 06:37:54.0043 16476 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/07/07 06:37:54.0262 16476 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/07/07 06:37:54.0652 16476 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/07/07 06:37:54.0714 16476 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/07/07 06:37:54.0823 16476 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/07/07 06:37:54.0901 16476 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\windows\system32\DRIVERS\vmbus.sys
2011/07/07 06:37:55.0260 16476 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\windows\system32\DRIVERS\VMBusHID.sys
2011/07/07 06:37:55.0307 16476 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/07/07 06:37:55.0447 16476 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/07/07 06:37:55.0557 16476 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/07/07 06:37:55.0900 16476 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/07/07 06:37:56.0025 16476 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/07/07 06:37:56.0149 16476 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/07/07 06:37:56.0243 16476 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/07/07 06:37:56.0649 16476 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/07/07 06:37:56.0742 16476 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/07 06:37:56.0898 16476 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/07 06:37:57.0335 16476 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/07/07 06:37:57.0460 16476 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/07/07 06:37:57.0834 16476 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/07/07 06:37:58.0068 16476 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/07/07 06:37:58.0489 16476 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/07/07 06:37:58.0614 16476 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/07/07 06:37:58.0817 16476 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/07/07 06:37:59.0160 16476 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/07/07 06:37:59.0457 16476 yukonw7 (4e8630d1a7e15d7f9a2bc25993ae7234) C:\windows\system32\DRIVERS\yk62x86.sys
2011/07/07 06:37:59.0909 16476 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/07 06:37:59.0940 16476 MBR (0x1B8) (00bb98d552268865e5ca707e2442a1f3) \Device\Harddisk1\DR14
2011/07/07 06:38:00.0112 16476 Boot (0x1200) (16ee29265ef744154ab9c4f70baac93a) \Device\Harddisk0\DR0\Partition0
2011/07/07 06:38:00.0143 16476 Boot (0x1200) (aeb9326eaf6121cc484ab48de3b80710) \Device\Harddisk0\DR0\Partition1
2011/07/07 06:38:00.0190 16476 Boot (0x1200) (dccbc6be12bdf0e7fff73ce7a2406eb2) \Device\Harddisk0\DR0\Partition2
2011/07/07 06:38:00.0221 16476 Boot (0x1200) (0fad7e3477b77d3fffee4ba9ff57e2c2) \Device\Harddisk0\DR0\Partition3
2011/07/07 06:38:00.0221 16476 ================================================================================
2011/07/07 06:38:00.0221 16476 Scan finished
2011/07/07 06:38:00.0221 16476 ================================================================================
2011/07/07 06:38:00.0237 17164 Detected object count: 1
2011/07/07 06:38:00.0237 17164 Actual detected object count: 1
2011/07/07 06:48:57.0403 17164 LockedFile.Multi.Generic(SafeBoot) - User select action: Skip

#7 idwl

idwl
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 07 July 2011 - 01:18 AM

And here's the OTL log:

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Service avg9wd stopped successfully!
Service avg9wd deleted successfully!
C:\Program Files\AVG\AVG9\avgwdsvc.exe moved successfully.
Error: Unable to stop service AvgTdiX!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgTdiX deleted successfully.
C:\Windows\System32\drivers\avgtdix.sys moved successfully.
Error: Unable to stop service AvgLdx86!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgLdx86 deleted successfully.
C:\Windows\System32\drivers\avgldx86.sys moved successfully.
Error: Unable to stop service AvgMfx86!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgMfx86 deleted successfully.
C:\Windows\System32\drivers\avgmfx86.sys moved successfully.
Error: Unable to stop service AvgRkx86!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgRkx86 deleted successfully.
C:\Windows\System32\drivers\avgrkx86.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\snp2uvc deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Program Files\AVG\AVG9\avgpp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Invalid CLSID key: C:\Program Files\AVG\AVG9\avgpp.dll
File C:\Program Files\AVG\AVG9\avgpp.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:avgrsstx.dll deleted successfully.
C:\Windows\System32\avgrsstx.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da6f6a6f-f86b-11df-832a-08007bb1b6e5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da6f6a6f-f86b-11df-832a-08007bb1b6e5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da6f6a6f-f86b-11df-832a-08007bb1b6e5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da6f6a6f-f86b-11df-832a-08007bb1b6e5}\ not found.
File J:\.\Setup.exe /n,.\ not found.
C:\Users\ilake.TRT\AppData\Local\Kziqigi.bin moved successfully.
C:\Users\ilake.TRT\AppData\Local\Cyate.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ilake.TRT\Desktop\cmd.bat deleted successfully.
C:\Users\ilake.TRT\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 53293 bytes
->Temporary Internet Files folder emptied: 4707595 bytes
->Flash cache emptied: 405 bytes

User: Administrator.TRT
->Temp folder emptied: 6590472 bytes
->Temporary Internet Files folder emptied: 34064 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ilake
->Temp folder emptied: 31424577 bytes
->Temporary Internet Files folder emptied: 22324431 bytes
->Flash cache emptied: 647 bytes

User: ilake.000
->Temp folder emptied: 100264 bytes
->Temporary Internet Files folder emptied: 3064041 bytes
->FireFox cache emptied: 10207232 bytes
->Flash cache emptied: 405 bytes

User: ilake.TRT
->Temp folder emptied: 1735770009 bytes
->Temporary Internet Files folder emptied: 586552683 bytes
->Java cache emptied: 895587 bytes
->Google Chrome cache emptied: 6462631 bytes
->Flash cache emptied: 36746 bytes

User: ilake~TRT
->Temp folder emptied: 224223 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27097876 bytes
RecycleBin emptied: 1731413890 bytes

Total Files Cleaned = 3,974.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.TRT

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: ilake
->Flash cache emptied: 0 bytes

User: ilake.000
->Flash cache emptied: 0 bytes

User: ilake.TRT
->Flash cache emptied: 0 bytes

User: ilake~TRT

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07072011_065934

Files\Folders moved on Reboot...
C:\Users\ilake.TRT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\ilake.TRT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\ilake.TRT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEDR1J0V\home3[1].htm moved successfully.
C:\Users\ilake.TRT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1IEH1C0\maps[1].htm moved successfully.
C:\Users\ilake.TRT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1IEH1C0\search[8].htm moved successfully.
C:\Users\ilake.TRT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBV5DORY\openhand_8_8[1].bmp moved successfully.
C:\Users\ilake.TRT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CYHOK5CY\Retrotronics[1].htm moved successfully.
C:\Users\ilake.TRT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CYHOK5CY\search[6].htm moved successfully.
C:\windows\temp\9f30ad59-d807-4a9f-92f6-474a4f47b612-238-oopp.tmp moved successfully.
C:\windows\temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#8 idwl

idwl
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 07 July 2011 - 01:27 AM

Hi ST,

In terms of symtoms, the only symptom was that any .exe file was deleted at the end of download with an internet explorer message at the bottom of IE saying "rku.exe contains a varus and has been deleted" (for example).

The bad news is it still happens.

I noticed lots of AVG entries in the OTL log, but I thought I had uninstalled AVG (now using MS Security Essentials). Do you think this is suspicious, or AVG didn't uninstall properly. I did a system restore at one point to get the system running again - could this have caused issues if I'd uninstalled AVG and then done a system restore from before uninstalling it??

Thanks for your help. Where do we go from here?

IDWL

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:31 PM

Posted 07 July 2011 - 08:57 AM

Hi!

I'll remove this then: [2011/06/21 21:23:40 | 000,000,012 | ---- | M] () -- C:\Users\ilake.TRT\AppData\Roaming\ct_start


I noticed lots of AVG entries in the OTL log, but I thought I had uninstalled AVG (now using MS Security Essentials). Do you think this is suspicious, or AVG didn't uninstall properly. I did a system restore at one point to get the system running again - could this have caused issues if I'd uninstalled AVG and then done a system restore from before uninstalling it??

AVG is really stubborn, and doesn't always like to be uninstalled nicely.
I'll remove what ever other left over files I can see for it.

It's time to bring out the more powerful tool.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 idwl

idwl
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 08 July 2011 - 10:45 AM

Hi ST,
OK ... maybe some good news.
AVG didn't seem to be running, but appeared on the uninstall list. Trying to uninstall gave an error.
Removed AVG using Appremover by Opswat - all OK.
The symptom of "xxx.exe contains a virus and has been deleted" has now gone away. The problem was still there before killing off AVG, and has gone after removing it. I still have MS Security Essentials installed.
Do you think I had Virus scanners fighting rather than a rootkit? Is there anything in the recent logs to worry about, and do I not need to run ComboFix now?
Thanks for your help,
IDWL

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:31 PM

Posted 08 July 2011 - 11:29 PM

I think it maybe a combination of your security programs fighting each other, and the possibility of malware lurking.

I'd still like to have you run the ComboFix scan and see what it finds. Then I'll have a better idea of where we stand, and what our next option should be.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 idwl

idwl
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 10 July 2011 - 04:13 PM

Hi ST,
Here's the Combofix log...
Thanks,
IDWL

ComboFix 11-07-07.06 - ilake 10/07/2011 21:44:39.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3036.1504 [GMT 1:00]
Running from: c:\users\ilake.TRT\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Recycle.Bin
c:\recycle.bin\90043EE8469152D
c:\users\ilake.TRT\AppData\Local\{C721E11B-9FFB-4C18-94A3-D251540761DB}
c:\users\ilake.TRT\AppData\Local\{C721E11B-9FFB-4C18-94A3-D251540761DB}\chrome.manifest
c:\users\ilake.TRT\AppData\Local\{C721E11B-9FFB-4C18-94A3-D251540761DB}\chrome\content\_cfg.js
c:\users\ilake.TRT\AppData\Local\{C721E11B-9FFB-4C18-94A3-D251540761DB}\chrome\content\overlay.xul
c:\users\ilake.TRT\AppData\Local\{C721E11B-9FFB-4C18-94A3-D251540761DB}\install.rdf
c:\users\ilake.TRT\AppData\Roaming\Adobe\plugs
c:\users\ilake.TRT\AppData\Roaming\Adobe\shed
c:\windows\system32\dlumd10.dll
c:\windows\system32\dlumd11.dll
c:\windows\system32\dlumd9.dll
c:\windows\system32\ReadMe.txt
c:\windows\system32\zlibwapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))
.
.
2011-07-10 20:54 . 2011-07-10 20:58 -------- d-----w- c:\users\ilake.TRT\AppData\Local\temp
2011-07-10 20:54 . 2011-07-10 20:54 -------- d-----w- c:\users\ilake~TRT\AppData\Local\temp
2011-07-10 20:54 . 2011-07-10 20:54 -------- d-----w- c:\users\ilake\AppData\Local\temp
2011-07-10 20:54 . 2011-07-10 20:54 -------- d-----w- c:\users\ilake.000\AppData\Local\temp
2011-07-10 20:54 . 2011-07-10 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-10 20:54 . 2011-07-10 20:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-07-10 20:54 . 2011-07-10 20:54 -------- d-----w- c:\users\Administrator.TRT\AppData\Local\temp
2011-07-10 18:45 . 2011-07-10 18:45 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{631167D8-AF0B-400F-9A47-675A4332D2C9}\MpKslb3f5b7dc.sys
2011-07-10 15:30 . 2011-06-20 07:57 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{631167D8-AF0B-400F-9A47-675A4332D2C9}\mpengine.dll
2011-07-07 05:59 . 2011-07-07 05:59 -------- d-----w- C:\_OTL
2011-07-01 10:59 . 2011-07-01 10:59 -------- d-----w- c:\program files\ESET
2011-06-29 10:39 . 2011-06-20 07:57 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-29 01:18 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 01:18 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 01:18 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 01:18 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 01:18 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 01:18 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 01:18 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 01:18 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 01:18 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 01:18 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 09:56 . 2010-11-30 10:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B06FB8D-80A0-47A8-8B61-9BDED5F660B5}\gapaengine.dll
2011-06-28 08:50 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-06-22 13:13 . 2011-06-28 08:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-22 08:18 . 2011-06-22 08:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-22 08:17 . 2011-06-22 13:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-21 07:59 . 2011-06-22 14:37 -------- d-----w- c:\programdata\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2011-06-17 09:48 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-17 09:48 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 09:48 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 09:48 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 09:48 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 09:48 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-17 09:48 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-17 09:48 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 09:48 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-17 09:48 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 09:48 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 09:48 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 07:01 . 2011-05-17 07:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 08:11 . 2011-04-13 09:15 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2011-04-13 09:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 18:00 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-27 14:25 . 2011-04-27 14:25 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-22 19:36 . 2011-05-25 10:31 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-18 12:18 . 2011-04-18 12:18 43392 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2011-04-18 12:18 . 2011-04-18 12:18 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-04 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-04 400936]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-07-30 354360]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-23 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-07-06 11227136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"pdfFactory Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2010-03-18 614400]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1206544]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2010-07-09 1548288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-01-22 331776]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-06-30 00:09 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsleea7c110;MpKsleea7c110;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{631167D8-AF0B-400F-9A47-675A4332D2C9}\MpKsleea7c110.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\ftdibus.sys [2006-05-18 47249]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-07-29 482176]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-06-29 32312]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.5.29055.0.sys [2010-11-26 21888]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-06-30 362040]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\9701.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 227600]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 rt70x86;Belkin Wireless G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr70.sys [2007-10-09 291840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2010-11-26 13936]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 MpKslb3f5b7dc;MpKslb3f5b7dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{631167D8-AF0B-400F-9A47-675A4332D2C9}\MpKslb3f5b7dc.sys [2011-07-10 28752]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 207400]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2010-11-26 5236072]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-07-30 45056]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-07-06 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-26 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [2009-06-30 13:01 118656]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2010-11-26 179312]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-06-14 6758912]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-01-08 316416]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-17650977.sys
AddRemove-Rainbow Sentinel Driver - c:\windows\SYSTEM32\RNBOSENT\SETUPX86.EXE
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\9701.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3916)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\windows\system32\docobj.dll
c:\program files\Google\Google SketchUp 8\LayOut\xerces-c_2_6.dll
c:\program files\UFS Explorer\dndcphp.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\taskhost.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\windows\system32\sppsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2011-07-10 22:03:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-10 21:03
.
Pre-Run: 130,757,742,592 bytes free
Post-Run: 130,276,782,080 bytes free
.
- - End Of File - - 1ED984415530D4D990F7CE5DD3A07576

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:31 PM

Posted 10 July 2011 - 11:24 PM

Hi!

It looks like ComboFix found somethings. Lets see where we stand after these scans:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 idwl

idwl
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 11 July 2011 - 12:33 AM

Hi ST,

MBAM log below. ESET to follow.

Thanks
IDWL

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7069

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

11/07/2011 06:31:18
mbam-log-2011-07-11 (06-31-18).txt

Scan type: Quick scan
Objects scanned: 237958
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:31 PM

Posted 11 July 2011 - 11:32 AM

Okay.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users