Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet and cannot change user settings after combofix


  • This topic is locked This topic is locked
19 replies to this topic

#1 john_rhodes

john_rhodes

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 19 September 2011 - 04:51 PM

Hi,

Hope you can help!!?

Orange Blossom asked me to follow the malware preparation guide from step 6 and post the logs in this forum. When I created the gmer log I also included a scan for D: as this is where all the user accounts are even though the operating system was installed on c: (I did not set this up!!).

Here is a description of my problems:

Firstly please accept my apologies I have already run combofix, the program was passed to me by a collegue and I have used it successfully in the past. I was not aware I should only use it after being advised to. I have included the Combofix logs.

I was running AVG premium with Windows XP media edition SP2 but my computer began to slow down. I noticed there were issues with playing Falsh video's so tried to istall the latest version of flash, in doing so all flash video's stopped working (even after uninstalling and trying an older version).

At this point i tried to run the latest combofix but got errors asking me to uninstall AVG. I could not get AVG to uninstall so I ran an older version of Combofix which I had used successfully in the past while AVG was installed. However, my machine didn't seem to be any better.

Eventually, I managed to uninstall AVG and ran the latest combofix. After it had finished I noticed the internet connection had been lost and on the main (Admin) user the display settings had changed - control panel had been changed from classic view and cannot be changed back. Also, if I try to run the command prompt from that user I get an error - "Windowns cannot access the sepcified device, path, ot file. You may not have the appropriate permissions to access this item". I also cannot change any user settings, has this been infected?

I created another user account from a different user account but the internet connection is still lost.

Things I have tried:

My internet connection is through an orange livebox through via ethernet, I have tried other computers onit and they work fine.

Removed virus protection and disbaled firewall.

I can ping the livebox.

I can ping another computer which is connected to the livebox wirelessly.

I cannot ping an internet site such at www.google.com.

Resetting the winsock catalogue.

Flushing the DNS.

DNS settings are Automatic.

Windows diagnosis log report for connection settings is attached. It shows errors with the Winsock Catalogue.

I've run out of things to try!! Any help is much appreciated, can anybody help!?

Thanks and Regards

John

Attached Files

  • Attached File  Logs.zip   228.28KB   1 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 AM

Posted 24 September 2011 - 04:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419627 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 john_rhodes

john_rhodes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 27 September 2011 - 04:03 PM

Hi,

I have attached more logs as requested in the previous post. They should be be the same though as the computer has been switched off since the 1st post.

Thanks

John

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:46 AM

Posted 27 September 2011 - 09:19 PM

Hi john_rhodes,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.

Go to start > Run > Type devmgmt.msc into Run box and hit enter, click on View menu, press show hidden devices, and advise me if any exclamation Marks present in your next reply.


Step1

We need to scan your system with this special tool.

  • Please download Junction.zip and save it on your desktop.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start >> Run >> Copy/paste the following bolded command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
  • A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the content in your next reply.


Step2

  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Under the Standard Registry box change it to All
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:


    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    volsnap.sys
    TCPIP.sys
    IPsec.sys
    Afd.sys
    /md5stop
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    C:\program files\common files\data\* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    HKLM\SYSTEM\CurrentControlSet\Services\TCPIP /s
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_TCPIP /s
    HKLM\SYSTEM\CurrentControlSet\Services\AFD /s
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD /s
    HKLM\System\CurrentControlSet\Services\IPSEC /s
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_IPSEC /s

  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  • Copy and paste both logs back here in your next reply.



In your next reply, please post back:

1.junction log
2.OTListIt.txt and Extra.txt Thanks

#5 john_rhodes

john_rhodes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 28 September 2011 - 04:52 AM

Hi Sundavis,

Thanks so much for helping me out, I will carry out this logs tonight and post back.

My intention is to run the logs from the new user I have created, if you would prefer me to carry them out from the user which has more issues, please let me know.

Thanks and Regards

John

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:46 AM

Posted 28 September 2011 - 10:56 AM

My intention is to run the logs from the new user ....

Please log into the usual account, not the new account, and start from there. Thanks

#7 john_rhodes

john_rhodes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 28 September 2011 - 01:23 PM

Hi,

I tried to run the device manager from the main account (which had admin rights) but it appears as though the settings have been compromised. So I ran the scans from a new account I created from another old account a while ago, which hasn't been compromised.
I got the following message when trying to open the device manager from the command window or clicking to it:
"Windows cannot access the specified device, path or file. You may not have appropriate permissions to access the item"

Please see the attachment in the next post for the logs, including a screen print of device manager which had no exclamation marks.

Thanks and Regards

John

#8 john_rhodes

john_rhodes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 28 September 2011 - 01:33 PM

Hi Unable to attach files larger than 43k so unable to post device manager screen prints and had to paste OTL log in here!!




OTL logfile created on: 28/09/2011 18:47:57 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = D:\Documents and Settings\Test\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 92.53 Mb Available Physical Memory | 18.09% Memory free
2.42 Gb Paging File | 2.06 Gb Available in Paging File | 85.11% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.80 Gb Total Space | 4.96 Gb Free Space | 13.13% Space Free | Partition Type: NTFS
Drive D: | 111.24 Gb Total Space | 9.37 Gb Free Space | 8.43% Space Free | Partition Type: NTFS
Drive F: | 960.72 Mb Total Space | 472.31 Mb Free Space | 49.16% Space Free | Partition Type: FAT

Computer Name: SN049699020488 | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/28 18:46:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Test\Desktop\OTL.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/03/24 16:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/04/09 11:00:54 | 000,826,880 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/23 11:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2004/11/26 11:43:34 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
PRC - [2004/08/10 14:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2004/04/08 08:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/08 20:47:48 | 000,516,368 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/06/14 19:27:46 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2010/06/13 12:01:28 | 000,410,432 | ---- | M] () -- C:\Program Files\Perfect Uninstaller\Contextmenu.dll
MOD - [2009/11/05 09:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
MOD - [2008/09/18 00:57:42 | 002,490,368 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax
MOD - [2008/05/07 05:55:40 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/09 11:00:54 | 000,826,880 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/08/05 14:02:00 | 000,224,256 | ---- | M] () -- C:\WINDOWS\system32\psisrndr.ax
MOD - [2005/08/05 14:01:54 | 000,356,352 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2005/08/05 14:01:54 | 000,282,112 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2005/08/05 14:01:54 | 000,239,104 | ---- | M] () -- C:\WINDOWS\system32\psisdecd.dll
MOD - [2005/08/05 14:01:54 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\wstpager.ax
MOD - [2005/08/05 14:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 14:01:54 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax
MOD - [2005/08/05 13:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005/08/05 13:05:32 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\msnp.ax
MOD - [2005/06/16 12:39:44 | 000,008,704 | ---- | M] () -- c:\PNP\OTHER\SOFTENCO\mcempgvout.dll
MOD - [2004/08/10 14:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/07/26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Microsoft Office Groove Audit Service)
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/04/23 11:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2004/08/10 14:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2004/08/10 14:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/10 14:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2004/04/08 08:38:26 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2011/08/08 19:47:51 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- D:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)
DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/02/18 06:40:06 | 000,015,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudnflt.sys -- (ssudnflt)
DRV - [2011/02/18 05:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/02/18 05:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2010/06/21 23:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/11/15 20:18:54 | 000,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndisprot.sys -- (Ndisprot)
DRV - [2008/11/15 17:52:32 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/11/28 10:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/10/18 12:16:00 | 000,905,608 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/06/29 14:35:10 | 003,173,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/05/27 12:51:26 | 000,799,744 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/12/31 11:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.orange.co.uk/iesearch/
IE - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-368182760-3931186687-1156710625-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/30 20:53:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/30 21:39:30 | 000,000,000 | ---D | M]

[2011/08/30 20:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/12 06:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/12 04:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/18 15:35:31 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL File not found
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O3 - HKU\S-1-5-19\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-20\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-368182760-3931186687-1156710625-1011\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-368182760-3931186687-1156710625-1011\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - Startup: D:\Documents and Settings\paul.SN049699020488\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-368182760-3931186687-1156710625-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90F78B7F-ED63-4D64-9A85-B8AB0BD9B396}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG1280UK.bmp
O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG1280UK.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/28 18:45:16 | 000,582,656 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Test\Desktop\OTL.exe
[2011/09/28 18:37:37 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\junction.exe
[2011/09/28 18:34:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Desktop\Junction
[2011/09/28 18:31:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Desktop\Logs2
[2011/09/27 20:56:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Desktop\Logs1
[2011/09/19 22:46:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Desktop\Logs
[2011/09/19 21:09:48 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Test\My Documents\My Videos
[2011/09/19 21:09:48 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Test\Start Menu\Programs\Administrative Tools
[2011/09/19 21:05:32 | 000,607,260 | R--- | C] (Swearware) -- D:\Documents and Settings\Test\Desktop\dds.scr
[2011/09/19 21:03:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Local Settings\Application Data\Adobe
[2011/09/19 21:03:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Application Data\Adobe
[2011/09/18 20:46:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Local Settings\Application Data\Trusteer
[2011/09/05 20:36:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Local Settings\Application Data\Mozilla
[2011/09/05 20:36:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Application Data\Mozilla
[2011/09/05 19:49:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/05 19:26:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller
[2011/09/05 19:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/09/05 19:19:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Application Data\Sony Corporation
[2011/09/05 19:18:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Local Settings\Application Data\AskToolbar
[2011/09/05 19:17:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Local Settings\Application Data\Opera
[2011/09/05 19:17:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Application Data\Opera
[2011/09/05 19:15:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Application Data\Apple Computer
[2011/09/05 19:15:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Local Settings\Application Data\Apple Computer
[2011/09/05 19:13:15 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Test\Cookies
[2011/09/05 19:12:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Application Data\Macromedia
[2011/09/05 19:12:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Application Data\Identities
[2011/09/05 19:12:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Application Data\AOL
[2011/09/05 19:12:54 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Test\Application Data\Microsoft
[2011/09/05 19:12:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Application Data\Symantec
[2011/09/05 19:12:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Application Data\Real
[2011/09/05 19:12:53 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Test\Application Data
[2011/09/05 19:12:53 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Test\Favorites
[2011/09/05 19:12:53 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Test\Desktop
[2011/09/05 19:12:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Application Data\You've Got Pictures Screensaver
[2011/09/05 19:12:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Application Data\Trusteer
[2011/09/05 19:12:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Local Settings\Application Data\ApplicationHistory
[2011/09/05 19:12:52 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Test\SendTo
[2011/09/05 19:12:52 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Test\Recent
[2011/09/05 19:12:52 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Test\Start Menu\Programs\Startup
[2011/09/05 19:12:52 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Test\Start Menu
[2011/09/05 19:12:52 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Test\My Documents\My Pictures
[2011/09/05 19:12:52 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Test\My Documents\My Music
[2011/09/05 19:12:52 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Test\My Documents
[2011/09/05 19:12:52 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Test\Start Menu\Programs\Accessories
[2011/09/05 19:12:52 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Test\Templates
[2011/09/05 19:12:52 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Test\PrintHood
[2011/09/05 19:12:52 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Test\NetHood
[2011/09/05 19:12:52 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Test\Local Settings
[2011/09/05 19:12:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\My Documents\My Skype Pictures
[2011/09/05 19:12:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Local Settings\Application Data\Microsoft
[2011/09/05 19:12:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Test\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040}
[2011/09/05 16:24:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/09/05 16:23:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/09/05 16:22:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/09/05 16:21:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/09/03 19:20:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Start Menu
[2011/09/03 19:20:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Favorites
[2011/09/01 21:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/09/01 21:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/09/01 21:30:33 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/08/31 21:26:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/08/31 21:23:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Uninstall Tool
[2011/08/31 21:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Tool
[2011/08/31 19:26:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 19:26:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 19:26:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 19:26:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[271 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/28 18:46:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Test\Desktop\OTL.exe
[2011/09/28 18:14:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/28 18:14:25 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/27 22:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/09/27 20:45:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/19 21:35:52 | 000,294,216 | ---- | M] () -- D:\Documents and Settings\Test\Desktop\gmer.zip
[2011/09/19 21:09:02 | 000,050,477 | ---- | M] () -- D:\Documents and Settings\Test\Desktop\Defogger.exe
[2011/09/19 21:05:58 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Test\defogger_reenable
[2011/09/19 21:05:50 | 000,607,260 | R--- | M] (Swearware) -- D:\Documents and Settings\Test\Desktop\dds.scr
[2011/09/18 15:35:31 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/07 19:46:25 | 000,403,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/05 19:26:28 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/09/05 19:26:25 | 000,000,552 | ---- | M] () -- D:\Documents and Settings\Test\Desktop\Perfect Uninstaller.lnk
[2011/09/05 19:26:25 | 000,000,552 | ---- | M] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2011/09/05 19:18:08 | 000,490,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/05 19:18:08 | 000,088,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/05 19:14:42 | 000,000,692 | ---- | M] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/05 19:13:22 | 000,000,675 | ---- | M] () -- D:\Documents and Settings\Test\Desktop\Windows Media Player.lnk
[2011/09/05 19:13:19 | 000,001,393 | ---- | M] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/09/05 16:23:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/05 16:00:47 | 000,000,799 | ---- | M] () -- C:\WINDOWS\Active Setup Log.BAK
[2011/09/01 21:42:46 | 000,001,417 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/01 21:40:36 | 000,001,513 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/08/31 19:43:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/08/30 20:53:52 | 000,000,625 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[271 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/19 21:36:13 | 000,294,216 | ---- | C] () -- D:\Documents and Settings\Test\Desktop\gmer.zip
[2011/09/19 21:05:58 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Test\defogger_reenable
[2011/09/19 21:05:33 | 000,050,477 | ---- | C] () -- D:\Documents and Settings\Test\Desktop\Defogger.exe
[2011/09/05 19:26:28 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/09/05 19:26:25 | 000,000,552 | ---- | C] () -- D:\Documents and Settings\Test\Desktop\Perfect Uninstaller.lnk
[2011/09/05 19:26:25 | 000,000,552 | ---- | C] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2011/09/05 19:14:42 | 000,000,692 | ---- | C] () -- D:\Documents and Settings\Test\Start Menu\Programs\Internet Explorer.lnk
[2011/09/05 19:13:22 | 000,000,675 | ---- | C] () -- D:\Documents and Settings\Test\Start Menu\Programs\Windows Media Player.lnk
[2011/09/05 19:13:22 | 000,000,675 | ---- | C] () -- D:\Documents and Settings\Test\Desktop\Windows Media Player.lnk
[2011/09/05 19:13:01 | 000,000,709 | ---- | C] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk
[2011/09/05 19:13:01 | 000,000,709 | ---- | C] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk
[2011/09/05 19:13:01 | 000,000,519 | ---- | C] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.0.lnk
[2011/09/05 19:13:00 | 000,001,495 | ---- | C] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Packard Bell Music Station.lnk
[2011/09/05 19:13:00 | 000,001,393 | ---- | C] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/09/05 19:13:00 | 000,000,796 | ---- | C] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/09/05 19:13:00 | 000,000,692 | ---- | C] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/05 19:13:00 | 000,000,621 | ---- | C] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/09/05 19:13:00 | 000,000,079 | ---- | C] () -- D:\Documents and Settings\Test\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/09/05 19:12:56 | 000,001,506 | ---- | C] () -- D:\Documents and Settings\Test\Start Menu\Programs\Remote Assistance.lnk
[2011/09/05 19:12:56 | 000,000,637 | ---- | C] () -- D:\Documents and Settings\Test\Start Menu\Programs\Outlook Express.lnk
[2011/09/05 16:00:40 | 000,000,799 | ---- | C] () -- C:\WINDOWS\Active Setup Log.BAK
[2011/09/01 21:42:46 | 000,001,417 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/09/01 21:42:46 | 000,001,417 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/01 21:40:36 | 000,001,513 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/09/01 21:40:36 | 000,001,513 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/08/31 22:16:35 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/31 19:26:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 19:26:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 19:26:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 19:26:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 19:26:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/12/17 13:38:00 | 000,611,840 | ---- | C] () -- C:\WINDOWS\System32\DVD43.dll
[2010/07/30 01:47:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/12/05 16:44:41 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/15 17:50:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/15 18:25:41 | 000,000,577 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/09/18 00:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/16 01:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/16 01:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/20 18:06:17 | 000,000,839 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/20 06:54:20 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2008/07/14 19:57:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/07/14 19:48:28 | 000,062,232 | R--- | C] () -- C:\WINDOWS\System32\GameuxInstallHelper.dll
[2008/07/13 18:07:39 | 000,000,938 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/13 14:28:33 | 000,122,448 | ---- | C] () -- C:\WINDOWS\Uninstall_Livebox.EXE
[2008/05/29 19:52:24 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/05/29 19:52:24 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/05/29 19:52:09 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/05/29 19:52:09 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/05/29 19:52:09 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/05/29 19:04:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/29 17:16:18 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2008/05/29 17:10:19 | 000,007,584 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2008/05/29 17:08:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/29 17:02:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/05/29 17:02:12 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2008/05/29 17:01:08 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2007/03/24 11:02:12 | 000,000,829 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\pex.ini
[2006/05/26 08:50:13 | 000,001,755 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/01 03:53:53 | 000,449,856 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2006/01/01 03:38:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2006/01/01 03:24:20 | 000,233,804 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2006/01/01 03:23:59 | 000,233,812 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2006/01/01 03:23:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2005/10/21 15:28:56 | 000,005,968 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/18 12:15:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/10/18 12:15:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/10/18 12:14:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/10/18 12:14:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/10/18 12:14:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/10/18 12:14:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/10/18 12:13:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/10/18 12:13:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/10/18 12:13:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/10 15:50:43 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/09/10 15:42:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/10 15:32:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/10 15:24:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/10 15:22:38 | 000,403,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/10 14:57:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/10 14:57:27 | 000,490,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/10 14:57:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/10 14:57:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/10 14:57:26 | 000,088,118 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/10 14:57:25 | 000,004,541 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/10 14:57:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/10 14:57:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/10 14:57:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/10 14:57:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/10 14:57:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/10 14:56:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/23 14:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008/05/28 17:06:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Alfac
[2011/06/02 21:19:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Avanquest
[2011/08/30 20:16:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\avg9
[2009/12/11 16:10:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/07/13 22:09:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Channel4
[2011/07/07 22:38:33 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/28 18:49:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Kontiki
[2011/07/07 22:38:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MFAData
[2006/01/01 04:05:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MotionDSP
[2008/10/17 12:07:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/05/28 15:42:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\OD2
[2008/12/12 15:38:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/06/02 22:02:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Samsung
[2009/05/30 23:37:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/10 11:52:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Trusteer
[2007/03/24 10:58:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/01/20 12:12:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/04/20 19:04:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\X10 Settings
[2010/06/24 12:26:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/10 21:51:16 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2010/01/16 13:39:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/08 19:12:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[2010/08/10 21:48:58 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}
[2011/05/14 18:05:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Default User\Application Data\Trusteer
[2011/01/23 00:59:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John\Application Data\AnvSoft
[2010/05/16 22:28:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John\Application Data\BitTorrent
[2011/06/23 22:29:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John\Application Data\HandBrake
[2009/10/27 22:39:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John\Application Data\Norman
[2010/04/02 16:22:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John\Application Data\OD2
[2011/07/06 21:24:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John\Application Data\Propellerhead Software
[2011/06/02 22:00:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John\Application Data\Samsung
[2011/01/01 03:02:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John\Application Data\Trusteer
[2011/01/22 01:15:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John\Application Data\Ulead Systems
[2006/01/20 12:09:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\X10 Commander
[2008/05/19 17:04:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\X10 Commander
[2011/08/19 18:45:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\X10 Commander
[2010/10/10 16:39:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\AVG9
[2011/04/17 21:32:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\BitTorrent
[2008/11/15 17:52:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\DAEMON Tools
[2008/07/16 08:12:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\DNA
[2011/04/08 19:43:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\Free Audio Editor
[2011/03/18 23:02:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\HandBrake
[2008/05/29 19:31:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\Leadertech
[2008/10/17 12:07:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\NCH Swift Sound
[2008/11/28 21:32:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\Norman
[2008/05/29 19:32:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\OD2
[2009/11/22 17:03:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\OpenOffice.org
[2011/09/01 21:42:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\Opera
[2010/04/14 23:06:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\Propellerhead Software
[2008/10/17 12:07:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\Recordpad
[2009/11/24 20:44:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\Sony
[2009/11/24 20:47:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\Sony Setup
[2010/12/10 11:53:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\Trusteer
[2008/05/29 19:48:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\paul.SN049699020488\Application Data\Ulead Systems
[2011/09/05 19:17:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\Opera
[2011/05/14 18:05:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\Trusteer
[2011/05/30 12:54:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Vickie New IPhone\Application Data\OD2
[2011/05/14 18:05:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Vickie New IPhone\Application Data\Trusteer
[2008/05/29 19:18:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2008/05/29 19:18:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2008/05/29 19:18:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2011/09/27 22:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AFD.SYS >
[2008/04/13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008/04/13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\afd.sys
[2008/04/13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\afd.sys
[2008/04/13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\system32\drivers\afd.sys
[2008/08/14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2004/08/10 14:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/08/14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/08/14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/06/20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2008/06/20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2004/08/10 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IPSEC.SYS >
[2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\ipsec.sys
[2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ipsec.sys
[2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/10 14:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2004/08/10 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/10 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/10 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2005/05/25 20:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2007/10/30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2005/05/25 20:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2007/10/30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004/08/10 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/10 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 19:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 19:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\volsnap.sys
[2008/04/13 19:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/10 14:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/10 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/10 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/10 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2006/01/20 12:10:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Adobe
[2007/05/24 17:24:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Ahead
[2008/05/28 17:06:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Alfac
[2008/05/29 17:08:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AOL
[2010/01/16 13:52:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Apple
[2007/04/11 12:10:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/06/02 21:19:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Avanquest
[2011/08/30 20:16:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\avg9
[2008/10/01 19:03:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/12/11 16:10:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/07/13 22:09:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Channel4
[2011/07/07 22:38:33 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/10 21:51:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Creative
[2006/01/20 12:23:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\CyberLink
[2006/04/20 18:44:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\FaxCtr
[2006/10/09 10:18:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Google
[2006/10/22 18:01:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\InstallShield
[2011/09/28 18:49:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Kontiki
[2010/10/31 16:19:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\McAfee
[2011/07/07 22:38:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/06 21:25:16 | 000,000,000 | --SD | M] -- D:\Documents and Settings\All Users\Application Data\Microsoft
[2011/06/30 21:40:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Microsoft Help
[2006/01/01 04:05:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MotionDSP
[2008/10/17 12:07:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/04/06 16:32:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NVIDIA
[2006/01/01 03:24:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2007/04/06 14:23:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\nView_Profiles
[2006/05/28 15:42:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\OD2
[2008/12/12 15:38:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2006/01/20 12:11:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\QuickTime
[2010/03/14 20:54:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Real
[2011/06/02 22:02:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Samsung
[2004/09/10 23:53:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SBSI
[2008/05/28 17:07:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Skype
[2010/12/30 17:17:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Sony Corporation
[2011/07/06 21:25:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2009/10/27 22:34:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/05/29 19:45:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Symantec
[2009/05/30 23:37:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/10 11:52:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Trusteer
[2007/03/24 10:58:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/01/20 12:12:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/05/26 08:20:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/08/18 08:06:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2006/04/20 19:04:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\X10 Settings
[2010/06/24 12:26:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/10 21:51:16 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2010/01/16 13:39:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/08 19:12:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[2010/08/10 21:48:58 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2010/08/10 21:49:31 | 002,422,433 | ---- | M] (Creative Technology Ltd. ) -- D:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}\setup.exe
[2005/05/17 21:37:10 | 000,076,800 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\OFFLINE\1F3C49AE\8FD17A8B\Faac.exe
[2005/11/06 00:34:50 | 000,145,408 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\OFFLINE\46DCAF14\431AE4FA\Lame.exe
[2009/12/22 19:10:19 | 003,579,904 | ---- | M] (Mystik Media) -- D:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\OFFLINE\59F37AFC\8917324D\BMP.exe
[2002/07/19 17:48:22 | 000,157,696 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\OFFLINE\63E85F6B\431AE4FA\OggEnc.exe
[2008/08/28 11:49:14 | 000,155,648 | ---- | M] (Mystik Media) -- D:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\OFFLINE\7EC83F15\8917324D\cp.exe
[2009/01/12 13:15:52 | 000,071,096 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\OFFLINE\C_\Programming\ActiveX\NMSDVDX DVD Burning SDK\Bin\Win32\NMSAccess32.exe
[2009/09/04 02:10:54 | 002,598,110 | ---- | M] (Creative Technology Ltd. ) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\Setup.exe
[2007/10/30 03:32:14 | 000,124,928 | ---- | M] (Creative Technology Ltd.) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\36460F0\4228404D\MscMan.exe
[2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\461BBD30\CB33B640\CTDevSrv.exe
[2007/02/16 07:29:44 | 000,032,768 | ---- | M] (Creative Technology Ltd) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\461BBD30\CB33B640\CTServiceCtDev.exe
[2008/05/29 03:04:54 | 000,175,104 | ---- | M] (Creative Technology Ltd) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\461BBD30\CB33B640\ZcAuto.exe
[2002/08/11 18:00:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\5A31C191\33A7C8F9\CTRegSvr.exe
[2008/11/04 12:24:12 | 000,081,920 | ---- | M] (Creative Technology Ltd) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\5A31C191\33A7C8F9\CTRegSvu.exe
[2000/04/09 18:02:00 | 000,005,520 | ---- | M] (Creative Technology Ltd.) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\73469C22\30B40138\HELPER.EXE
[2007/08/16 11:12:24 | 000,755,312 | ---- | M] (Creative Technology Ltd) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\73469C22\30B40138\InetReg.exe
[2005/09/08 02:49:46 | 001,089,689 | ---- | M] (Macromedia, Inc.) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\73469C22\30B40138\RegFlash.exe
[2008/05/21 12:52:44 | 000,159,899 | ---- | M] (Creative Technology Ltd) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\747B3A4F\AEF10735\ChnTag.exe
[2008/06/24 03:26:10 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\9A9B0F9F\F3743052\CTUPnPFn.exe
[2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\9A9B0F9F\F3743052\CTUPnPSv.exe
[2009/08/17 09:15:56 | 000,323,584 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\9B8360E3\A3F1BD6D\AVCManU.exe
[2005/03/06 19:00:00 | 000,023,552 | ---- | M] (Creative Technology Ltd) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\9E0A6A1D\7BA3E7CC\CTRegSvu.exe
[2007/09/24 11:53:10 | 000,114,688 | ---- | M] (Creative Technology Ltd.) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\A118A98F\6F6B2557\VFSvrU.exe
[2006/10/06 07:17:34 | 000,053,248 | ---- | M] (Creative Technology Ltd ) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\AAA9BC5C\9AC5E2CC\CTRegRun.exe
[2008/10/27 18:02:00 | 000,053,248 | ---- | M] (Creative Technology Ltd.) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\C3C4B752\327F5056\UGRemove.exe
[2009/04/20 03:24:04 | 000,820,224 | ---- | M] (Creative Technology Ltd) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\E629258\AD691181\Centrale.exe
[2009/08/04 04:18:18 | 000,311,296 | ---- | M] (Creative Technology Ltd.) -- D:\Documents and Settings\All Users\Application Data\{F9D4A2DF-4A7C-4265-8748-C01309480816}\offline\E629258\AD691181\CTOrSync.exe
[2011/04/27 01:59:44 | 000,073,000 | ---- | M] (Apple Inc.) -- D:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.2.2.14\SetupAdmin.exe
[2007/07/10 13:46:01 | 000,116,024 | ---- | M] (Apple Inc.) -- D:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.0.54\iTunesSetupAdmin.exe
[2011/06/20 15:52:18 | 004,358,496 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Documents and Settings\All Users\Application Data\MFAData\pack\avgmfapx.exe
[2011/02/08 04:33:06 | 000,276,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Documents and Settings\All Users\Application Data\MFAData\pack\avgntdumpx.exe
[2011/02/08 04:33:28 | 000,249,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe

< %APPDATA%\*. >
[2011/09/19 21:03:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\Adobe
[2008/05/29 17:24:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\AOL
[2011/09/05 19:15:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\Apple Computer
[2004/09/10 23:44:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\Identities
[2006/01/20 12:17:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\Macromedia
[2011/09/18 16:15:27 | 000,000,000 | --SD | M] -- D:\Documents and Settings\Test\Application Data\Microsoft
[2011/09/05 20:36:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\Mozilla
[2011/09/05 19:17:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\Opera
[2006/01/20 12:17:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\Real
[2011/09/05 19:19:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\Sony Corporation
[2006/01/20 12:14:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\Symantec
[2011/05/14 18:05:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\Trusteer
[2006/01/20 12:12:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Test\Application Data\You've Got Pictures Screensaver

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.* >
[2009/05/02 19:45:43 | 000,000,002 | ---- | M] () -- C:\77592962
[2008/05/29 17:06:31 | 000,000,208 | RHS- | M] () -- C:\BOOT.BAK
[2009/09/20 20:17:53 | 000,000,279 | RHS- | M] () -- C:\BOOT.INI
[2004/08/10 14:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/08/31 19:47:40 | 000,011,698 | ---- | M] () -- C:\ComboFix.txt
[2008/05/29 16:43:18 | 000,006,232 | ---- | M] () -- C:\DWNLOG.TXT
[2011/09/28 18:14:25 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2006/01/01 03:38:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/05/29 17:09:51 | 000,000,883 | -H-- | M] () -- C:\IPH.PH
[2005/01/19 23:37:38 | 000,005,467 | ---- | M] () -- C:\latitude.exe
[2010/11/30 21:44:58 | 000,005,347 | ---- | M] () -- C:\latitude.zip
[2010/11/30 21:30:28 | 000,005,467 | ---- | M] () -- C:\latitude1.exe
[2011/08/19 21:12:35 | 000,549,731 | ---- | M] () -- C:\log.txt
[2008/05/29 16:43:18 | 000,006,232 | ---- | M] () -- C:\MCDLOG.TXT
[2006/01/01 03:38:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2004/08/10 14:00:00 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM
[2011/08/19 19:43:40 | 000,250,048 | ---- | M] () -- C:\NTLDR
[2011/09/28 18:14:24 | 2097,152,000 | -HS- | M] () -- C:\pagefile.sys
[2006/01/19 20:53:44 | 000,001,196 | ---- | M] () -- C:\SAUDIT.TXT
[2008/05/29 17:53:08 | 001,440,054 | ---- | M] () -- C:\snapshot.bmp
[2006/01/01 03:38:39 | 000,000,000 | ---- | M] () -- C:\UPDFLOP.TAG

< %SYSTEMDRIVE%\*.exe >
[2005/01/19 23:37:38 | 000,005,467 | ---- | M] () -- C:\latitude.exe
[2010/11/30 21:30:28 | 000,005,467 | ---- | M] () -- C:\latitude1.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[271 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< C:\program files\common files\data\* /s >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/09/10 15:22:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/09/10 15:22:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/09/10 15:22:08 | 000,851,968 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

< HKLM\SYSTEM\CurrentControlSet\Services\TCPIP /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 4
"ImagePath" = system32\DRIVERS\tcpip.sys -- [2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation)
"DisplayName" = TCP/IP Protocol Driver
"Group" = PNP_TDI
"DependOnService" = IPSec [binary data]
"DependOnGroup" = [binary data]
"Description" = TCP/IP Protocol Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Linkage]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters]
"NV Hostname" = SN049699020488
"DataBasePath" = %SystemRoot%\System32\drivers\etc -- [2011/09/01 21:30:45 | 000,000,000 | ---D | M]
"ForwardBroadcasts" = 0
"IPEnableRouter" = 0
"Domain" =
"Hostname" = SN049699020488
"DeadGWDetectDefault" = 1
"NameServer" =
"SearchList" =
"UseDomainNameDevolution" = 1
"EnableICMPRedirect" = 1
"DontAddDefaultGatewayDefault" = 0
"EnableSecurityFilters" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Adapters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Adapters\NdisWanIp]
"LLInterface" = WANARP
"IpConfig" = [Binary data over 100 bytes]
"NumInterfaces" = 2
"IpInterfaces" = AF 78 90 20 D3 4A AF 49 99 20 5A 1D 95 EE F2 95 5C 66 91 31 93 4C 60 46 AF 98 E0 1C 2D F7 8F BE [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Adapters\{3A0FC1AC-0345-4F1E-8056-6646D125D5D4}]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Adapters\{3D90745A-A39E-440A-AEB9-437C980CE997}]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Adapters\{6320FF2A-8B5B-46DC-B7AC-663423073A83}]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Adapters\{6DC9BAA0-27B8-4B60-88D9-F7DC01942E67}]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Adapters\{796722B8-9CC6-4E07-979C-907107F3360F}]
"LLInterface" = ARP1394
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Adapters\{90F78B7F-ED63-4D64-9A85-B8AB0BD9B396}]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Adapters\{F3C27A9C-B7FE-4C01-8A89-8F1CDC1FB1BE}]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\DNSRegisteredAdapters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\{209078AF-4AD3-49AF-9920-5A1D95EEF295}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 0
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"EnableDeadGWDetect" = 1
"DontAddDefaultGateway" = 0
"RegisterAdapterName" = 0
"RegistrationEnabled" = 0
"DhcpIPAddress" = 0.0.0.0
"DhcpSubnetMask" = 0.0.0.0
"Domain" =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\{3191665C-4C93-4660-AF98-E01C2DF78FBE}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 0
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"EnableDeadGWDetect" = 1
"DontAddDefaultGateway" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\{3A0FC1AC-0345-4F1E-8056-6646D125D5D4}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = 0x00000002 [binary data]
"DhcpClassIdBin" = [Binary data over 100 bytes]
"DhcpServer" = 255.255.255.255
"Lease" = 3600
"LeaseObtainedTime" = 1317230438
"T1" = 1317232238
"T2" = 1317233588
"LeaseTerminatesTime" = 1317234038
"AddressType" = 0
"IsServerNapAware" = 0
"DisableDynamicUpdate" = 0
"IPAutoconfigurationAddress" = 0.0.0.0
"IPAutoconfigurationMask" = 255.255.0.0
"IPAutoconfigurationSeed" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\{3D90745A-A39E-440A-AEB9-437C980CE997}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = 0x00000003 [binary data]
"DhcpClassIdBin" = [Binary data over 100 bytes]
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\{6320FF2A-8B5B-46DC-B7AC-663423073A83}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = [binary data]
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\{6DC9BAA0-27B8-4B60-88D9-F7DC01942E67}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = [binary data]
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\{796722B8-9CC6-4E07-979C-907107F3360F}]
"UseZeroBroadcast" = 0
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\{90F78B7F-ED63-4D64-9A85-B8AB0BD9B396}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = 0x00000003 [binary data]
"DhcpClassIdBin" = [Binary data over 100 bytes]
"DhcpIPAddress" = 192.168.42.238
"DhcpSubnetMask" = 255.255.255.0
"DhcpServer" = 192.168.42.129
"Lease" = 3600
"LeaseObtainedTime" = 1315256599
"T1" = 1315258260
"T2" = 1315259610
"LeaseTerminatesTime" = 1315260199
"AddressType" = 0
"IsServerNapAware" = 0
"DhcpNameServer" = 192.168.42.129
"DhcpDefaultGateway" = 192.168.42.129 [binary data]
"DhcpSubnetMaskOpt" = 255.255.255.0 [binary data]
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\{F3C27A9C-B7FE-4C01-8A89-8F1CDC1FB1BE}]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"IPAddress" = 0.0.0.0 [binary data]
"SubnetMask" = 0.0.0.0 [binary data]
"DefaultGateway" = [binary data]
"DefaultGatewayMetric" = [binary data]
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"TCPAllowedPorts" = [binary data]
"UDPAllowedPorts" = [binary data]
"RawIPAllowedProtocols" = [binary data]
"NTEContextList" = [binary data]
"DhcpClassIdBin" = [Binary data over 100 bytes]
"DhcpServer" = 255.255.255.255
"Lease" = 3600
"LeaseObtainedTime" = 1304290074
"T1" = 1304291874
"T2" = 1304293224
"LeaseTerminatesTime" = 1304293674
"AddressType" = 0
"DisableDynamicUpdate" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\PersistentRoutes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Winsock]
"UseDelayedAcceptance" = 0
"HelperDllName" = %SystemRoot%\System32\wshtcpip.dll -- [2004/08/10 14:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 16
"MinSockAddrLength" = 16
"Mapping" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Performance]
"Close" = CloseTcpIpPerformanceData
"Collect" = CollectTcpIpPerformanceData
"Library" = Perfctrs.dll -- [2008/04/14 01:12:02 | 000,039,936 | ---- | M] (Microsoft Corporation)
"Open" = OpenTcpIpPerformanceData
"Object List" = 502 510 546 582 638 658
"WbemAdapFileSignature" = 96 49 2C 72 1C 6E A5 17 E2 BF D5 38 1F EF 55 E3 [binary data]
"WbemAdapFileTime" = 80 7D 00 1B 3E 97 C4 01 [binary data]
"WbemAdapFileSize" = 39936
"WbemAdapStatus" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\ServiceProvider]
"Class" = 8
"DnsPriority" = 2000
"HostsPriority" = 500
"LocalPriority" = 499
"ProviderPath" = %SystemRoot%\System32\wsock32.dll -- [2004/08/10 14:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation)
"NetbtPriority" = 2001
"Name" = TCP/IP
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Enum]
"0" = Root\LEGACY_TCPIP\0000
"Count" = 1
"NextInstance" = 1

< HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_TCPIP /s >
"NextInstance" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_TCPIP\0000]
"Service" = Tcpip
"Legacy" = 1
"ConfigFlags" = 0
"Class" = LegacyDriver
"ClassGUID" = {8ECC055D-047F-11D1-A537-0000F8753ED1}
"DeviceDesc" = TCP/IP Protocol Driver
"Capabilities" = 0
"Driver" = {8ECC055D-047F-11D1-A537-0000F8753ED1}\0069
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_TCPIP\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_TCPIP\0000\Control]
"ActiveService" = Tcpip

< HKLM\SYSTEM\CurrentControlSet\Services\AFD /s >
"DisplayName" = AFD
"Description" = AFD Networking Support Environment
"Group" = TDI
"ImagePath" = \SystemRoot\System32\drivers\afd.sys
"Start" = 1
"Type" = 1
"ErrorControl" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Enum]
"0" = Root\LEGACY_AFD\0000
"Count" = 1
"NextInstance" = 1

< HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD /s >
"NextInstance" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD\0000]
"Service" = AFD
"Legacy" = 1
"ConfigFlags" = 32
"Class" = LegacyDriver
"ClassGUID" = {8ECC055D-047F-11D1-A537-0000F8753ED1}
"DeviceDesc" = AFD
"Capabilities" = 0
"Driver" = {8ECC055D-047F-11D1-A537-0000F8753ED1}\0002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_AFD\0000\Control]
"ActiveService" = AFD

< HKLM\System\CurrentControlSet\Services\IPSEC /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\ipsec.sys -- [2008/04/13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation)
"DisplayName" = IPSEC driver
"Group" = PNP_TDI
"Description" = IPSEC driver
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\Enum]
"0" = Root\LEGACY_IPSEC\0000
"Count" = 1
"NextInstance" = 1

< HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_IPSEC /s >
"NextInstance" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_IPSEC\0000]
"Service" = IPSec
"Legacy" = 1
"ConfigFlags" = 0
"Class" = LegacyDriver
"ClassGUID" = {8ECC055D-047F-11D1-A537-0000F8753ED1}
"DeviceDesc" = IPSEC driver
"Capabilities" = 0
"Driver" = {8ECC055D-047F-11D1-A537-0000F8753ED1}\0038
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_IPSEC\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_IPSEC\0000\Control]
"ActiveService" = IPSec

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 113 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E

< End of report >


Thanks

Attached Files



#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:46 AM

Posted 28 September 2011 - 04:48 PM

Hi john_rhodes,




After performing step1, please go to this thread to download avg removal tool to clean the leftovers and then uninstall Spybot - Search & Destroy via Add/Remove Programs if still presents. After that, you may need a protection program from Avira AntiVir Personal - FREE Antivirus .


Step1

  • Download GrantPerms.zip and save it to your desktop.
  • Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
  • Copy and paste the following in the code box:
    c:\\9e28cc10687988dd68ce28bbe996f5\amd64
    c:\\9e28cc10687988dd68ce28bbe996f5\i386
    c:\\Program Files\AVG\AVG9\Toolbar.old\Update\igt7.tmp.dir
    c:\\Program Files\AVG\AVG9\Toolbar.old\Update\igt8.tmp.dir
    c:\\Qoobox\BackEnv
    c:\\WINDOWS\system32\Macromed\Flash\Flash10v.ocx
    
  • Click Unlock. When it is done click "OK".
  • Restart the computer.


Step2

  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL File not found
    O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
    O3 - HKU\S-1-5-19\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-20\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-368182760-3931186687-1156710625-1010\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-368182760-3931186687-1156710625-1011\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-368182760-3931186687-1156710625-1011\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - Startup: D:\Documents and Settings\paul.SN049699020488\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll File not found
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll File not found
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL File not found
    O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL File not found
    :Files 
    ipconfig /flushdns /c 
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [start explorer]
    
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.

Step3

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


Step4

Go to start > run and type cmd, A dos Window will appear. Type the following bold in the command prompt one at a time and press Enter.

netsh winsock reset
netsh int ip reset


Restart your pc. After that, Start > Run > copy/paste C:\ComboFix.txt into run box and press Enter. Post the contents of ComboFix log in your next reply.


In your next reply, please post back:

1.OTL delete log
2.TDSSKiller log
3.ComboFix log

Let me know what the remaining issues you're still experiencing now.

#10 john_rhodes

john_rhodes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 01 October 2011 - 06:07 AM

Hi Sundavis,

Sorry for the delay in replying.

I have followed the steps you gave me and attached the logs. In your final step you asked me to post the combofix log but I wasn't sure whether you wanted me to run combofix or not. I didn't run it as you can see from the date of the log as I thought I would wait for you to confirm.

I have removed AVG and Spybot, but thought I would wait to install the new anti-virus until the problems are resolved.

When I tried to run "netsh int ip reset" from the command prompt I got a syntax error.

After completing the steps I tried testing the machine, but unfortunately I am experiencing the same problems. No connection to the internet and the main user is compromised so that I still cannot run the command prompt etc.

Once again please let me thanks you for all the help you are giving me.

John

Attached Files



#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:46 AM

Posted 01 October 2011 - 12:32 PM

Hi john_rhodes,



Please rerun the TDSSKiller and press the Cure button if a suspicious file is detected. After that, please proceed the following:

Step1

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    speedfan.sys
    nv4_mini.sys
    giveio.sys
    dvd43llh.sys
    Ndisprot.sys
    
  • Click the Look button to start the scan. Please wait until the Look button reappears.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


In your next reply, please post back:

1.TDSSKiller.txt
2.SystemLook.txt

Let me know how things went.

#12 john_rhodes

john_rhodes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 02 October 2011 - 06:05 AM

Hi,

I checked to see what the files were before removing them and found that the NV_mini was todo with the NVidia graphics card. I removed the files anyway, but now the graphics are very slow (if I drag the windows on the screen they are very jerky). I also found that the Ndisprot is sometimes a trojan which affects the dns, which sort of relates to the problems I am seeing.

After removal, still no improvement with internet connection etc.

Please see the attached logs.

11:40:00.0562 3148 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
11:40:00.0593 3148 ============================================================
11:40:00.0593 3148 Current date / time: 2011/10/02 11:40:00.0593
11:40:00.0593 3148 SystemInfo:
11:40:00.0593 3148
11:40:00.0593 3148 OS Version: 5.1.2600 ServicePack: 2.0
11:40:00.0593 3148 Product type: Workstation
11:40:00.0593 3148 ComputerName: SN049699020488
11:40:00.0609 3148 UserName: Test
11:40:00.0609 3148 Windows directory: C:\WINDOWS
11:40:00.0609 3148 System windows directory: C:\WINDOWS
11:40:00.0609 3148 Processor architecture: Intel x86
11:40:00.0609 3148 Number of processors: 2
11:40:00.0609 3148 Page size: 0x1000
11:40:00.0609 3148 Boot type: Normal boot
11:40:00.0609 3148 ============================================================
11:40:01.0125 3148 Initialize success
11:40:45.0718 3908 ============================================================
11:40:45.0734 3908 Scan started
11:40:45.0734 3908 Mode: Manual; SigCheck; TDLFS;
11:40:45.0734 3908 ============================================================
11:40:46.0062 3908 3xHybrid (53c2589bd342534a50e869f20c6ac2b9) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
11:40:46.0796 3908 3xHybrid - ok
11:40:46.0843 3908 Abiosdsk - ok
11:40:46.0890 3908 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:40:49.0843 3908 abp480n5 - ok
11:40:49.0921 3908 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:40:50.0125 3908 ACPI - ok
11:40:50.0171 3908 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:40:50.0359 3908 ACPIEC - ok
11:40:50.0406 3908 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:40:50.0578 3908 adpu160m - ok
11:40:50.0625 3908 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:40:50.0812 3908 aec - ok
11:40:50.0859 3908 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
11:40:51.0046 3908 AFD - ok
11:40:51.0062 3908 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:40:51.0265 3908 agp440 - ok
11:40:51.0281 3908 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:40:51.0468 3908 agpCPQ - ok
11:40:51.0500 3908 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:40:51.0593 3908 Aha154x - ok
11:40:51.0609 3908 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:40:51.0796 3908 aic78u2 - ok
11:40:51.0812 3908 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:40:52.0000 3908 aic78xx - ok
11:40:52.0031 3908 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:40:52.0203 3908 AliIde - ok
11:40:52.0234 3908 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:40:52.0421 3908 alim1541 - ok
11:40:52.0437 3908 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:40:52.0625 3908 amdagp - ok
11:40:52.0640 3908 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:40:52.0750 3908 amsint - ok
11:40:52.0781 3908 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:40:52.0953 3908 Arp1394 - ok
11:40:52.0968 3908 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:40:53.0156 3908 asc - ok
11:40:53.0171 3908 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:40:53.0281 3908 asc3350p - ok
11:40:53.0281 3908 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:40:53.0453 3908 asc3550 - ok
11:40:53.0500 3908 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:40:53.0671 3908 AsyncMac - ok
11:40:53.0703 3908 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:40:53.0890 3908 atapi - ok
11:40:53.0906 3908 Atdisk - ok
11:40:53.0921 3908 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:40:54.0125 3908 Atmarpc - ok
11:40:54.0156 3908 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:40:54.0312 3908 audstub - ok
11:40:54.0343 3908 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:40:54.0515 3908 Beep - ok
11:40:54.0546 3908 catchme - ok
11:40:54.0578 3908 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:40:54.0750 3908 cbidf - ok
11:40:54.0765 3908 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:40:54.0937 3908 cbidf2k - ok
11:40:54.0968 3908 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:40:55.0156 3908 CCDECODE - ok
11:40:55.0187 3908 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:40:55.0296 3908 cd20xrnt - ok
11:40:55.0312 3908 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:40:55.0468 3908 Cdaudio - ok
11:40:55.0515 3908 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:40:55.0703 3908 Cdfs - ok
11:40:55.0734 3908 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:40:55.0921 3908 Cdrom - ok
11:40:55.0937 3908 Changer - ok
11:40:55.0984 3908 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:40:56.0156 3908 CmdIde - ok
11:40:56.0218 3908 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:40:56.0375 3908 Cpqarray - ok
11:40:56.0421 3908 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:40:56.0609 3908 dac2w2k - ok
11:40:56.0640 3908 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:40:56.0828 3908 dac960nt - ok
11:40:56.0859 3908 dg_ssudbus (8d949255edc6f4aa87730b8472106591) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
11:40:56.0921 3908 dg_ssudbus - ok
11:40:56.0968 3908 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:40:57.0156 3908 Disk - ok
11:40:57.0203 3908 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:40:57.0468 3908 dmboot - ok
11:40:57.0484 3908 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:40:57.0671 3908 dmio - ok
11:40:57.0703 3908 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:40:57.0875 3908 dmload - ok
11:40:57.0890 3908 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:40:58.0078 3908 DMusic - ok
11:40:58.0093 3908 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:40:58.0265 3908 dpti2o - ok
11:40:58.0296 3908 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:40:58.0453 3908 drmkaud - ok
11:40:58.0484 3908 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
11:40:58.0500 3908 dvd43llh ( UnsignedFile.Multi.Generic ) - warning
11:40:58.0500 3908 dvd43llh - detected UnsignedFile.Multi.Generic (1)
11:40:58.0546 3908 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:40:58.0750 3908 Fastfat - ok
11:40:58.0765 3908 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:40:58.0953 3908 Fdc - ok
11:40:58.0984 3908 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:40:59.0171 3908 Fips - ok
11:40:59.0187 3908 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:40:59.0375 3908 Flpydisk - ok
11:40:59.0390 3908 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:40:59.0609 3908 FltMgr - ok
11:40:59.0640 3908 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:40:59.0796 3908 Fs_Rec - ok
11:40:59.0828 3908 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:41:00.0000 3908 Ftdisk - ok
11:41:00.0031 3908 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:41:00.0046 3908 GEARAspiWDM - ok
11:41:00.0078 3908 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
11:41:00.0093 3908 giveio ( UnsignedFile.Multi.Generic ) - warning
11:41:00.0093 3908 giveio - detected UnsignedFile.Multi.Generic (1)
11:41:00.0125 3908 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:41:00.0312 3908 Gpc - ok
11:41:00.0343 3908 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
11:41:00.0375 3908 HdAudAddService - ok
11:41:00.0406 3908 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:41:00.0609 3908 HDAudBus - ok
11:41:00.0656 3908 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:41:00.0828 3908 HidUsb - ok
11:41:00.0875 3908 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:41:01.0031 3908 hpn - ok
11:41:01.0078 3908 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
11:41:01.0265 3908 HTTP - ok
11:41:01.0312 3908 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:41:01.0484 3908 i2omgmt - ok
11:41:01.0515 3908 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:41:01.0703 3908 i2omp - ok
11:41:01.0734 3908 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:41:01.0921 3908 i8042prt - ok
11:41:01.0953 3908 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:41:02.0156 3908 Imapi - ok
11:41:02.0218 3908 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:41:02.0375 3908 ini910u - ok
11:41:02.0500 3908 IntcAzAudAddService (5f2657f8781376892035976cf8122a2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:41:02.0703 3908 IntcAzAudAddService - ok
11:41:02.0765 3908 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:41:02.0953 3908 IntelIde - ok
11:41:02.0984 3908 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:41:03.0203 3908 intelppm - ok
11:41:03.0218 3908 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:41:03.0421 3908 Ip6Fw - ok
11:41:03.0453 3908 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:41:03.0625 3908 IpFilterDriver - ok
11:41:03.0640 3908 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:41:03.0843 3908 IpInIp - ok
11:41:03.0859 3908 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:41:04.0031 3908 IpNat - ok
11:41:04.0062 3908 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:41:04.0234 3908 IPSec - ok
11:41:04.0265 3908 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:41:04.0437 3908 IRENUM - ok
11:41:04.0468 3908 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:41:04.0656 3908 isapnp - ok
11:41:04.0687 3908 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:41:04.0859 3908 Kbdclass - ok
11:41:04.0875 3908 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:41:05.0062 3908 kbdhid - ok
11:41:05.0093 3908 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:41:05.0265 3908 kmixer - ok
11:41:05.0281 3908 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
11:41:05.0468 3908 KSecDD - ok
11:41:05.0484 3908 lbrtfdc - ok
11:41:05.0562 3908 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
11:41:05.0640 3908 MHNDRV - ok
11:41:05.0671 3908 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:41:05.0828 3908 mnmdd - ok
11:41:05.0875 3908 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:41:06.0046 3908 Modem - ok
11:41:06.0062 3908 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:41:06.0234 3908 Mouclass - ok
11:41:06.0265 3908 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:41:06.0437 3908 mouhid - ok
11:41:06.0468 3908 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:41:06.0640 3908 MountMgr - ok
11:41:06.0671 3908 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
11:41:06.0843 3908 MPE - ok
11:41:06.0875 3908 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:41:07.0031 3908 mraid35x - ok
11:41:07.0062 3908 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:41:07.0234 3908 MRxDAV - ok
11:41:07.0265 3908 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:41:07.0484 3908 MRxSmb - ok
11:41:07.0500 3908 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:41:07.0671 3908 Msfs - ok
11:41:07.0703 3908 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:41:07.0859 3908 MSKSSRV - ok
11:41:07.0890 3908 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:41:08.0062 3908 MSPCLOCK - ok
11:41:08.0078 3908 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:41:08.0265 3908 MSPQM - ok
11:41:08.0296 3908 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:41:08.0500 3908 mssmbios - ok
11:41:08.0515 3908 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:41:08.0671 3908 MSTEE - ok
11:41:08.0703 3908 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:41:08.0875 3908 Mup - ok
11:41:08.0890 3908 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:41:09.0078 3908 NABTSFEC - ok
11:41:09.0109 3908 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:41:09.0296 3908 NDIS - ok
11:41:09.0312 3908 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:41:09.0484 3908 NdisIP - ok
11:41:09.0531 3908 Ndisprot (a3b80c6e0774815c362aeb5ed5ac047d) C:\WINDOWS\system32\drivers\Ndisprot.sys
11:41:09.0531 3908 Ndisprot ( UnsignedFile.Multi.Generic ) - warning
11:41:09.0531 3908 Ndisprot - detected UnsignedFile.Multi.Generic (1)
11:41:09.0546 3908 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:41:09.0718 3908 NdisTapi - ok
11:41:09.0750 3908 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:41:09.0937 3908 Ndisuio - ok
11:41:09.0953 3908 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:41:10.0125 3908 NdisWan - ok
11:41:10.0156 3908 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
11:41:10.0312 3908 NDProxy - ok
11:41:10.0359 3908 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys
11:41:10.0390 3908 Netaapl - ok
11:41:10.0437 3908 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:41:10.0593 3908 NetBIOS - ok
11:41:10.0625 3908 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:41:10.0796 3908 NetBT - ok
11:41:10.0843 3908 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:41:11.0015 3908 NIC1394 - ok
11:41:11.0031 3908 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:41:11.0203 3908 Npfs - ok
11:41:11.0250 3908 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:41:11.0453 3908 Ntfs - ok
11:41:11.0500 3908 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:41:11.0671 3908 Null - ok
11:41:11.0953 3908 nv (bccced4253057e51782eee166d2ced3c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:41:12.0500 3908 nv ( UnsignedFile.Multi.Generic ) - warning
11:41:12.0515 3908 nv - detected UnsignedFile.Multi.Generic (1)
11:41:12.0546 3908 NVHDA (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys
11:41:12.0562 3908 NVHDA - ok
11:41:12.0593 3908 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:41:12.0765 3908 NwlnkFlt - ok
11:41:12.0781 3908 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:41:12.0937 3908 NwlnkFwd - ok
11:41:12.0968 3908 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:41:13.0171 3908 ohci1394 - ok
11:41:13.0203 3908 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:41:13.0359 3908 Parport - ok
11:41:13.0390 3908 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:41:13.0546 3908 PartMgr - ok
11:41:13.0578 3908 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:41:13.0734 3908 ParVdm - ok
11:41:13.0765 3908 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:41:13.0937 3908 PCI - ok
11:41:13.0953 3908 PCIDump - ok
11:41:13.0984 3908 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:41:14.0140 3908 PCIIde - ok
11:41:14.0187 3908 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:41:14.0359 3908 Pcmcia - ok
11:41:14.0375 3908 PDCOMP - ok
11:41:14.0390 3908 PDFRAME - ok
11:41:14.0406 3908 PDRELI - ok
11:41:14.0421 3908 PDRFRAME - ok
11:41:14.0453 3908 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:41:14.0609 3908 perc2 - ok
11:41:14.0625 3908 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:41:14.0796 3908 perc2hib - ok
11:41:14.0859 3908 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:41:15.0031 3908 PptpMiniport - ok
11:41:15.0046 3908 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:41:15.0218 3908 Processor - ok
11:41:15.0250 3908 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:41:15.0406 3908 PSched - ok
11:41:15.0437 3908 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:41:15.0593 3908 Ptilink - ok
11:41:15.0625 3908 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:41:15.0625 3908 PxHelp20 - ok
11:41:15.0640 3908 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:41:15.0812 3908 ql1080 - ok
11:41:15.0828 3908 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:41:16.0000 3908 Ql10wnt - ok
11:41:16.0015 3908 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:41:16.0171 3908 ql12160 - ok
11:41:16.0187 3908 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:41:16.0359 3908 ql1240 - ok
11:41:16.0375 3908 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:41:16.0531 3908 ql1280 - ok
11:41:16.0687 3908 RapportCerberus_29574 (dda98cc4f34977914c731b8155e1cbd5) D:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys
11:41:16.0718 3908 RapportCerberus_29574 - ok
11:41:16.0781 3908 RapportEI (d299e4973da2dc9ded9066232e99e3d2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
11:41:16.0796 3908 RapportEI - ok
11:41:16.0859 3908 RapportKELL (b4fedb7c55968ebe2bb9b8d7612eb2d5) C:\WINDOWS\system32\Drivers\RapportKELL.sys
11:41:16.0875 3908 RapportKELL - ok
11:41:16.0890 3908 RapportPG (352cae4a3c3b6f6ccdaa246a0a6a61c6) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
11:41:16.0906 3908 RapportPG - ok
11:41:16.0953 3908 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:41:17.0109 3908 RasAcd - ok
11:41:17.0156 3908 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:41:17.0343 3908 Rasl2tp - ok
11:41:17.0406 3908 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:41:17.0578 3908 RasPppoe - ok
11:41:17.0609 3908 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:41:17.0765 3908 Raspti - ok
11:41:17.0812 3908 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:41:17.0984 3908 Rdbss - ok
11:41:18.0015 3908 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:41:18.0171 3908 RDPCDD - ok
11:41:18.0218 3908 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:41:18.0375 3908 rdpdr - ok
11:41:18.0406 3908 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:41:18.0578 3908 RDPWD - ok
11:41:18.0609 3908 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:41:18.0781 3908 redbook - ok
11:41:18.0828 3908 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
11:41:18.0859 3908 RTL8023 - ok
11:41:18.0890 3908 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
11:41:18.0906 3908 s1018bus - ok
11:41:18.0968 3908 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
11:41:18.0968 3908 s1018mdfl - ok
11:41:19.0000 3908 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
11:41:19.0015 3908 s1018mdm - ok
11:41:19.0031 3908 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
11:41:19.0109 3908 s1018mgmt - ok
11:41:19.0187 3908 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
11:41:19.0203 3908 s1018nd5 - ok
11:41:19.0218 3908 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
11:41:19.0234 3908 s1018obex - ok
11:41:19.0265 3908 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
11:41:19.0281 3908 s1018unic - ok
11:41:19.0328 3908 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:41:19.0796 3908 Secdrv - ok
11:41:19.0828 3908 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
11:41:19.0859 3908 seehcri - ok
11:41:19.0890 3908 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:41:20.0062 3908 Serenum - ok
11:41:20.0093 3908 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:41:20.0250 3908 Serial - ok
11:41:20.0296 3908 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:41:20.0453 3908 Sfloppy - ok
11:41:20.0484 3908 Simbad - ok
11:41:20.0515 3908 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:41:20.0671 3908 sisagp - ok
11:41:20.0703 3908 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:41:20.0859 3908 SLIP - ok
11:41:20.0921 3908 smserial (c84e65253dd6913b75852c0bfa38da07) C:\WINDOWS\system32\DRIVERS\smserial.sys
11:41:21.0015 3908 smserial - ok
11:41:21.0078 3908 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:41:21.0187 3908 Sparrow - ok
11:41:21.0218 3908 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
11:41:21.0234 3908 speedfan ( UnsignedFile.Multi.Generic ) - warning
11:41:21.0234 3908 speedfan - detected UnsignedFile.Multi.Generic (1)
11:41:21.0265 3908 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:41:21.0437 3908 splitter - ok
11:41:21.0484 3908 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
11:41:21.0531 3908 sptd - ok
11:41:21.0578 3908 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:41:21.0734 3908 sr - ok
11:41:21.0781 3908 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
11:41:21.0953 3908 Srv - ok
11:41:22.0000 3908 ssudmdm (15376507e439f73610f83947f1727e84) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
11:41:22.0015 3908 ssudmdm - ok
11:41:22.0046 3908 ssudnflt (0e550d3ddac4cfc48602c262889590d9) C:\WINDOWS\system32\DRIVERS\ssudnflt.sys
11:41:22.0062 3908 ssudnflt - ok
11:41:22.0109 3908 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:41:22.0265 3908 streamip - ok
11:41:22.0281 3908 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:41:22.0453 3908 swenum - ok
11:41:22.0484 3908 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:41:22.0640 3908 swmidi - ok
11:41:22.0671 3908 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:41:22.0828 3908 symc810 - ok
11:41:22.0859 3908 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:41:23.0015 3908 symc8xx - ok
11:41:23.0031 3908 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:41:23.0203 3908 sym_hi - ok
11:41:23.0218 3908 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:41:23.0390 3908 sym_u3 - ok
11:41:23.0421 3908 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:41:23.0578 3908 sysaudio - ok
11:41:23.0625 3908 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:41:23.0828 3908 Tcpip - ok
11:41:23.0843 3908 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:41:24.0000 3908 TDPIPE - ok
11:41:24.0031 3908 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:41:24.0203 3908 TDTCP - ok
11:41:24.0234 3908 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:41:24.0390 3908 TermDD - ok
11:41:24.0437 3908 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:41:24.0578 3908 TosIde - ok
11:41:24.0625 3908 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:41:24.0781 3908 Udfs - ok
11:41:24.0812 3908 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:41:24.0921 3908 ultra - ok
11:41:24.0953 3908 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:41:25.0156 3908 Update - ok
11:41:25.0234 3908 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:41:25.0265 3908 USBAAPL - ok
11:41:25.0296 3908 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:41:25.0453 3908 usbccgp - ok
11:41:25.0484 3908 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:41:25.0656 3908 usbehci - ok
11:41:25.0671 3908 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:41:25.0843 3908 usbhub - ok
11:41:25.0859 3908 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:41:26.0031 3908 usbohci - ok
11:41:26.0046 3908 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:41:26.0218 3908 usbscan - ok
11:41:26.0250 3908 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:41:26.0406 3908 USBSTOR - ok
11:41:26.0421 3908 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:41:26.0578 3908 usbuhci - ok
11:41:26.0609 3908 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:41:26.0765 3908 usb_rndisx - ok
11:41:26.0796 3908 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:41:26.0968 3908 VgaSave - ok
11:41:26.0984 3908 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:41:27.0156 3908 viaagp - ok
11:41:27.0171 3908 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:41:27.0343 3908 ViaIde - ok
11:41:27.0359 3908 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:41:27.0546 3908 VolSnap - ok
11:41:27.0578 3908 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:41:27.0750 3908 Wanarp - ok
11:41:27.0781 3908 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
11:41:27.0812 3908 wanatw - ok
11:41:27.0859 3908 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:41:27.0890 3908 Wdf01000 - ok
11:41:27.0906 3908 WDICA - ok
11:41:27.0953 3908 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:41:28.0109 3908 wdmaud - ok
11:41:28.0203 3908 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:41:28.0250 3908 WpdUsb - ok
11:41:28.0281 3908 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:41:28.0421 3908 WS2IFSL - ok
11:41:28.0468 3908 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:41:28.0640 3908 WSTCODEC - ok
11:41:28.0687 3908 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:41:28.0718 3908 WudfPf - ok
11:41:28.0765 3908 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:41:28.0812 3908 WudfRd - ok
11:41:28.0875 3908 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
11:41:28.0906 3908 X10Hid - ok
11:41:28.0968 3908 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:41:29.0078 3908 \Device\Harddisk0\DR0 - ok
11:41:29.0093 3908 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR5
11:41:29.0984 3908 \Device\Harddisk1\DR5 - ok
11:41:29.0984 3908 Boot (0x1200) (e4e28287b5a8bda6124df8a32380c3f3) \Device\Harddisk0\DR0\Partition0
11:41:29.0984 3908 \Device\Harddisk0\DR0\Partition0 - ok
11:41:30.0000 3908 Boot (0x1200) (f094ba66481567626a3ab17144dc46e8) \Device\Harddisk0\DR0\Partition1
11:41:30.0000 3908 \Device\Harddisk0\DR0\Partition1 - ok
11:41:30.0000 3908 Boot (0x1200) (2a7b7dfacf578a8f76e2d55ab51d8c3c) \Device\Harddisk1\DR5\Partition0
11:41:30.0015 3908 \Device\Harddisk1\DR5\Partition0 - ok
11:41:30.0015 3908 ============================================================
11:41:30.0015 3908 Scan finished
11:41:30.0015 3908 ============================================================
11:41:30.0125 3620 Detected object count: 5
11:41:30.0125 3620 Actual detected object count: 5
11:42:03.0921 3620 C:\WINDOWS\system32\DRIVERS\dvd43llh.sys - copied to quarantine
11:42:03.0921 3620 dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
11:42:03.0984 3620 C:\WINDOWS\system32\giveio.sys - copied to quarantine
11:42:03.0984 3620 giveio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
11:42:04.0031 3620 C:\WINDOWS\system32\drivers\Ndisprot.sys - copied to quarantine
11:42:04.0031 3620 Ndisprot ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
11:42:04.0625 3620 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - copied to quarantine
11:42:04.0625 3620 nv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
11:42:04.0687 3620 C:\WINDOWS\system32\speedfan.sys - copied to quarantine
11:42:04.0687 3620 speedfan ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
11:42:14.0984 0292 ============================================================
11:42:14.0984 0292 Scan started
11:42:14.0984 0292 Mode: Manual; SigCheck; TDLFS;
11:42:14.0984 0292 ============================================================
11:42:15.0484 0292 3xHybrid (53c2589bd342534a50e869f20c6ac2b9) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
11:42:15.0546 0292 3xHybrid - ok
11:42:15.0562 0292 Abiosdsk - ok
11:42:15.0609 0292 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:42:15.0703 0292 abp480n5 - ok
11:42:15.0734 0292 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:42:15.0906 0292 ACPI - ok
11:42:15.0968 0292 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:42:16.0125 0292 ACPIEC - ok
11:42:16.0156 0292 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:42:16.0312 0292 adpu160m - ok
11:42:16.0359 0292 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:42:16.0531 0292 aec - ok
11:42:16.0562 0292 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
11:42:16.0718 0292 AFD - ok
11:42:16.0734 0292 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:42:16.0906 0292 agp440 - ok
11:42:16.0921 0292 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:42:17.0093 0292 agpCPQ - ok
11:42:17.0109 0292 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:42:17.0218 0292 Aha154x - ok
11:42:17.0234 0292 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:42:17.0390 0292 aic78u2 - ok
11:42:17.0406 0292 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:42:17.0562 0292 aic78xx - ok
11:42:17.0593 0292 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:42:17.0750 0292 AliIde - ok
11:42:17.0796 0292 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:42:17.0953 0292 alim1541 - ok
11:42:17.0968 0292 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:42:18.0140 0292 amdagp - ok
11:42:18.0156 0292 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:42:18.0265 0292 amsint - ok
11:42:18.0312 0292 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:42:18.0484 0292 Arp1394 - ok
11:42:18.0500 0292 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:42:18.0656 0292 asc - ok
11:42:18.0671 0292 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:42:18.0781 0292 asc3350p - ok
11:42:18.0796 0292 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:42:18.0953 0292 asc3550 - ok
11:42:19.0000 0292 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:42:19.0171 0292 AsyncMac - ok
11:42:19.0203 0292 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:42:19.0359 0292 atapi - ok
11:42:19.0375 0292 Atdisk - ok
11:42:19.0406 0292 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:42:19.0578 0292 Atmarpc - ok
11:42:19.0593 0292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:42:19.0750 0292 audstub - ok
11:42:19.0765 0292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:42:19.0921 0292 Beep - ok
11:42:19.0968 0292 catchme - ok
11:42:20.0015 0292 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:42:20.0171 0292 cbidf - ok
11:42:20.0187 0292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:42:20.0343 0292 cbidf2k - ok
11:42:20.0390 0292 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:42:20.0546 0292 CCDECODE - ok
11:42:20.0578 0292 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:42:20.0687 0292 cd20xrnt - ok
11:42:20.0703 0292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:42:20.0859 0292 Cdaudio - ok
11:42:20.0906 0292 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:42:21.0078 0292 Cdfs - ok
11:42:21.0109 0292 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:42:21.0265 0292 Cdrom - ok
11:42:21.0281 0292 Changer - ok
11:42:21.0328 0292 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:42:21.0484 0292 CmdIde - ok
11:42:21.0531 0292 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:42:21.0687 0292 Cpqarray - ok
11:42:21.0718 0292 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:42:21.0890 0292 dac2w2k - ok
11:42:21.0921 0292 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:42:22.0078 0292 dac960nt - ok
11:42:22.0109 0292 dg_ssudbus (8d949255edc6f4aa87730b8472106591) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
11:42:22.0125 0292 dg_ssudbus - ok
11:42:22.0156 0292 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:42:22.0312 0292 Disk - ok
11:42:22.0359 0292 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:42:22.0593 0292 dmboot - ok
11:42:22.0609 0292 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:42:22.0781 0292 dmio - ok
11:42:22.0812 0292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:42:22.0968 0292 dmload - ok
11:42:23.0015 0292 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:42:23.0187 0292 DMusic - ok
11:42:23.0218 0292 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:42:23.0375 0292 dpti2o - ok
11:42:23.0515 0292 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:42:23.0687 0292 drmkaud - ok
11:42:23.0703 0292 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
11:42:23.0718 0292 dvd43llh ( UnsignedFile.Multi.Generic ) - warning
11:42:23.0718 0292 dvd43llh - detected UnsignedFile.Multi.Generic (1)
11:42:23.0781 0292 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:42:23.0937 0292 Fastfat - ok
11:42:23.0968 0292 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:42:24.0125 0292 Fdc - ok
11:42:24.0156 0292 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:42:24.0343 0292 Fips - ok
11:42:24.0359 0292 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:42:24.0531 0292 Flpydisk - ok
11:42:24.0578 0292 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:42:24.0734 0292 FltMgr - ok
11:42:24.0765 0292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:42:24.0921 0292 Fs_Rec - ok
11:42:24.0953 0292 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:42:25.0109 0292 Ftdisk - ok
11:42:25.0156 0292 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:42:25.0156 0292 GEARAspiWDM - ok
11:42:25.0187 0292 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
11:42:25.0203 0292 giveio ( UnsignedFile.Multi.Generic ) - warning
11:42:25.0203 0292 giveio - detected UnsignedFile.Multi.Generic (1)
11:42:25.0250 0292 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:42:25.0406 0292 Gpc - ok
11:42:25.0453 0292 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
11:42:25.0484 0292 HdAudAddService - ok
11:42:25.0500 0292 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:42:25.0671 0292 HDAudBus - ok
11:42:25.0718 0292 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:42:25.0875 0292 HidUsb - ok
11:42:25.0906 0292 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:42:26.0062 0292 hpn - ok
11:42:26.0093 0292 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
11:42:26.0265 0292 HTTP - ok
11:42:26.0296 0292 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:42:26.0453 0292 i2omgmt - ok
11:42:26.0484 0292 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:42:26.0640 0292 i2omp - ok
11:42:26.0671 0292 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:42:26.0843 0292 i8042prt - ok
11:42:26.0875 0292 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:42:27.0031 0292 Imapi - ok
11:42:27.0078 0292 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:42:27.0234 0292 ini910u - ok
11:42:27.0343 0292 IntcAzAudAddService (5f2657f8781376892035976cf8122a2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:42:27.0484 0292 IntcAzAudAddService - ok
11:42:27.0546 0292 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:42:27.0718 0292 IntelIde - ok
11:42:27.0734 0292 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:42:27.0906 0292 intelppm - ok
11:42:27.0921 0292 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:42:28.0093 0292 Ip6Fw - ok
11:42:28.0125 0292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:42:28.0281 0292 IpFilterDriver - ok
11:42:28.0312 0292 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:42:28.0468 0292 IpInIp - ok
11:42:28.0500 0292 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:42:28.0671 0292 IpNat - ok
11:42:28.0703 0292 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:42:28.0859 0292 IPSec - ok
11:42:28.0890 0292 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:42:29.0062 0292 IRENUM - ok
11:42:29.0078 0292 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:42:29.0250 0292 isapnp - ok
11:42:29.0281 0292 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:42:29.0437 0292 Kbdclass - ok
11:42:29.0453 0292 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:42:29.0625 0292 kbdhid - ok
11:42:29.0640 0292 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:42:29.0812 0292 kmixer - ok
11:42:29.0843 0292 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
11:42:30.0015 0292 KSecDD - ok
11:42:30.0046 0292 lbrtfdc - ok
11:42:30.0093 0292 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
11:42:30.0187 0292 MHNDRV - ok
11:42:30.0218 0292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:42:30.0375 0292 mnmdd - ok
11:42:30.0421 0292 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:42:30.0593 0292 Modem - ok
11:42:30.0625 0292 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:42:30.0781 0292 Mouclass - ok
11:42:30.0812 0292 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:42:30.0968 0292 mouhid - ok
11:42:31.0000 0292 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:42:31.0171 0292 MountMgr - ok
11:42:31.0203 0292 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
11:42:31.0375 0292 MPE - ok
11:42:31.0406 0292 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:42:31.0562 0292 mraid35x - ok
11:42:31.0593 0292 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:42:31.0750 0292 MRxDAV - ok
11:42:31.0781 0292 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:42:31.0968 0292 MRxSmb - ok
11:42:32.0015 0292 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:42:32.0187 0292 Msfs - ok
11:42:32.0234 0292 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:42:32.0390 0292 MSKSSRV - ok
11:42:32.0421 0292 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:42:32.0593 0292 MSPCLOCK - ok
11:42:32.0625 0292 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:42:32.0796 0292 MSPQM - ok
11:42:32.0828 0292 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:42:32.0984 0292 mssmbios - ok
11:42:33.0015 0292 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:42:33.0187 0292 MSTEE - ok
11:42:33.0218 0292 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:42:33.0375 0292 Mup - ok
11:42:33.0421 0292 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:42:33.0593 0292 NABTSFEC - ok
11:42:33.0625 0292 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:42:33.0796 0292 NDIS - ok
11:42:33.0828 0292 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:42:33.0984 0292 NdisIP - ok
11:42:34.0031 0292 Ndisprot (a3b80c6e0774815c362aeb5ed5ac047d) C:\WINDOWS\system32\drivers\Ndisprot.sys
11:42:34.0031 0292 Ndisprot ( UnsignedFile.Multi.Generic ) - warning
11:42:34.0031 0292 Ndisprot - detected UnsignedFile.Multi.Generic (1)
11:42:34.0078 0292 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:42:34.0250 0292 NdisTapi - ok
11:42:34.0265 0292 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:42:34.0437 0292 Ndisuio - ok
11:42:34.0468 0292 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:42:34.0640 0292 NdisWan - ok
11:42:34.0656 0292 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
11:42:34.0828 0292 NDProxy - ok
11:42:34.0875 0292 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys
11:42:34.0890 0292 Netaapl - ok
11:42:34.0921 0292 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:42:35.0078 0292 NetBIOS - ok
11:42:35.0109 0292 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:42:35.0281 0292 NetBT - ok
11:42:35.0328 0292 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:42:35.0484 0292 NIC1394 - ok
11:42:35.0515 0292 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:42:35.0687 0292 Npfs - ok
11:42:35.0718 0292 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:42:35.0906 0292 Ntfs - ok
11:42:35.0937 0292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:42:36.0109 0292 Null - ok
11:42:36.0390 0292 nv (bccced4253057e51782eee166d2ced3c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:42:36.0734 0292 nv ( UnsignedFile.Multi.Generic ) - warning
11:42:36.0734 0292 nv - detected UnsignedFile.Multi.Generic (1)
11:42:36.0781 0292 NVHDA (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys
11:42:36.0796 0292 NVHDA - ok
11:42:36.0828 0292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:42:36.0984 0292 NwlnkFlt - ok
11:42:37.0000 0292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:42:37.0156 0292 NwlnkFwd - ok
11:42:37.0203 0292 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:42:37.0375 0292 ohci1394 - ok
11:42:37.0406 0292 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:42:37.0578 0292 Parport - ok
11:42:37.0593 0292 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:42:37.0750 0292 PartMgr - ok
11:42:37.0781 0292 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:42:37.0937 0292 ParVdm - ok
11:42:37.0968 0292 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:42:38.0140 0292 PCI - ok
11:42:38.0156 0292 PCIDump - ok
11:42:38.0187 0292 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:42:38.0343 0292 PCIIde - ok
11:42:38.0390 0292 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:42:38.0546 0292 Pcmcia - ok
11:42:38.0562 0292 PDCOMP - ok
11:42:38.0578 0292 PDFRAME - ok
11:42:38.0593 0292 PDRELI - ok
11:42:38.0609 0292 PDRFRAME - ok
11:42:38.0625 0292 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:42:38.0781 0292 perc2 - ok
11:42:38.0812 0292 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:42:38.0953 0292 perc2hib - ok
11:42:39.0031 0292 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:42:39.0187 0292 PptpMiniport - ok
11:42:39.0203 0292 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:42:39.0375 0292 Processor - ok
11:42:39.0406 0292 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:42:39.0578 0292 PSched - ok
11:42:39.0593 0292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:42:39.0750 0292 Ptilink - ok
11:42:39.0781 0292 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:42:39.0796 0292 PxHelp20 - ok
11:42:39.0812 0292 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:42:39.0968 0292 ql1080 - ok
11:42:39.0984 0292 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:42:40.0140 0292 Ql10wnt - ok
11:42:40.0156 0292 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:42:40.0328 0292 ql12160 - ok
11:42:40.0343 0292 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:42:40.0515 0292 ql1240 - ok
11:42:40.0531 0292 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:42:40.0687 0292 ql1280 - ok
11:42:40.0734 0292 RapportCerberus_29574 (dda98cc4f34977914c731b8155e1cbd5) D:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys
11:42:40.0750 0292 RapportCerberus_29574 - ok
11:42:40.0828 0292 RapportEI (d299e4973da2dc9ded9066232e99e3d2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
11:42:40.0843 0292 RapportEI - ok
11:42:40.0906 0292 RapportKELL (b4fedb7c55968ebe2bb9b8d7612eb2d5) C:\WINDOWS\system32\Drivers\RapportKELL.sys
11:42:40.0921 0292 RapportKELL - ok
11:42:40.0968 0292 RapportPG (352cae4a3c3b6f6ccdaa246a0a6a61c6) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
11:42:40.0984 0292 RapportPG - ok
11:42:41.0000 0292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:42:41.0171 0292 RasAcd - ok
11:42:41.0218 0292 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:42:41.0390 0292 Rasl2tp - ok
11:42:41.0406 0292 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:42:41.0578 0292 RasPppoe - ok
11:42:41.0593 0292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:42:41.0750 0292 Raspti - ok
11:42:41.0796 0292 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:42:41.0968 0292 Rdbss - ok
11:42:42.0000 0292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:42:42.0156 0292 RDPCDD - ok
11:42:42.0203 0292 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:42:42.0359 0292 rdpdr - ok
11:42:42.0390 0292 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:42:42.0562 0292 RDPWD - ok
11:42:42.0593 0292 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:42:42.0765 0292 redbook - ok
11:42:42.0812 0292 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
11:42:42.0843 0292 RTL8023 - ok
11:42:42.0875 0292 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
11:42:42.0890 0292 s1018bus - ok
11:42:42.0921 0292 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
11:42:42.0921 0292 s1018mdfl - ok
11:42:42.0953 0292 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
11:42:42.0968 0292 s1018mdm - ok
11:42:42.0984 0292 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
11:42:43.0031 0292 s1018mgmt - ok
11:42:43.0062 0292 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
11:42:43.0078 0292 s1018nd5 - ok
11:42:43.0109 0292 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
11:42:43.0125 0292 s1018obex - ok
11:42:43.0140 0292 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
11:42:43.0156 0292 s1018unic - ok
11:42:43.0187 0292 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:42:43.0671 0292 Secdrv - ok
11:42:43.0703 0292 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
11:42:43.0734 0292 seehcri - ok
11:42:43.0765 0292 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:42:43.0937 0292 Serenum - ok
11:42:43.0953 0292 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:42:44.0109 0292 Serial - ok
11:42:44.0156 0292 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:42:44.0312 0292 Sfloppy - ok
11:42:44.0359 0292 Simbad - ok
11:42:44.0375 0292 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:42:44.0531 0292 sisagp - ok
11:42:44.0562 0292 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:42:44.0718 0292 SLIP - ok
11:42:44.0765 0292 smserial (c84e65253dd6913b75852c0bfa38da07) C:\WINDOWS\system32\DRIVERS\smserial.sys
11:42:44.0875 0292 smserial - ok
11:42:44.0921 0292 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:42:45.0031 0292 Sparrow - ok
11:42:45.0062 0292 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
11:42:45.0078 0292 speedfan ( UnsignedFile.Multi.Generic ) - warning
11:42:45.0078 0292 speedfan - detected UnsignedFile.Multi.Generic (1)
11:42:45.0109 0292 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:42:45.0265 0292 splitter - ok
11:42:45.0328 0292 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
11:42:45.0359 0292 sptd - ok
11:42:45.0406 0292 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:42:45.0578 0292 sr - ok
11:42:45.0609 0292 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
11:42:45.0781 0292 Srv - ok
11:42:45.0828 0292 ssudmdm (15376507e439f73610f83947f1727e84) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
11:42:45.0843 0292 ssudmdm - ok
11:42:45.0875 0292 ssudnflt (0e550d3ddac4cfc48602c262889590d9) C:\WINDOWS\system32\DRIVERS\ssudnflt.sys
11:42:45.0875 0292 ssudnflt - ok
11:42:45.0906 0292 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:42:46.0078 0292 streamip - ok
11:42:46.0093 0292 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:42:46.0265 0292 swenum - ok
11:42:46.0281 0292 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:42:46.0453 0292 swmidi - ok
11:42:46.0484 0292 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:42:46.0640 0292 symc810 - ok
11:42:46.0656 0292 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:42:46.0828 0292 symc8xx - ok
11:42:46.0843 0292 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:42:47.0000 0292 sym_hi - ok
11:42:47.0015 0292 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:42:47.0187 0292 sym_u3 - ok
11:42:47.0218 0292 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:42:47.0390 0292 sysaudio - ok
11:42:47.0437 0292 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:42:47.0609 0292 Tcpip - ok
11:42:47.0656 0292 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:42:47.0828 0292 TDPIPE - ok
11:42:47.0843 0292 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:42:48.0015 0292 TDTCP - ok
11:42:48.0046 0292 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:42:48.0218 0292 TermDD - ok
11:42:48.0250 0292 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:42:48.0406 0292 TosIde - ok
11:42:48.0437 0292 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:42:48.0593 0292 Udfs - ok
11:42:48.0640 0292 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:42:48.0750 0292 ultra - ok
11:42:48.0781 0292 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:42:48.0968 0292 Update - ok
11:42:49.0015 0292 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:42:49.0046 0292 USBAAPL - ok
11:42:49.0078 0292 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:42:49.0250 0292 usbccgp - ok
11:42:49.0281 0292 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:42:49.0437 0292 usbehci - ok
11:42:49.0468 0292 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:42:49.0640 0292 usbhub - ok
11:42:49.0656 0292 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:42:49.0828 0292 usbohci - ok
11:42:49.0859 0292 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:42:50.0015 0292 usbscan - ok
11:42:50.0046 0292 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:42:50.0203 0292 USBSTOR - ok
11:42:50.0234 0292 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:42:50.0390 0292 usbuhci - ok
11:42:50.0421 0292 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:42:50.0578 0292 usb_rndisx - ok
11:42:50.0609 0292 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:42:50.0765 0292 VgaSave - ok
11:42:50.0796 0292 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:42:50.0953 0292 viaagp - ok
11:42:50.0984 0292 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:42:51.0156 0292 ViaIde - ok
11:42:51.0171 0292 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:42:51.0343 0292 VolSnap - ok
11:42:51.0390 0292 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:42:51.0546 0292 Wanarp - ok
11:42:51.0578 0292 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
11:42:51.0609 0292 wanatw - ok
11:42:51.0656 0292 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:42:51.0671 0292 Wdf01000 - ok
11:42:51.0687 0292 WDICA - ok
11:42:51.0734 0292 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:42:51.0906 0292 wdmaud - ok
11:42:51.0984 0292 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:42:52.0015 0292 WpdUsb - ok
11:42:52.0046 0292 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:42:52.0203 0292 WS2IFSL - ok
11:42:52.0250 0292 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:42:52.0421 0292 WSTCODEC - ok
11:42:52.0468 0292 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:42:52.0500 0292 WudfPf - ok
11:42:52.0546 0292 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:42:52.0562 0292 WudfRd - ok
11:42:52.0593 0292 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
11:42:52.0625 0292 X10Hid - ok
11:42:52.0687 0292 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:42:52.0812 0292 \Device\Harddisk0\DR0 - ok
11:42:52.0828 0292 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR5
11:42:53.0687 0292 \Device\Harddisk1\DR5 - ok
11:42:53.0687 0292 Boot (0x1200) (e4e28287b5a8bda6124df8a32380c3f3) \Device\Harddisk0\DR0\Partition0
11:42:53.0687 0292 \Device\Harddisk0\DR0\Partition0 - ok
11:42:53.0718 0292 Boot (0x1200) (f094ba66481567626a3ab17144dc46e8) \Device\Harddisk0\DR0\Partition1
11:42:53.0718 0292 \Device\Harddisk0\DR0\Partition1 - ok
11:42:53.0718 0292 Boot (0x1200) (2a7b7dfacf578a8f76e2d55ab51d8c3c) \Device\Harddisk1\DR5\Partition0
11:42:53.0718 0292 \Device\Harddisk1\DR5\Partition0 - ok
11:42:53.0718 0292 ============================================================
11:42:53.0718 0292 Scan finished
11:42:53.0718 0292 ============================================================
11:42:53.0734 1972 Detected object count: 5
11:42:53.0734 1972 Actual detected object count: 5
11:43:15.0093 1972 HKLM\SYSTEM\controlset002\services\dvd43llh - will be deleted on reboot
11:43:15.0093 1972 HKLM\SYSTEM\ControlSet005\services\dvd43llh - will be deleted on reboot
11:43:15.0093 1972 C:\WINDOWS\system32\DRIVERS\dvd43llh.sys - will be deleted on reboot
11:43:15.0093 1972 dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Delete
11:43:15.0093 1972 HKLM\SYSTEM\controlset002\services\giveio - will be deleted on reboot
11:43:15.0093 1972 HKLM\SYSTEM\ControlSet005\services\giveio - will be deleted on reboot
11:43:15.0109 1972 C:\WINDOWS\system32\giveio.sys - will be deleted on reboot
11:43:15.0109 1972 giveio ( UnsignedFile.Multi.Generic ) - User select action: Delete
11:43:15.0109 1972 HKLM\SYSTEM\ControlSet001\services\Ndisprot - will be deleted on reboot
11:43:15.0109 1972 HKLM\SYSTEM\controlset002\services\Ndisprot - will be deleted on reboot
11:43:15.0109 1972 HKLM\SYSTEM\ControlSet003\services\Ndisprot - will be deleted on reboot
11:43:15.0109 1972 HKLM\SYSTEM\ControlSet005\services\Ndisprot - will be deleted on reboot
11:43:15.0109 1972 C:\WINDOWS\system32\drivers\Ndisprot.sys - will be deleted on reboot
11:43:15.0109 1972 Ndisprot ( UnsignedFile.Multi.Generic ) - User select action: Delete
11:43:15.0109 1972 HKLM\SYSTEM\ControlSet001\services\nv - will be deleted on reboot
11:43:15.0109 1972 HKLM\SYSTEM\controlset002\services\nv - will be deleted on reboot
11:43:15.0109 1972 HKLM\SYSTEM\ControlSet003\services\nv - will be deleted on reboot
11:43:15.0125 1972 HKLM\SYSTEM\ControlSet005\services\nv - will be deleted on reboot
11:43:15.0125 1972 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - will be deleted on reboot
11:43:15.0125 1972 nv ( UnsignedFile.Multi.Generic ) - User select action: Delete
11:43:15.0125 1972 HKLM\SYSTEM\controlset002\services\speedfan - will be deleted on reboot
11:43:15.0125 1972 HKLM\SYSTEM\ControlSet005\services\speedfan - will be deleted on reboot
11:43:15.0125 1972 C:\WINDOWS\system32\speedfan.sys - will be deleted on reboot
11:43:15.0125 1972 speedfan ( UnsignedFile.Multi.Generic ) - User select action: Delete
11:43:17.0562 1484 Deinitialize success


Thanks,

John

Attached Files



#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:46 AM

Posted 02 October 2011 - 06:57 AM

Hi john_rhodes,



Please uninstall DVD43_is1, DVD43 Plug-in_is1 and SpeedFan via Add/Remove Programs. Those drivers were infected and those programs should be uninstalled accordingly. You may reinstall it after our cleaning process.

After that, please delete the existing comboFix on your desktop and get a new one from Here and proceed the following:


Step1

  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
FCopy::
C:\WINDOWS\ServicePackFiles\i386\nv4_mini.sys | C:\WINDOWS\system32\dllcache\nv4_mini.sys
C:\WINDOWS\ServicePackFiles\i386\nv4_mini.sys | C:\WINDOWS\system32\drivers\nv4_mini.sys



Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


After that, you may check your connection. If still no joy, go to start > Run > Type devmgmt.msc into Run box and hit enter, navigate to and expand your Network adapters, right click on Ethernet Controller and select uninstall. Reboot your pc afterwards.

In your next reply, please post back:

1.ComboFix log

Tell me how things are working for you!

#14 john_rhodes

john_rhodes
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 02 October 2011 - 09:47 AM

Hi,

I have uninstalled the programs, and run combofix as you described, please see the log below.

Unfortunately, nothing has changed regarding the internet connection etc.

I uninstalled the driver for the RealTek RTL8139/810X Ethernet Card, however, after reboot the driver was automatically re-installed. I tested the connection again, but still no luck!!!

ComboFix 11-10-02.01 - Test 02/10/2011 15:02:20.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.511.12 [GMT 1:00]
Running from: d:\documents and settings\Test\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Test\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\nv4_mini.sys --> c:\windows\system32\dllcache\nv4_mini.sys
c:\windows\ServicePackFiles\i386\nv4_mini.sys --> c:\windows\system32\drivers\nv4_mini.sys
.
((((((((((((((((((((((((( Files Created from 2011-09-02 to 2011-10-02 )))))))))))))))))))))))))))))))
.
.
2011-10-02 14:02 . 2004-08-03 21:29 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-02 14:02 . 2004-08-03 21:29 1897408 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2011-10-02 10:42 . 2011-10-02 10:42 -------- d-----w- C:\TDSSKiller_Quarantine
2011-09-28 17:37 . 2010-09-07 14:39 150392 ----a-w- c:\windows\junction.exe
2011-09-05 18:26 . 2011-09-05 18:26 -------- d-----w- c:\program files\Perfect Uninstaller
2011-09-05 18:12 . 2011-09-28 17:41 -------- d-----w- d:\documents and settings\Test
2011-09-03 18:20 . 2011-09-03 18:20 -------- d-----w- c:\windows\Start Menu
2011-09-03 18:20 . 2011-09-03 18:20 -------- d-----w- c:\windows\Favorites
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 05:57 . 2011-08-30 19:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-19_20.09.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-02 10:46 . 2011-10-02 10:46 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
+ 2011-10-02 10:44 . 2011-10-02 10:44 16384 c:\windows\Temp\Perflib_Perfdata_6e0.dat
+ 2011-10-02 10:45 . 2011-10-02 10:45 16384 c:\windows\Temp\Perflib_Perfdata_164.dat
+ 2004-09-10 13:57 . 2007-08-13 17:36 44544 c:\windows\system32\pngfilt.dll
+ 2004-09-10 13:57 . 2011-09-05 18:18 88118 c:\windows\system32\perfc009.dat
- 2004-09-10 13:57 . 2011-08-19 19:03 88118 c:\windows\system32\perfc009.dat
+ 2006-06-29 07:05 . 2006-06-29 07:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 16:59 . 2006-06-28 16:59 24576 c:\windows\system32\nlsdl.dll
+ 2004-09-10 13:57 . 2007-08-13 17:01 48128 c:\windows\system32\mshtmler.dll
+ 2004-09-10 13:57 . 2007-08-13 17:32 45568 c:\windows\system32\mshta.exe
+ 2007-08-13 17:36 . 2007-08-13 17:36 12288 c:\windows\system32\msfeedssync.exe
+ 2007-08-13 17:54 . 2007-08-13 17:54 50688 c:\windows\system32\msfeedsbs.dll
+ 2004-09-10 13:57 . 2007-08-13 17:44 40960 c:\windows\system32\licmgr10.dll
+ 2004-09-10 13:57 . 2007-08-13 17:54 27136 c:\windows\system32\jsproxy.dll
+ 2004-09-10 13:57 . 2007-08-13 17:39 92672 c:\windows\system32\inseng.dll
+ 2004-09-10 13:57 . 2007-08-13 17:36 36352 c:\windows\system32\imgutil.dll
+ 2007-08-13 17:39 . 2007-08-13 17:39 13312 c:\windows\system32\ieudinit.exe
+ 2004-09-10 13:57 . 2007-08-13 17:39 55296 c:\windows\system32\iesetup.dll
+ 2004-09-10 13:57 . 2007-08-13 17:39 43008 c:\windows\system32\iernonce.dll
+ 2004-09-10 13:57 . 2007-08-13 17:39 54784 c:\windows\system32\ie4uinit.exe
+ 2006-06-29 07:05 . 2006-06-29 07:05 26112 c:\windows\system32\idndl.dll
+ 2007-08-13 17:36 . 2007-08-13 17:36 61952 c:\windows\system32\icardie.dll
+ 2011-06-02 21:04 . 2011-02-18 05:40 15936 c:\windows\system32\drivers\ssudnflt.sys
+ 2007-08-13 17:36 . 2007-08-13 17:36 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-08-13 17:01 . 2007-08-13 17:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 17:32 . 2007-08-13 17:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 17:44 . 2007-08-13 17:44 40960 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 17:54 . 2007-08-13 17:54 27136 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 17:39 . 2007-08-13 17:39 92672 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 17:36 . 2007-08-13 17:36 36352 c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 17:39 . 2007-08-13 17:39 55296 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 17:39 . 2007-08-13 17:39 43008 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 17:45 . 2007-08-13 17:45 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 17:44 . 2007-08-13 17:44 69120 c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 17:39 . 2007-08-13 17:39 54784 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 17:18 . 2007-08-13 17:18 60416 c:\windows\system32\dllcache\hmmapi.dll
+ 2008-05-29 15:53 . 2007-08-13 17:54 33792 c:\windows\system32\dllcache\custsat.dll
- 2008-05-29 15:53 . 2008-04-14 00:11 33792 c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 17:42 . 2007-08-13 17:42 17408 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 17:39 . 2007-08-13 17:39 71680 c:\windows\system32\dllcache\admparse.dll
+ 2004-09-10 13:56 . 2007-08-13 17:39 71680 c:\windows\system32\admparse.dll
+ 2011-09-05 15:23 . 2004-08-10 13:00 37888 c:\windows\ie7\url.dll
+ 2011-09-05 15:25 . 2007-08-13 17:52 66048 c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2011-09-05 15:24 . 2007-08-13 17:54 32960 c:\windows\ie7\spuninst\iecustom.dll
+ 2011-09-05 15:23 . 2008-04-14 00:12 39424 c:\windows\ie7\pngfilt.dll
+ 2011-09-05 15:23 . 2008-04-14 00:12 96256 c:\windows\ie7\occache.dll
+ 2011-09-05 15:23 . 2008-04-13 16:26 56832 c:\windows\ie7\mshtmler.dll
+ 2011-09-05 15:23 . 2008-04-14 00:12 29184 c:\windows\ie7\mshta.exe
+ 2011-09-05 15:23 . 2008-04-14 00:11 22016 c:\windows\ie7\licmgr10.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 15872 c:\windows\ie7\jsproxy.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 96256 c:\windows\ie7\inseng.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 35840 c:\windows\ie7\imgutil.dll
+ 2011-09-05 15:23 . 2008-04-14 00:12 93184 c:\windows\ie7\iexplore.exe
+ 2011-09-05 15:23 . 2008-04-14 00:11 62976 c:\windows\ie7\iesetup.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 48640 c:\windows\ie7\iernonce.dll
+ 2011-09-05 15:23 . 2008-04-14 00:12 18432 c:\windows\ie7\iedw.exe
+ 2011-09-05 15:23 . 2008-04-14 00:12 34304 c:\windows\ie7\ie4uinit.exe
+ 2011-09-05 15:23 . 2008-04-14 00:11 38912 c:\windows\ie7\hmmapi.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 55808 c:\windows\ie7\extmgr.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 33792 c:\windows\ie7\custsat.dll
+ 2011-09-05 15:23 . 2004-08-10 13:00 99840 c:\windows\ie7\advpack.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 61440 c:\windows\ie7\admparse.dll
+ 2004-09-10 13:57 . 2007-08-13 17:54 818688 c:\windows\system32\wininet.dll
+ 2007-08-13 17:45 . 2007-08-13 17:45 206336 c:\windows\system32\WinFXDocObj.exe
+ 2004-09-10 13:57 . 2007-08-13 17:54 231424 c:\windows\system32\webcheck.dll
+ 2004-09-10 13:57 . 2007-08-13 17:44 105984 c:\windows\system32\url.dll
+ 2004-09-10 13:57 . 2011-09-05 18:18 490456 c:\windows\system32\perfh009.dat
- 2004-09-10 13:57 . 2011-08-19 19:03 490456 c:\windows\system32\perfh009.dat
+ 2004-09-10 13:57 . 2007-08-13 17:44 101376 c:\windows\system32\occache.dll
+ 2004-09-10 13:57 . 2007-08-13 17:54 670720 c:\windows\system32\mstime.dll
+ 2004-09-10 13:57 . 2007-08-13 17:44 192000 c:\windows\system32\msrating.dll
+ 2004-09-10 13:57 . 2007-08-13 17:54 156160 c:\windows\system32\msls31.dll
+ 2004-09-10 13:57 . 2007-08-13 17:54 475648 c:\windows\system32\mshtmled.dll
+ 2007-08-13 17:54 . 2007-08-13 17:54 458752 c:\windows\system32\msfeeds.dll
+ 2011-08-17 18:57 . 2011-10-02 10:45 233721 c:\windows\system32\inetsrv\MetaBase.bin
+ 2007-08-13 17:54 . 2007-08-13 17:54 180736 c:\windows\system32\ieui.dll
+ 2007-08-13 17:34 . 2007-08-13 17:34 266752 c:\windows\system32\iertutil.dll
+ 2004-09-10 13:57 . 2007-08-13 17:54 191488 c:\windows\system32\iepeers.dll
+ 2004-09-10 13:57 . 2007-08-13 17:39 382976 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 11:27 . 2007-07-11 11:27 383488 c:\windows\system32\ieapfltr.dll
+ 2004-09-10 13:57 . 2007-08-13 16:56 161792 c:\windows\system32\ieakui.dll
+ 2004-09-10 13:57 . 2007-08-13 17:39 229376 c:\windows\system32\ieaksie.dll
+ 2004-09-10 13:57 . 2007-08-13 17:39 152064 c:\windows\system32\ieakeng.dll
- 2004-09-10 14:22 . 2011-08-19 18:57 403920 c:\windows\system32\FNTCACHE.DAT
+ 2004-09-10 14:22 . 2011-09-07 18:46 403920 c:\windows\system32\FNTCACHE.DAT
+ 2004-09-10 13:57 . 2007-08-13 17:54 131584 c:\windows\system32\extmgr.dll
+ 2004-09-10 13:57 . 2007-08-13 17:35 214528 c:\windows\system32\dxtrans.dll
+ 2004-09-10 13:57 . 2007-08-13 17:35 346624 c:\windows\system32\dxtmsft.dll
+ 2007-08-13 17:54 . 2007-08-13 17:54 818688 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 17:54 . 2007-08-13 17:54 231424 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 17:54 . 2007-08-13 17:54 765952 c:\windows\system32\dllcache\VGX.dll
+ 2007-08-13 17:54 . 2007-08-13 17:54 413696 c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-13 17:44 . 2007-08-13 17:44 105984 c:\windows\system32\dllcache\url.dll
+ 2006-09-23 12:12 . 2006-09-23 12:12 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2007-08-13 17:44 . 2007-08-13 17:44 101376 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 17:54 . 2007-08-13 17:54 670720 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 17:44 . 2007-08-13 17:44 192000 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 17:54 . 2007-08-13 17:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 17:54 . 2007-08-13 17:54 475648 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 17:38 . 2007-08-13 17:38 491520 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 17:43 . 2007-08-13 17:43 622080 c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-13 17:54 . 2007-08-13 17:54 191488 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 17:39 . 2007-08-13 17:39 382976 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:56 . 2007-08-13 16:56 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 17:39 . 2007-08-13 17:39 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 17:39 . 2007-08-13 17:39 152064 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 17:54 . 2007-08-13 17:54 131584 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 17:35 . 2007-08-13 17:35 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 17:35 . 2007-08-13 17:35 346624 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-09-10 13:56 . 2004-08-10 13:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2007-08-13 17:39 . 2007-08-13 17:39 123904 c:\windows\system32\dllcache\advpack.dll
+ 2004-09-10 13:56 . 2004-08-10 13:00 285696 c:\windows\system32\atmfd.dll
- 2004-09-10 13:56 . 2008-04-14 00:09 285696 c:\windows\system32\atmfd.dll
+ 2004-09-10 13:56 . 2007-08-13 17:39 123904 c:\windows\system32\advpack.dll
+ 2011-09-01 20:40 . 2011-09-01 20:40 307200 c:\windows\Installer\{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}\SafariIco.exe
+ 2011-09-05 15:23 . 2008-08-20 05:38 659456 c:\windows\ie7\wininet.dll
+ 2011-09-05 15:23 . 2004-08-10 13:00 276480 c:\windows\ie7\webcheck.dll
+ 2011-09-05 15:23 . 2008-04-14 00:12 851968 c:\windows\ie7\vgx.dll
+ 2011-09-05 15:23 . 2008-08-20 05:38 615936 c:\windows\ie7\urlmon.dll
+ 2011-09-05 15:24 . 2006-09-06 16:43 371424 c:\windows\ie7\spuninst\updspapi.dll
+ 2011-09-05 15:24 . 2006-09-06 16:43 213216 c:\windows\ie7\spuninst\spuninst.exe
+ 2011-09-05 15:23 . 2008-04-14 00:12 532480 c:\windows\ie7\mstime.dll
+ 2011-09-05 15:23 . 2008-04-14 00:12 146432 c:\windows\ie7\msrating.dll
+ 2011-09-05 15:23 . 2004-08-10 13:00 146432 c:\windows\ie7\msls31.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 449024 c:\windows\ie7\mshtmled.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 251904 c:\windows\ie7\iepeers.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 323584 c:\windows\ie7\iedkcs32.dll
+ 2011-09-05 15:23 . 2004-08-10 13:00 221184 c:\windows\ie7\ieakui.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 216576 c:\windows\ie7\ieaksie.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 143360 c:\windows\ie7\ieakeng.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 205312 c:\windows\ie7\dxtrans.dll
+ 2011-09-05 15:23 . 2008-04-14 00:11 357888 c:\windows\ie7\dxtmsft.dll
+ 2004-09-10 13:57 . 2007-08-13 17:54 1162240 c:\windows\system32\urlmon.dll
+ 2004-09-10 13:57 . 2007-08-13 17:54 3578368 c:\windows\system32\mshtml.dll
+ 2007-08-13 17:54 . 2007-08-13 17:54 6049280 c:\windows\system32\ieframe.dll
+ 2007-02-12 15:10 . 2007-02-12 15:10 2451312 c:\windows\system32\ieapfltr.dat
+ 2007-08-13 17:54 . 2007-08-13 17:54 1162240 c:\windows\system32\dllcache\urlmon.dll
+ 2006-09-23 12:12 . 2006-09-23 12:12 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-08-13 17:54 . 2007-08-13 17:54 3578368 c:\windows\system32\dllcache\mshtml.dll
+ 2006-09-23 12:12 . 2006-09-23 12:12 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2011-09-01 20:40 . 2011-09-01 20:40 2328576 c:\windows\Installer\70b99.msi
+ 2011-09-05 15:23 . 2008-08-20 05:38 3060224 c:\windows\ie7\mshtml.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 557056]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-29 180269]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-29 110696]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-29 13923432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [6/22/2011 6:01 PM 53816]
R1 RapportCerberus_29574;RapportCerberus_29574;d:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [8/8/2011 7:47 PM 216912]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [6/22/2011 6:01 PM 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [6/22/2011 6:01 PM 158904]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 4:18 AM 360224]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [6/22/2011 6:01 PM 870200]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [5/29/2008 4:59 PM 799744]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/1/2006 3:34 AM 91496]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [11/24/2009 8:50 PM 27632]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [5/29/2008 5:02 PM 7040]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [11/24/2009 8:49 PM 90112]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 12:42 PM 64000]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [6/2/2011 10:04 PM 66112]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/24/2010 12:13 PM 18432]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [9/29/2009 7:11 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [9/29/2009 7:11 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [9/29/2009 7:11 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [9/29/2009 7:11 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [9/29/2009 7:11 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [9/29/2009 7:11 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [9/29/2009 7:11 PM 109864]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [6/2/2011 10:04 PM 180672]
S3 ssudnflt;Remote NDIS Filter Driver;c:\windows\system32\drivers\ssudnflt.sys [6/2/2011 10:04 PM 15936]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/15/2008 5:52 PM 717296]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 68202947
*Deregistered* - 68202947
.
Contents of the 'Scheduled Tasks' folder
.
2008-05-29 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 00:12]
.
2008-05-29 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 00:12]
.
2008-05-29 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 00:12]
.
2011-10-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-68202947.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-02 15:12
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-368182760-3931186687-1156710625-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-368182760-3931186687-1156710625-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{48FA19F4-E138-F296-A8D9-0C2E5990EC68}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaiphalcpaijonlakcaj"=hex:62,61,65,62,00,00
"jaiphalcpaijonlakcmg"=hex:62,61,64,62,00,00
"iaiolpclkahoolpcnc"=hex:6b,61,6c,62,68,68,65,68,66,68,6c,6b,70,6f,6c,67,64,6c,
66,6f,6e,63,00,00
.
[HKEY_USERS\S-1-5-21-368182760-3931186687-1156710625-1011\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{48FA19F4-E138-F296-A8D9-0C2E5990EC68}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaiphalcpaijonlakcaj"=hex:62,61,65,62,00,00
"jaiphalcpaijonlakcmg"=hex:62,61,64,62,00,00
"iaiolpclkahoolpcnc"=hex:6b,61,6c,62,68,68,65,68,66,68,6c,6b,63,70,63,69,61,70,
68,6b,70,63,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2064)
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-10-02 15:15:27
ComboFix-quarantined-files.txt 2011-10-02 14:15
ComboFix2.txt 2011-08-31 18:47
ComboFix3.txt 2011-08-19 20:12
ComboFix4.txt 2010-05-04 20:34
ComboFix5.txt 2011-10-02 13:56
.
Pre-Run: 5,760,020,480 bytes free
Post-Run: 5,700,874,240 bytes free
.
Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 7C4123CB7E653018EBBE1A5B11B85BC0

Thanks

John

#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:46 AM

Posted 02 October 2011 - 10:49 AM

Hi john_rhodes,



Please go to this thread to apply HotFix kb884020, agree to everything, and restart pc when prompted.


Step1

  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
RegNull::
[HKEY_USERS\S-1-5-21-368182760-3931186687-1156710625-1009\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-368182760-3931186687-1156710625-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{48FA19F4-E138-F296-A8D9-0C2E5990EC68}*]
[HKEY_USERS\S-1-5-21-368182760-3931186687-1156710625-1011\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{48FA19F4-E138-F296-A8D9-0C2E5990EC68}*]

Registry::
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=- 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Reboot your pc normally, and check your connection. If still no joy whatsoever, proceed the following:



Step2

1.Click Start, and then click Run.
2.In the Open box, type regedit, and then click OK.
3.In Registry Editor, locate the following bolded keys, right-click each key, and then click Delete:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2

4.When you are prompted to confirm the deletion, click Yes. Restart the pc.
5.After the reboot, we will reinstall TCP/IP.
6.Go to Start the Settings and choose Network Connections.
7.Right click on your normal connection icon, and choose Properties.
8.Click the Install button.
9.Choose Protocol then click Add.
10.Click Have disk.
11.In the drop down box, type in: C:\WINDOWS\INF and click OK.
12.In the next dialog, click Internet Protocol (TCP/IP) then click OK.
13.Click Close to leave the properties box.
14.After that, Reboot your computer and see if you have regained your connection.



In your next reply, please post back:

1.ComboFix log

Advise me if you have Install Disc handy.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users