Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

disappearing Microsoft Office, Itunes install corrupt, Click to Run failure...many other issues...can't figure it out


  • This topic is locked This topic is locked
11 replies to this topic

#1 Angelfuzz

Angelfuzz

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 24 September 2011 - 08:00 AM

EDIT - LINK TO REGISTRY FILE: https://skydrive.live.com/redir.aspx?cid=fb219d101d12f097&resid=FB219D101D12F097!102

(a friend has told me that there may be a trojan attached to my explorer.exe...please consider this as an option.)

I find that I have no permissions with any software installation, repair, or update.

*******************************************************************************************

The first thing I noticed was that every time I tried to update or install something, a new window popped up saying that the software (or hardware) wasn't certified for Windows Logo...scanned with Adaware & AVG...nothing...researched...found a Microsoft fix saying to just uncheck the notification alert in CP. It didn't stop.

I've scanned with Malwarebytes, Norton Utilities, Emsisoft,(these each found small things that through research I cannot find definitive answers as to whether or not they're actually malicious), HijackThis (hasn't found anything yet), and downloaded avast and AntiVir but things have escalated, disallowing me to use these at all. (about to explain)

Yesterday, Microsoft Word would not open. Reg Xp mode just thinks for a second and forgets about it, Safe Mode shows the Microsoft Office 2010 initiation window, but then gives an error. I later found that PowerPoint does the same thing. I attempted repair and it says failure. Itunes install also says corrupt. I used both these programs days ago. Acrobat says error through Firefox, AntiVir shows in processes but will not open UI until in Safe Mode...but even then it will not update or initiate service (no I have not done manual update yet. Came across ComboFix and sounded like it could help.) Log shows it is stopped immediately every time it is started. I do not know why.

I attempted a system Restore, Incomplete. I read afterward that all security software must be disabled, and in effort to comply, found that my AVG continues to run although i have uninstalled it. (through safe mode, so possible that components are still alive...but I moved all folders/files i could find to recycle bin and there was no "file in use" error...so confused.)

I'm afraid to do anything outside of safe mode, now. My computer is extremely busy in regular mode (100% CPU majority of time), and I can't figure out why my programs won't open.

Ok, so here are the parts where you're going to yell at me:

1.) I torrent. I'm usually pretty careful, but obviously something(s) slipped by me.
2.) I ran ComboFix. I'm desperate. A project was due last night at midnight, and i've been fighting this for days. I'm attaching the log file. I would very much appreciate help deciphering and utilizing it.

I would post a current Hijack this file, but as I said I'm afraid of going into Regular Mode...I'll attach my most recent HijackThis files in case there's anything I've missed on those. If there any other logs that would help, please let me know.

FYI - HJT logs are from these dates:

1 - 9/14/11
2 - 9/22/11
3 - 9/23/11
4 - 9/24/11

The ComboFix was logged immediately before I posted this thread. I wanted to get it out here before I rebooted back into safe mode and attempted to update and initiate AntiVir. Hopefully, I'll be able to get back on and see a reply or two soon.

I'm sorry for breaking the ComboFix rules...I've become incredibly frustrated and a bit frantic with all of this...I kind of skimmed the instructions because it looked like every other program I've already been through, until I started using it of course. I've been torrenting since 2004 and a computer person all my life. I've never had any situation even close to this happen. I'm so careful to know what's going onto my pc...it's a pretty massive wake up call to think that I may have to wipe everything because of this.

Please let me know if you have an ideas.

Thank you for your help.

Angel

Attached Files


Edited by Angelfuzz, 24 September 2011 - 04:24 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:16 AM

Posted 29 September 2011 - 08:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420268 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:16 AM

Posted 29 September 2011 - 08:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Sorry for this long delay.

If you still need help please download and run these tools.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post the logs and let me know what problem persists.

#4 Angelfuzz

Angelfuzz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 04 October 2011 - 01:42 AM

Thank you so much for working with me. I'd pretty much given up on this post, and have been working on my issue every day on my own. I've located several backdoor trojan type situations, rootkits, and various malware objects, but I'm hopeful that I've FINALLY regained control of my pc as of tonight...here are the logs you've requested...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Xavier at 1:26:58 on 2011-10-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.87 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Firewall *Enabled*
FW: Kaspersky PURE *Disabled*
.
============== Running Processes ===============
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://digicom1.hccs.edu/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: H - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5.1\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure\ievkbd.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5.1\plugins\ieplugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{CBC37903-74A3-4831-ABE5-9B9B49734BC9} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll, c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\xavier\application data\mozilla\firefox\profiles\w8mwwqvi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb8e66&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\xavier\application data\mozilla\firefox\profiles\w8mwwqvi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\xavier\application data\mozilla\firefox\profiles\w8mwwqvi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\xavier\application data\mozilla\firefox\profiles\w8mwwqvi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\xavier\application data\mozilla\firefox\profiles\w8mwwqvi.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko7.dll
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefox3Extn.dll
FF - component: c:\program files\adobe\adobe contribute cs5.1\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2011-9-26 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-18 64512]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-30 326688]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-9-30 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-9-30 656320]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-9-22 17904]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2005-7-2 11264]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-1 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-1 320856]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2011-9-26 39352]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-9-26 315408]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-9-30 184536]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-9-27 532224]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-9-22 3067848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-1 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-1 44768]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-9-30 337872]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\norton utilities 15\tools\disk doctor\DiskDoctorSrv.exe [2011-9-22 1029480]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-2-15 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-2-15 488952]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-9-25 47640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-24 22216]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 581480]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209640]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-9-27 35816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-11 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe --> c:\windows\system32\srvany.exe [?]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-9-22 51632]
S3 AVP;Kaspersky PURE;c:\program files\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-11 136176]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-9-27 24416]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-8-11 12984]
S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2011-9-22 128248]
S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2011-9-22 108800]
S3 TBU11;Turtle Beach USB MIDI 1x1 Driver;c:\windows\system32\drivers\tbu11.sys [2005-8-30 13824]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-10-01 11:32:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-01 11:31:54 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-10-01 11:31:54 773080 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-10-01 11:31:54 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-10-01 11:31:54 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-10-01 11:31:54 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-10-01 11:31:54 1833944 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-10-01 11:31:54 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-10-01 11:25:10 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-01 11:23:41 41184 ----a-w- c:\windows\avastSS.scr
2011-10-01 08:31:10 -------- d-----w- c:\program files\Sophos
2011-10-01 05:41:54 -------- d-----w- c:\documents and settings\xavier\application data\Wise Disk Cleaner
2011-10-01 05:41:01 -------- d-----w- c:\program files\Wise Disk Cleaner
2011-10-01 05:24:50 -------- d-----w- c:\documents and settings\xavier\application data\Wise Registry Cleaner
2011-10-01 05:24:04 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-10-01 05:04:10 -------- d-----w- c:\documents and settings\xavier\application data\PCTools
2011-10-01 04:07:07 767952 ----a-w- c:\windows\BDTSupport.dll
2011-10-01 04:07:04 2189264 ----a-w- c:\windows\PCTBDCore.dll
2011-10-01 04:07:04 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-10-01 04:07:04 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-10-01 03:58:45 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-10-01 03:58:45 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-10-01 03:58:42 252712 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-10-01 03:58:33 326688 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-10-01 03:58:33 162200 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-10-01 03:58:22 184536 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-10-01 03:57:59 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-10-01 03:57:16 -------- d-----w- c:\program files\PC Tools Security
2011-10-01 03:57:16 -------- d-----w- c:\program files\common files\PC Tools
2011-10-01 03:44:07 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-09-28 04:16:06 -------- d-----w- c:\windows\RestoreSafeDeleted
2011-09-28 03:15:55 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-09-28 02:24:40 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-09-28 02:24:40 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2011-09-28 02:17:40 11040 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2011-09-28 02:17:22 -------- d-----w- c:\program files\UnHackMe
2011-09-28 01:06:52 -------- d-----w- c:\documents and settings\xavier\application data\Windows Search
2011-09-27 22:32:38 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2011-09-27 22:32:21 -------- d-----w- c:\program files\Security Task Manager
2011-09-27 22:31:56 -------- dc----w- C:\TDSSKiller_Quarantine
2011-09-27 10:56:54 -------- d-----w- c:\documents and settings\xavier\application data\CheckPoint
2011-09-27 10:54:37 -------- d-----w- c:\documents and settings\xavier\local settings\application data\ConduitEngine
2011-09-27 10:54:35 -------- d-----w- c:\documents and settings\xavier\local settings\application data\ZoneAlarm_Security
2011-09-27 10:54:17 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-09-27 10:52:43 -------- d-----w- c:\program files\CheckPoint
2011-09-27 10:50:14 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-09-27 10:50:09 -------- d-----w- c:\windows\system32\ZoneLabs
2011-09-27 10:49:51 -------- d-----w- c:\program files\Zone Labs
2011-09-27 10:46:46 -------- d-----w- c:\windows\Internet Logs
2011-09-27 10:11:37 -------- d-sh--w- c:\documents and settings\xavier\IETldCache
2011-09-27 08:17:23 -------- d-----w- c:\program files\common files\Windows Live
2011-09-27 08:13:48 -------- d-----w- c:\windows\system32\winrm
2011-09-27 08:13:31 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-09-27 08:09:36 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-09-27 08:06:32 -------- d-----w- c:\windows\ie8updates
2011-09-27 08:03:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-09-27 08:03:45 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-27 08:03:44 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-27 08:03:42 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-09-27 08:03:42 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-09-27 08:03:36 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-09-27 08:03:36 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-09-27 07:54:05 -------- dc-h--w- c:\windows\ie8
2011-09-27 07:39:04 -------- d-----w- c:\documents and settings\xavier\application data\Windows Desktop Search
2011-09-27 07:36:04 -------- d-----w- c:\program files\Windows Desktop Search
2011-09-27 07:36:03 -------- d-----w- c:\windows\system32\GroupPolicy
2011-09-27 07:29:14 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2011-09-27 07:29:13 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2011-09-27 07:29:13 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2011-09-26 21:23:29 162392 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-09-26 21:23:11 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2011-09-26 21:23:11 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-09-26 21:21:03 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-09-26 14:19:50 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-09-26 14:17:45 -------- d-----w- c:\program files\common files\InfoWatch
2011-09-26 14:17:31 -------- d-----w- c:\program files\Kaspersky Lab
2011-09-26 14:17:31 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-09-26 13:53:36 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2011-09-26 12:54:16 -------- d-----w- c:\documents and settings\xavier\local settings\application data\Sophos
2011-09-26 12:31:16 -------- dc----w- C:\stdtsa
2011-09-26 11:45:14 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2011-09-26 02:22:31 -------- dc----w- C:\scss_10
2011-09-25 23:10:06 -------- d-----w- c:\documents and settings\xavier\local settings\application data\LogMeIn
2011-09-25 23:09:21 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-09-25 23:09:19 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-09-25 23:09:17 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-09-25 23:09:17 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-09-25 23:09:04 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-09-25 23:08:50 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
2011-09-25 23:08:04 -------- d-----w- c:\program files\LogMeIn
2011-09-25 22:56:01 -------- d-----w- c:\documents and settings\xavier\application data\Malwarebytes
2011-09-24 11:48:21 -------- dcsha-r- C:\cmdcons
2011-09-24 11:46:24 98816 ----a-w- c:\windows\sed.exe
2011-09-24 11:46:24 518144 ----a-w- c:\windows\SWREG.exe
2011-09-24 11:46:24 256000 ----a-w- c:\windows\PEV.exe
2011-09-24 11:46:24 208896 ----a-w- c:\windows\MBR.exe
2011-09-24 11:00:19 -------- d-----w- c:\documents and settings\xavier\application data\EurekaLog
2011-09-24 10:59:53 -------- d-----w- c:\program files\common files\Symantec
2011-09-24 10:57:59 -------- d-----w- c:\documents and settings\all users\application data\ALM
2011-09-24 10:53:43 -------- d-----w- c:\documents and settings\xavier\Adobe Flash Builder 4.5
2011-09-24 10:47:47 -------- d-----w- c:\program files\My Company Name
2011-09-24 09:11:17 -------- d-----w- c:\documents and settings\xavier\application data\{90140011-0061-0409-0000-0000000FF1CE}
2011-09-24 09:10:24 -------- d-----w- c:\documents and settings\all users\application data\Virtualized Applications
2011-09-24 08:34:57 -------- d-----w- c:\program files\AVAST Software
2011-09-24 08:34:57 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-09-24 07:02:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-24 07:02:39 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-24 07:02:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-24 03:15:07 73216 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAA.DLL
2011-09-24 03:15:07 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAA.DLL
2011-09-24 03:15:02 290816 ----a-w- c:\windows\system32\CNMLMAA.DLL
2011-09-24 03:10:09 307200 ----a-w- c:\windows\system32\CNC280L.dll
2011-09-24 03:10:09 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-09-24 03:10:09 1335296 ----a-w- c:\windows\system32\CNC280C.dll
2011-09-24 03:10:09 114688 ----a-w- c:\windows\system32\CNC280I.dll
2011-09-24 03:10:09 106496 ----a-w- c:\windows\system32\CNC280U.dll
2011-09-23 10:51:26 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2011-09-23 06:57:50 -------- d-----w- c:\program files\iPod
2011-09-23 06:56:24 -------- d-----w- c:\program files\iTunes
2011-09-23 06:09:06 -------- d-----w- c:\program files\Bonjour
2011-09-23 01:48:00 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-09-23 00:03:09 -------- d-----w- c:\documents and settings\xavier\application data\Norton Utilities
2011-09-22 23:54:48 -------- d-----w- c:\documents and settings\all users\application data\Norton Installer
2011-09-22 23:54:31 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-09-22 23:54:29 128248 ----a-w- c:\windows\system32\drivers\SymDSMon.sys
2011-09-22 23:54:29 108800 ----a-w- c:\windows\system32\drivers\SymSpeedDisk.sys
2011-09-22 23:54:27 36712 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-09-22 23:54:27 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-09-22 23:54:27 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-09-22 23:54:26 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-09-22 23:54:22 -------- d-----w- c:\program files\Norton Utilities 15
2011-09-22 11:55:06 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2011-09-22 10:39:50 67216 ----a-w- c:\program files\mozilla firefox\plugins\npContribute.dll
2011-09-22 04:30:49 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-09-22 04:30:32 -------- d-----w- c:\program files\MagicDisc
2011-09-21 18:01:29 -------- d-----w- c:\documents and settings\xavier\application data\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-09-21 18:01:20 -------- d-----w- c:\program files\Adobe Support Advisor
2011-09-18 21:06:57 -------- d-----w- c:\program files\Adobe Download Assistant
2011-09-17 05:40:16 -------- d-----w- c:\documents and settings\xavier\local settings\application data\CutePDF Writer
2011-09-17 05:32:18 -------- d-----w- c:\program files\GPLGS
2011-09-17 05:31:36 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-09-17 05:31:11 -------- d-----w- c:\program files\Acro Software
2011-09-17 02:35:16 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-09-17 02:35:16 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-09-14 05:39:51 -------- d-----w- c:\documents and settings\xavier\application data\PDF Software
2011-09-14 05:13:14 -------- d-----w- c:\program files\MSECache
2011-09-07 08:49:10 -------- d-----w- c:\documents and settings\xavier\application data\AVG Secure Search
2011-09-07 08:45:38 -------- d-----w- c:\documents and settings\xavier\application data\AVG2012
2011-09-07 08:43:58 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-09-07 07:19:55 -------- d-----w- c:\documents and settings\xavier\application data\CBS Interactive
2011-09-07 03:50:32 -------- d-----w- c:\program files\Calc98
2011-09-06 09:37:45 -------- d-----w- c:\documents and settings\xavier\local settings\application data\TechSmith
2011-09-06 03:34:19 -------- d-----w- c:\documents and settings\xavier\local settings\application data\Microsoft Help
2011-09-06 03:20:10 -------- d-----w- c:\documents and settings\all users\application data\VirtualizedApplications
2011-09-06 01:21:35 -------- d-----w- c:\documents and settings\xavier\local settings\application data\uTorrentBar
2011-09-06 01:21:09 -------- d-----w- c:\program files\uTorrentBar
2011-09-06 01:20:46 -------- d-----w- c:\program files\uTorrent
2011-09-06 01:19:21 -------- d-----w- c:\documents and settings\xavier\local settings\application data\uTorrent
2011-09-06 01:19:21 -------- d-----w- c:\documents and settings\xavier\application data\uTorrent
2011-09-06 00:57:04 -------- d-----w- c:\documents and settings\xavier\local settings\application data\SoftGrid Client
2011-09-06 00:56:58 -------- d-----w- c:\documents and settings\xavier\application data\SoftGrid Client
2011-09-06 00:51:58 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2011-09-06 00:51:58 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-09-06 00:50:10 -------- d-----w- c:\documents and settings\xavier\application data\TP
2011-09-05 17:05:08 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-09-05 17:04:58 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
.
==================== Find3M ====================
.
2011-09-28 02:48:44 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-09-28 02:18:29 26 -c--a-w- c:\windows\winstart.bat
2011-09-23 00:08:37 26112 ----a-w- c:\windows\system32\userinit.exe
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-05 17:05:00 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2011-08-18 20:25:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-10 21:07:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-11 18:02:19 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 1:29:40.43 ===============

#5 Angelfuzz

Angelfuzz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 04 October 2011 - 01:58 AM

**NOTE - 0 threats were found during initial scan with default perameters. I adjusted perameters to include driver signature verification and TDLFS detection, and 22 suspicious objects were found...all were due to being unsigned. This is the 2nd scan report.


01:45:05.0828 5124 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
01:45:06.0250 5124 ============================================================
01:45:06.0250 5124 Current date / time: 2011/10/04 01:45:06.0250
01:45:06.0250 5124 SystemInfo:
01:45:06.0250 5124
01:45:06.0250 5124 OS Version: 5.1.2600 ServicePack: 3.0
01:45:06.0250 5124 Product type: Workstation
01:45:06.0250 5124 ComputerName: BREAKINGDAWN
01:45:06.0250 5124 UserName: Xavier
01:45:06.0250 5124 Windows directory: C:\WINDOWS
01:45:06.0250 5124 System windows directory: C:\WINDOWS
01:45:06.0250 5124 Processor architecture: Intel x86
01:45:06.0250 5124 Number of processors: 1
01:45:06.0250 5124 Page size: 0x1000
01:45:06.0250 5124 Boot type: Normal boot
01:45:06.0250 5124 ============================================================
01:45:09.0218 5124 Initialize success
01:45:22.0156 6140 ============================================================
01:45:22.0156 6140 Scan started
01:45:22.0156 6140 Mode: Manual;
01:45:22.0156 6140 ============================================================
01:45:23.0015 6140 a2acc (0436fbabd7e897eda44a511f60a59b37) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
01:45:23.0109 6140 a2acc - ok
01:45:23.0406 6140 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
01:45:23.0453 6140 A2DDA - ok
01:45:23.0921 6140 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
01:45:23.0953 6140 Aavmker4 - ok
01:45:24.0265 6140 Abiosdsk - ok
01:45:24.0718 6140 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
01:45:24.0718 6140 abp480n5 - ok
01:45:25.0281 6140 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:45:25.0375 6140 ACPI - ok
01:45:25.0781 6140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:45:25.0796 6140 ACPIEC - ok
01:45:26.0250 6140 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
01:45:26.0296 6140 adpu160m - ok
01:45:26.0812 6140 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:45:26.0875 6140 aec - ok
01:45:27.0328 6140 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
01:45:27.0406 6140 AFD - ok
01:45:27.0875 6140 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
01:45:27.0906 6140 agp440 - ok
01:45:28.0343 6140 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
01:45:28.0390 6140 agpCPQ - ok
01:45:28.0875 6140 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
01:45:28.0890 6140 Aha154x - ok
01:45:29.0515 6140 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
01:45:29.0562 6140 aic78u2 - ok
01:45:29.0953 6140 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
01:45:29.0968 6140 aic78xx - ok
01:45:30.0828 6140 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
01:45:30.0859 6140 AliIde - ok
01:45:31.0765 6140 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
01:45:31.0843 6140 alim1541 - ok
01:45:32.0671 6140 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
01:45:32.0718 6140 amdagp - ok
01:45:33.0390 6140 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
01:45:33.0437 6140 amsint - ok
01:45:33.0843 6140 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
01:45:33.0875 6140 Asapi - ok
01:45:34.0343 6140 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
01:45:34.0375 6140 asc - ok
01:45:34.0906 6140 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
01:45:34.0921 6140 asc3350p - ok
01:45:35.0406 6140 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
01:45:35.0421 6140 asc3550 - ok
01:45:35.0937 6140 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
01:45:35.0953 6140 aswFsBlk - ok
01:45:36.0484 6140 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
01:45:36.0531 6140 aswMon2 - ok
01:45:37.0000 6140 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
01:45:37.0031 6140 aswRdr - ok
01:45:38.0000 6140 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
01:45:38.0187 6140 aswSnx - ok
01:45:38.0703 6140 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
01:45:38.0906 6140 aswSP - ok
01:45:39.0343 6140 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
01:45:39.0375 6140 aswTdi - ok
01:45:39.0812 6140 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:45:39.0828 6140 AsyncMac - ok
01:45:40.0296 6140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:45:40.0296 6140 atapi - ok
01:45:40.0750 6140 Atdisk - ok
01:45:41.0328 6140 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:45:41.0406 6140 Atmarpc - ok
01:45:41.0875 6140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:45:41.0890 6140 audstub - ok
01:45:42.0328 6140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:45:42.0343 6140 Beep - ok
01:45:42.0796 6140 bvrp_pci - ok
01:45:43.0187 6140 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
01:45:43.0218 6140 cbidf - ok
01:45:43.0625 6140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:45:43.0625 6140 cbidf2k - ok
01:45:44.0078 6140 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:45:44.0093 6140 CCDECODE - ok
01:45:44.0562 6140 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
01:45:44.0578 6140 cd20xrnt - ok
01:45:45.0015 6140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:45:45.0046 6140 Cdaudio - ok
01:45:45.0468 6140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:45:45.0515 6140 Cdfs - ok
01:45:45.0968 6140 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:45:45.0984 6140 Cdrom - ok
01:45:46.0453 6140 Changer - ok
01:45:46.0906 6140 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
01:45:46.0937 6140 CmdIde - ok
01:45:47.0359 6140 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
01:45:47.0375 6140 Cpqarray - ok
01:45:47.0546 6140 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
01:45:47.0562 6140 cpudrv - ok
01:45:48.0015 6140 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\WINDOWS\system32\DRIVERS\CSCrySec.sys
01:45:48.0078 6140 CSCrySec - ok
01:45:48.0546 6140 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
01:45:48.0578 6140 CSVirtualDiskDrv - ok
01:45:49.0015 6140 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
01:45:49.0046 6140 dac2w2k - ok
01:45:49.0421 6140 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
01:45:49.0437 6140 dac960nt - ok
01:45:49.0906 6140 DCamUSBSQTECH (12e0a4134d5fd9914b965aa5aaa49e8f) C:\WINDOWS\system32\Drivers\SQcaptur.sys
01:45:49.0921 6140 DCamUSBSQTECH - ok
01:45:50.0359 6140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:45:50.0406 6140 Disk - ok
01:45:51.0234 6140 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:45:51.0578 6140 dmboot - ok
01:45:52.0078 6140 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:45:52.0125 6140 dmio - ok
01:45:52.0625 6140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:45:52.0625 6140 dmload - ok
01:45:53.0156 6140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:45:53.0218 6140 DMusic - ok
01:45:53.0718 6140 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
01:45:53.0734 6140 dpti2o - ok
01:45:54.0140 6140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:45:54.0156 6140 drmkaud - ok
01:45:54.0593 6140 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
01:45:54.0640 6140 drvmcdb - ok
01:45:55.0093 6140 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
01:45:55.0140 6140 drvnddm - ok
01:45:55.0609 6140 DS1410D (1a51e03b66635280684e9edf34a2e8c0) C:\WINDOWS\system32\drivers\ds1410d.sys
01:45:55.0625 6140 DS1410D - ok
01:45:56.0156 6140 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
01:45:56.0234 6140 E100B - ok
01:45:56.0734 6140 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:45:56.0796 6140 Fastfat - ok
01:45:57.0218 6140 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
01:45:57.0250 6140 Fdc - ok
01:45:57.0671 6140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:45:57.0718 6140 Fips - ok
01:45:58.0125 6140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:45:58.0140 6140 Flpydisk - ok
01:45:58.0609 6140 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:45:58.0703 6140 FltMgr - ok
01:45:59.0140 6140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:45:59.0156 6140 Fs_Rec - ok
01:45:59.0609 6140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:45:59.0687 6140 Ftdisk - ok
01:46:00.0109 6140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:46:00.0140 6140 Gpc - ok
01:46:01.0000 6140 hardlock (c818b973110a1c9f7763dd39bffd0fd3) C:\WINDOWS\system32\drivers\hardlock.sys
01:46:01.0312 6140 hardlock - ok
01:46:02.0062 6140 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
01:46:02.0125 6140 Haspnt - ok
01:46:02.0906 6140 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:46:02.0921 6140 HidUsb - ok
01:46:03.0703 6140 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
01:46:03.0750 6140 hpn - ok
01:46:04.0687 6140 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:46:04.0843 6140 HTTP - ok
01:46:05.0281 6140 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
01:46:05.0281 6140 i2omgmt - ok
01:46:05.0718 6140 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
01:46:05.0718 6140 i2omp - ok
01:46:06.0203 6140 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:46:06.0250 6140 i8042prt - ok
01:46:07.0265 6140 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
01:46:07.0812 6140 ialm - ok
01:46:08.0296 6140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:46:08.0343 6140 Imapi - ok
01:46:08.0859 6140 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
01:46:08.0875 6140 ini910u - ok
01:46:09.0875 6140 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
01:46:10.0500 6140 IntelC51 - ok
01:46:11.0359 6140 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
01:46:11.0875 6140 IntelC52 - ok
01:46:12.0609 6140 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
01:46:12.0671 6140 IntelC53 - ok
01:46:13.0312 6140 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
01:46:13.0312 6140 IntelIde - ok
01:46:13.0765 6140 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:46:13.0796 6140 intelppm - ok
01:46:14.0281 6140 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:46:14.0296 6140 Ip6Fw - ok
01:46:14.0703 6140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:46:14.0703 6140 IpFilterDriver - ok
01:46:15.0125 6140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:46:15.0156 6140 IpInIp - ok
01:46:15.0640 6140 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:46:15.0718 6140 IpNat - ok
01:46:16.0171 6140 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:46:16.0234 6140 IPSec - ok
01:46:16.0656 6140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:46:16.0671 6140 IRENUM - ok
01:46:17.0093 6140 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:46:17.0140 6140 isapnp - ok
01:46:17.0406 6140 ISWKL (eb8594268cf50baaecbe82d70c833533) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
01:46:17.0437 6140 ISWKL - ok
01:46:17.0921 6140 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:46:17.0937 6140 Kbdclass - ok
01:46:18.0484 6140 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:46:18.0500 6140 kbdhid - ok
01:46:18.0984 6140 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
01:46:19.0078 6140 kl1 - ok
01:46:19.0500 6140 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\DRIVERS\klbg.sys
01:46:19.0531 6140 KLBG - ok
01:46:20.0125 6140 KLIF (cf9f89b7b5e08beb60e52dd7ff3a69e5) C:\WINDOWS\system32\DRIVERS\klif.sys
01:46:20.0281 6140 KLIF - ok
01:46:20.0718 6140 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
01:46:20.0750 6140 klim5 - ok
01:46:21.0156 6140 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
01:46:21.0156 6140 klmouflt - ok
01:46:21.0656 6140 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:46:21.0718 6140 kmixer - ok
01:46:22.0187 6140 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:46:22.0250 6140 KSecDD - ok
01:46:22.0500 6140 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
01:46:22.0515 6140 Lavasoft Kernexplorer - ok
01:46:22.0937 6140 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
01:46:22.0968 6140 Lbd - ok
01:46:23.0421 6140 lbrtfdc - ok
01:46:23.0656 6140 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
01:46:23.0734 6140 LMIInfo - ok
01:46:24.0156 6140 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
01:46:24.0187 6140 lmimirr - ok
01:46:24.0593 6140 LMIRfsClientNP - ok
01:46:25.0031 6140 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
01:46:25.0078 6140 LMIRfsDriver - ok
01:46:25.0515 6140 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
01:46:25.0515 6140 MBAMProtector - ok
01:46:25.0968 6140 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
01:46:26.0093 6140 mcdbus - ok
01:46:26.0531 6140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:46:26.0578 6140 mnmdd - ok
01:46:27.0000 6140 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:46:27.0031 6140 Modem - ok
01:46:27.0453 6140 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
01:46:27.0484 6140 MODEMCSA - ok
01:46:27.0890 6140 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
01:46:27.0937 6140 mohfilt - ok
01:46:28.0359 6140 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:46:28.0375 6140 Mouclass - ok
01:46:28.0859 6140 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:46:28.0875 6140 mouhid - ok
01:46:29.0484 6140 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:46:29.0546 6140 MountMgr - ok
01:46:30.0312 6140 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
01:46:30.0359 6140 mraid35x - ok
01:46:31.0078 6140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:46:31.0281 6140 MRxDAV - ok
01:46:31.0937 6140 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:46:32.0406 6140 MRxSmb - ok
01:46:32.0890 6140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:46:32.0921 6140 Msfs - ok
01:46:33.0390 6140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:46:33.0421 6140 MSKSSRV - ok
01:46:33.0859 6140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:46:33.0875 6140 MSPCLOCK - ok
01:46:34.0296 6140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:46:34.0296 6140 MSPQM - ok
01:46:34.0796 6140 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:46:34.0812 6140 mssmbios - ok
01:46:35.0265 6140 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
01:46:35.0281 6140 MSTEE - ok
01:46:35.0781 6140 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:46:35.0859 6140 Mup - ok
01:46:36.0328 6140 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:46:36.0359 6140 NABTSFEC - ok
01:46:36.0859 6140 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:46:36.0937 6140 NDIS - ok
01:46:37.0390 6140 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:46:37.0406 6140 NdisIP - ok
01:46:37.0921 6140 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:46:37.0953 6140 NdisTapi - ok
01:46:38.0359 6140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:46:38.0390 6140 Ndisuio - ok
01:46:38.0906 6140 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:46:38.0953 6140 NdisWan - ok
01:46:39.0406 6140 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:46:39.0453 6140 NDProxy - ok
01:46:39.0953 6140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:46:39.0984 6140 NetBIOS - ok
01:46:40.0546 6140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:46:40.0640 6140 NetBT - ok
01:46:41.0125 6140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:46:41.0140 6140 Npfs - ok
01:46:41.0859 6140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:46:42.0140 6140 Ntfs - ok
01:46:42.0656 6140 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
01:46:42.0687 6140 NuidFltr - ok
01:46:43.0156 6140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:46:43.0187 6140 Null - ok
01:46:44.0218 6140 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:46:44.0859 6140 nv - ok
01:46:45.0250 6140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:46:45.0281 6140 NwlnkFlt - ok
01:46:45.0703 6140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:46:45.0734 6140 NwlnkFwd - ok
01:46:46.0171 6140 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
01:46:46.0218 6140 NwlnkIpx - ok
01:46:46.0656 6140 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
01:46:46.0703 6140 NwlnkNb - ok
01:46:47.0187 6140 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
01:46:47.0250 6140 NwlnkSpx - ok
01:46:47.0781 6140 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
01:46:47.0828 6140 Parport - ok
01:46:48.0234 6140 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\WINDOWS\system32\drivers\Partizan.sys
01:46:48.0265 6140 Partizan - ok
01:46:48.0750 6140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:46:48.0765 6140 PartMgr - ok
01:46:49.0187 6140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:46:49.0203 6140 ParVdm - ok
01:46:49.0640 6140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:46:49.0656 6140 PCI - ok
01:46:50.0015 6140 PCIDump - ok
01:46:50.0421 6140 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:46:50.0421 6140 PCIIde - ok
01:46:50.0953 6140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:46:51.0000 6140 Pcmcia - ok
01:46:51.0562 6140 PCTCore (55e00ae13bb55e66030f2eb429a33156) C:\WINDOWS\system32\drivers\PCTCore.sys
01:46:51.0718 6140 PCTCore - ok
01:46:52.0296 6140 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
01:46:52.0453 6140 pctDS - ok
01:46:53.0171 6140 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
01:46:53.0468 6140 pctEFA - ok
01:46:54.0000 6140 PCTSD (c718f517b49b23d456b4a70789035df5) C:\WINDOWS\system32\Drivers\PCTSD.sys
01:46:54.0093 6140 PCTSD - ok
01:46:54.0531 6140 PDCOMP - ok
01:46:54.0890 6140 PDFRAME - ok
01:46:55.0328 6140 PDRELI - ok
01:46:55.0796 6140 PDRFRAME - ok
01:46:56.0218 6140 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
01:46:56.0250 6140 perc2 - ok
01:46:56.0671 6140 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
01:46:56.0703 6140 perc2hib - ok
01:46:57.0203 6140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:46:57.0234 6140 PptpMiniport - ok
01:46:57.0609 6140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:46:57.0625 6140 Ptilink - ok
01:46:58.0078 6140 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:46:58.0093 6140 PxHelp20 - ok
01:46:58.0578 6140 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
01:46:58.0609 6140 ql1080 - ok
01:46:59.0062 6140 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
01:46:59.0093 6140 Ql10wnt - ok
01:46:59.0531 6140 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
01:46:59.0562 6140 ql12160 - ok
01:47:00.0046 6140 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
01:47:00.0078 6140 ql1240 - ok
01:47:00.0515 6140 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
01:47:00.0562 6140 ql1280 - ok
01:47:00.0968 6140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:47:00.0984 6140 RasAcd - ok
01:47:01.0718 6140 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:47:01.0781 6140 Rasl2tp - ok
01:47:02.0218 6140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:47:02.0250 6140 RasPppoe - ok
01:47:02.0750 6140 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:47:02.0781 6140 Raspti - ok
01:47:03.0234 6140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:47:03.0343 6140 Rdbss - ok
01:47:03.0765 6140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:47:03.0781 6140 RDPCDD - ok
01:47:04.0328 6140 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:47:04.0421 6140 rdpdr - ok
01:47:05.0000 6140 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
01:47:05.0046 6140 RDPWD - ok
01:47:05.0531 6140 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:47:05.0578 6140 redbook - ok
01:47:06.0015 6140 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\WINDOWS\system32\Drivers\regguard.sys
01:47:06.0046 6140 RegGuard - ok
01:47:07.0015 6140 RT73 (da4980fad2b7d86d6ed8e35e3874f65e) C:\WINDOWS\system32\DRIVERS\rt73.sys
01:47:07.0296 6140 RT73 - ok
01:47:08.0093 6140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:47:08.0125 6140 Secdrv - ok
01:47:08.0937 6140 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
01:47:09.0328 6140 senfilt - ok
01:47:09.0750 6140 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
01:47:09.0796 6140 Sentinel - ok
01:47:10.0218 6140 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:47:10.0250 6140 serenum - ok
01:47:10.0718 6140 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:47:10.0765 6140 Serial - ok
01:47:11.0296 6140 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:47:11.0328 6140 Sfloppy - ok
01:47:11.0937 6140 Sftfs (44d20201a6c3fe4a634a559f8105f5b4) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
01:47:12.0250 6140 Sftfs - ok
01:47:12.0734 6140 Sftplay (0e108d75f8db551669e5eb37cbf5bc02) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
01:47:12.0890 6140 Sftplay - ok
01:47:13.0359 6140 Sftredir (65b31b4ba9efeace4dd95ed94051139f) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
01:47:13.0390 6140 Sftredir - ok
01:47:13.0875 6140 Sftvol (97604f605310f50dc49a2994c3264a42) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
01:47:13.0921 6140 Sftvol - ok
01:47:14.0296 6140 Simbad - ok
01:47:14.0765 6140 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
01:47:14.0796 6140 sisagp - ok
01:47:15.0281 6140 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:47:15.0296 6140 SLIP - ok
01:47:15.0875 6140 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
01:47:15.0968 6140 smwdm - ok
01:47:16.0437 6140 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
01:47:16.0453 6140 Sntnlusb - ok
01:47:16.0859 6140 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
01:47:16.0906 6140 Sparrow - ok
01:47:17.0406 6140 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:47:17.0453 6140 splitter - ok
01:47:17.0796 6140 sptd - ok
01:47:18.0281 6140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:47:18.0328 6140 sr - ok
01:47:18.0968 6140 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:47:19.0156 6140 Srv - ok
01:47:19.0546 6140 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
01:47:19.0562 6140 sscdbhk5 - ok
01:47:20.0046 6140 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
01:47:20.0078 6140 ssrtln - ok
01:47:20.0500 6140 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:47:20.0515 6140 streamip - ok
01:47:20.0953 6140 SWDUMon (5a8900251c6bb93f9fe9f2f556e3593e) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
01:47:20.0984 6140 SWDUMon - ok
01:47:21.0359 6140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:47:21.0390 6140 swenum - ok
01:47:21.0828 6140 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:47:21.0890 6140 swmidi - ok
01:47:22.0343 6140 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
01:47:22.0375 6140 symc810 - ok
01:47:22.0765 6140 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
01:47:22.0796 6140 symc8xx - ok
01:47:23.0328 6140 SymDSMon (4c155fa65cbf81513e4b9d088737e9cf) C:\WINDOWS\system32\drivers\SymDSMon.sys
01:47:23.0390 6140 SymDSMon - ok
01:47:23.0906 6140 SYMSpeedDisk (e9983667331d463f1e5b34f9170a9ae0) C:\WINDOWS\system32\drivers\SymSpeedDisk.sys
01:47:23.0953 6140 SYMSpeedDisk - ok
01:47:24.0343 6140 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
01:47:24.0359 6140 sym_hi - ok
01:47:24.0781 6140 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
01:47:24.0796 6140 sym_u3 - ok
01:47:25.0265 6140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:47:25.0312 6140 sysaudio - ok
01:47:25.0781 6140 TBU11 (ef0d78b3a6284d6c502e5aad700df9e9) C:\WINDOWS\system32\Drivers\tbu11.sys
01:47:25.0796 6140 TBU11 - ok
01:47:26.0437 6140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:47:26.0625 6140 Tcpip - ok
01:47:27.0046 6140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:47:27.0062 6140 TDPIPE - ok
01:47:27.0484 6140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:47:27.0484 6140 TDTCP - ok
01:47:27.0906 6140 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:47:27.0937 6140 TermDD - ok
01:47:28.0421 6140 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
01:47:28.0453 6140 tfsnboio - ok
01:47:28.0875 6140 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
01:47:28.0890 6140 tfsncofs - ok
01:47:29.0312 6140 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
01:47:29.0312 6140 tfsndrct - ok
01:47:29.0687 6140 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
01:47:29.0703 6140 tfsndres - ok
01:47:30.0156 6140 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
01:47:30.0203 6140 tfsnifs - ok
01:47:30.0593 6140 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
01:47:30.0625 6140 tfsnopio - ok
01:47:31.0062 6140 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
01:47:31.0078 6140 tfsnpool - ok
01:47:31.0562 6140 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
01:47:31.0609 6140 tfsnudf - ok
01:47:32.0031 6140 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
01:47:32.0109 6140 tfsnudfa - ok
01:47:32.0640 6140 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
01:47:32.0656 6140 TosIde - ok
01:47:33.0156 6140 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:47:33.0203 6140 Udfs - ok
01:47:33.0781 6140 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
01:47:33.0812 6140 ultra - ok
01:47:34.0406 6140 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:47:34.0609 6140 Update - ok
01:47:35.0109 6140 USBAAPL - ok
01:47:35.0656 6140 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
01:47:35.0687 6140 usbaudio - ok
01:47:36.0218 6140 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:47:36.0250 6140 usbccgp - ok
01:47:36.0687 6140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:47:36.0718 6140 usbehci - ok
01:47:37.0156 6140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:47:37.0187 6140 usbhub - ok
01:47:37.0609 6140 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:47:37.0640 6140 usbprint - ok
01:47:38.0062 6140 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:47:38.0078 6140 usbscan - ok
01:47:38.0515 6140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:47:38.0531 6140 USBSTOR - ok
01:47:39.0046 6140 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:47:39.0062 6140 usbuhci - ok
01:47:39.0484 6140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:47:39.0500 6140 VgaSave - ok
01:47:39.0906 6140 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
01:47:39.0921 6140 viaagp - ok
01:47:40.0390 6140 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
01:47:40.0421 6140 ViaIde - ok
01:47:40.0906 6140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:47:40.0953 6140 VolSnap - ok
01:47:41.0781 6140 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
01:47:42.0312 6140 vsdatant - ok
01:47:42.0796 6140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:47:42.0828 6140 Wanarp - ok
01:47:43.0234 6140 wanatw - ok
01:47:43.0828 6140 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
01:47:44.0015 6140 Wdf01000 - ok
01:47:44.0500 6140 WDICA - ok
01:47:44.0937 6140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:47:45.0000 6140 wdmaud - ok
01:47:45.0546 6140 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
01:47:45.0562 6140 WinUSB - ok
01:47:46.0109 6140 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
01:47:46.0125 6140 WpdUsb - ok
01:47:46.0578 6140 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:47:46.0593 6140 WS2IFSL - ok
01:47:47.0015 6140 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:47:47.0031 6140 WSTCODEC - ok
01:47:47.0546 6140 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:47:47.0593 6140 WudfPf - ok
01:47:48.0046 6140 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:47:48.0109 6140 WudfRd - ok
01:47:48.0312 6140 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
01:47:48.0328 6140 \Device\Harddisk0\DR0 - ok
01:47:48.0343 6140 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
01:47:49.0312 6140 \Device\Harddisk1\DR4 - ok
01:47:49.0343 6140 Boot (0x1200) (fdc39527d9489680141f1568d8c10c76) \Device\Harddisk0\DR0\Partition0
01:47:49.0343 6140 \Device\Harddisk0\DR0\Partition0 - ok
01:47:49.0359 6140 Boot (0x1200) (529ba13dbe5337593ef8d67b6ad20dab) \Device\Harddisk1\DR4\Partition0
01:47:49.0359 6140 \Device\Harddisk1\DR4\Partition0 - ok
01:47:49.0359 6140 ============================================================
01:47:49.0359 6140 Scan finished
01:47:49.0359 6140 ============================================================
01:47:49.0406 5048 Detected object count: 0
01:47:49.0406 5048 Actual detected object count: 0
01:48:01.0140 5308 ============================================================
01:48:01.0140 5308 Scan started
01:48:01.0140 5308 Mode: Manual; SigCheck; TDLFS;
01:48:01.0140 5308 ============================================================
01:48:01.0687 5308 a2acc (0436fbabd7e897eda44a511f60a59b37) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
01:48:04.0296 5308 a2acc - ok
01:48:04.0546 5308 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
01:48:04.0656 5308 A2DDA - ok
01:48:05.0125 5308 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
01:48:05.0218 5308 Aavmker4 - ok
01:48:05.0640 5308 Abiosdsk - ok
01:48:06.0093 5308 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
01:48:11.0718 5308 abp480n5 - ok
01:48:12.0265 5308 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:48:12.0578 5308 ACPI - ok
01:48:13.0078 5308 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:48:13.0375 5308 ACPIEC - ok
01:48:13.0781 5308 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
01:48:14.0109 5308 adpu160m - ok
01:48:14.0531 5308 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:48:14.0921 5308 aec - ok
01:48:15.0468 5308 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
01:48:15.0687 5308 AFD - ok
01:48:16.0140 5308 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
01:48:16.0468 5308 agp440 - ok
01:48:16.0968 5308 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
01:48:17.0312 5308 agpCPQ - ok
01:48:17.0718 5308 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
01:48:17.0968 5308 Aha154x - ok
01:48:18.0406 5308 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
01:48:18.0718 5308 aic78u2 - ok
01:48:19.0140 5308 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
01:48:19.0406 5308 aic78xx - ok
01:48:19.0796 5308 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
01:48:20.0109 5308 AliIde - ok
01:48:20.0484 5308 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
01:48:20.0796 5308 alim1541 - ok
01:48:21.0265 5308 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
01:48:21.0718 5308 amdagp - ok
01:48:22.0359 5308 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
01:48:23.0187 5308 amsint - ok
01:48:23.0828 5308 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
01:48:24.0062 5308 Asapi ( UnsignedFile.Multi.Generic ) - warning
01:48:24.0062 5308 Asapi - detected UnsignedFile.Multi.Generic (1)
01:48:24.0750 5308 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
01:48:25.0375 5308 asc - ok
01:48:26.0046 5308 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
01:48:26.0500 5308 asc3350p - ok
01:48:27.0296 5308 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
01:48:28.0078 5308 asc3550 - ok
01:48:28.0687 5308 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
01:48:28.0828 5308 aswFsBlk - ok
01:48:29.0515 5308 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
01:48:29.0750 5308 aswMon2 - ok
01:48:30.0515 5308 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
01:48:30.0765 5308 aswRdr - ok
01:48:31.0593 5308 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
01:48:32.0171 5308 aswSnx - ok
01:48:32.0968 5308 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
01:48:33.0343 5308 aswSP - ok
01:48:33.0953 5308 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
01:48:34.0187 5308 aswTdi - ok
01:48:34.0718 5308 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:48:35.0390 5308 AsyncMac - ok
01:48:36.0156 5308 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:48:37.0156 5308 atapi - ok
01:48:37.0671 5308 Atdisk - ok
01:48:38.0609 5308 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:48:39.0218 5308 Atmarpc - ok
01:48:39.0859 5308 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:48:40.0453 5308 audstub - ok
01:48:41.0109 5308 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:48:41.0625 5308 Beep - ok
01:48:42.0187 5308 bvrp_pci - ok
01:48:42.0875 5308 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
01:48:43.0328 5308 cbidf - ok
01:48:44.0031 5308 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:48:44.0796 5308 cbidf2k - ok
01:48:45.0468 5308 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:48:47.0718 5308 CCDECODE - ok
01:48:48.0390 5308 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
01:48:48.0765 5308 cd20xrnt - ok
01:48:49.0421 5308 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:48:49.0968 5308 Cdaudio - ok
01:48:50.0687 5308 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:48:51.0375 5308 Cdfs - ok
01:48:52.0062 5308 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:48:52.0984 5308 Cdrom - ok
01:48:53.0578 5308 Changer - ok
01:48:54.0296 5308 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
01:48:55.0140 5308 CmdIde - ok
01:48:55.0828 5308 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
01:48:56.0250 5308 Cpqarray - ok
01:48:56.0484 5308 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
01:48:56.0625 5308 cpudrv - ok
01:48:57.0312 5308 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\WINDOWS\system32\DRIVERS\CSCrySec.sys
01:48:57.0578 5308 CSCrySec - ok
01:48:58.0218 5308 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
01:48:58.0281 5308 CSVirtualDiskDrv - ok
01:48:58.0921 5308 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
01:48:59.0281 5308 dac2w2k - ok
01:48:59.0937 5308 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
01:49:00.0218 5308 dac960nt - ok
01:49:00.0890 5308 DCamUSBSQTECH (12e0a4134d5fd9914b965aa5aaa49e8f) C:\WINDOWS\system32\Drivers\SQcaptur.sys
01:49:00.0968 5308 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - warning
01:49:00.0968 5308 DCamUSBSQTECH - detected UnsignedFile.Multi.Generic (1)
01:49:01.0625 5308 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:49:01.0906 5308 Disk - ok
01:49:02.0937 5308 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:49:04.0140 5308 dmboot - ok
01:49:04.0875 5308 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:49:05.0234 5308 dmio - ok
01:49:05.0812 5308 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:49:06.0078 5308 dmload - ok
01:49:06.0750 5308 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:49:07.0062 5308 DMusic - ok
01:49:07.0703 5308 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
01:49:07.0968 5308 dpti2o - ok
01:49:08.0609 5308 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:49:08.0875 5308 drmkaud - ok
01:49:09.0578 5308 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
01:49:09.0656 5308 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
01:49:09.0656 5308 drvmcdb - detected UnsignedFile.Multi.Generic (1)
01:49:10.0296 5308 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
01:49:10.0375 5308 drvnddm ( UnsignedFile.Multi.Generic ) - warning
01:49:10.0375 5308 drvnddm - detected UnsignedFile.Multi.Generic (1)
01:49:10.0984 5308 DS1410D (1a51e03b66635280684e9edf34a2e8c0) C:\WINDOWS\system32\drivers\ds1410d.sys
01:49:11.0078 5308 DS1410D ( UnsignedFile.Multi.Generic ) - warning
01:49:11.0093 5308 DS1410D - detected UnsignedFile.Multi.Generic (1)
01:49:11.0781 5308 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
01:49:12.0062 5308 E100B - ok
01:49:12.0843 5308 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:49:13.0218 5308 Fastfat - ok
01:49:13.0812 5308 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
01:49:14.0484 5308 Fdc - ok
01:49:15.0109 5308 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:49:15.0421 5308 Fips - ok
01:49:16.0031 5308 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:49:16.0312 5308 Flpydisk - ok
01:49:17.0031 5308 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:49:17.0437 5308 FltMgr - ok
01:49:18.0031 5308 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:49:18.0406 5308 Fs_Rec - ok
01:49:19.0078 5308 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:49:19.0421 5308 Ftdisk - ok
01:49:20.0109 5308 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:49:20.0484 5308 Gpc - ok
01:49:21.0375 5308 hardlock (c818b973110a1c9f7763dd39bffd0fd3) C:\WINDOWS\system32\drivers\hardlock.sys
01:49:21.0953 5308 hardlock ( UnsignedFile.Multi.Generic ) - warning
01:49:21.0953 5308 hardlock - detected UnsignedFile.Multi.Generic (1)
01:49:22.0609 5308 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
01:49:22.0734 5308 Haspnt ( UnsignedFile.Multi.Generic ) - warning
01:49:22.0734 5308 Haspnt - detected UnsignedFile.Multi.Generic (1)
01:49:23.0234 5308 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:49:23.0609 5308 HidUsb - ok
01:49:24.0218 5308 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
01:49:24.0546 5308 hpn - ok
01:49:25.0343 5308 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:49:25.0812 5308 HTTP - ok
01:49:26.0453 5308 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
01:49:26.0796 5308 i2omgmt - ok
01:49:27.0406 5308 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
01:49:27.0859 5308 i2omp - ok
01:49:28.0578 5308 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:49:28.0968 5308 i8042prt - ok
01:49:30.0187 5308 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
01:49:32.0093 5308 ialm - ok
01:49:32.0765 5308 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:49:33.0234 5308 Imapi - ok
01:49:33.0968 5308 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
01:49:34.0406 5308 ini910u - ok
01:49:35.0843 5308 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
01:49:37.0875 5308 IntelC51 - ok
01:49:38.0875 5308 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
01:49:39.0937 5308 IntelC52 - ok
01:49:40.0593 5308 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
01:49:40.0734 5308 IntelC53 - ok
01:49:41.0390 5308 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
01:49:41.0781 5308 IntelIde - ok
01:49:42.0437 5308 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:49:42.0796 5308 intelppm - ok
01:49:43.0484 5308 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:49:43.0906 5308 Ip6Fw - ok
01:49:44.0531 5308 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:49:44.0953 5308 IpFilterDriver - ok
01:49:45.0578 5308 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:49:45.0875 5308 IpInIp - ok
01:49:46.0546 5308 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:49:47.0000 5308 IpNat - ok
01:49:47.0718 5308 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:49:48.0203 5308 IPSec - ok
01:49:48.0828 5308 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:49:49.0156 5308 IRENUM - ok
01:49:49.0750 5308 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:49:50.0156 5308 isapnp - ok
01:49:50.0500 5308 ISWKL (eb8594268cf50baaecbe82d70c833533) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
01:49:50.0609 5308 ISWKL - ok
01:49:51.0203 5308 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:49:51.0609 5308 Kbdclass - ok
01:49:52.0250 5308 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:49:52.0640 5308 kbdhid - ok
01:49:53.0359 5308 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
01:49:53.0531 5308 kl1 - ok
01:49:54.0171 5308 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\DRIVERS\klbg.sys
01:49:54.0250 5308 KLBG - ok
01:49:55.0046 5308 KLIF (cf9f89b7b5e08beb60e52dd7ff3a69e5) C:\WINDOWS\system32\DRIVERS\klif.sys
01:49:55.0296 5308 KLIF - ok
01:49:55.0906 5308 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
01:49:56.0000 5308 klim5 - ok
01:49:56.0687 5308 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
01:49:56.0765 5308 klmouflt - ok
01:49:57.0453 5308 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:49:57.0906 5308 kmixer - ok
01:49:58.0578 5308 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:49:58.0906 5308 KSecDD - ok
01:49:59.0234 5308 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
01:49:59.0390 5308 Lavasoft Kernexplorer - ok
01:50:00.0093 5308 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
01:50:00.0203 5308 Lbd - ok
01:50:00.0718 5308 lbrtfdc - ok
01:50:01.0046 5308 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
01:50:01.0218 5308 LMIInfo - ok
01:50:01.0843 5308 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
01:50:01.0937 5308 lmimirr - ok
01:50:02.0468 5308 LMIRfsClientNP - ok
01:50:03.0140 5308 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
01:50:03.0250 5308 LMIRfsDriver - ok
01:50:03.0875 5308 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
01:50:03.0953 5308 MBAMProtector - ok
01:50:04.0687 5308 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
01:50:04.0843 5308 mcdbus ( UnsignedFile.Multi.Generic ) - warning
01:50:04.0843 5308 mcdbus - detected UnsignedFile.Multi.Generic (1)
01:50:05.0484 5308 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:50:05.0875 5308 mnmdd - ok
01:50:06.0500 5308 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:50:06.0843 5308 Modem - ok
01:50:07.0484 5308 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
01:50:07.0828 5308 MODEMCSA - ok
01:50:08.0515 5308 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
01:50:08.0640 5308 mohfilt - ok
01:50:09.0328 5308 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:50:09.0687 5308 Mouclass - ok
01:50:10.0343 5308 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:50:10.0781 5308 mouhid - ok
01:50:11.0406 5308 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:50:11.0703 5308 MountMgr - ok
01:50:12.0218 5308 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
01:50:12.0453 5308 mraid35x - ok
01:50:13.0078 5308 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:50:13.0421 5308 MRxDAV - ok
01:50:14.0125 5308 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:50:14.0734 5308 MRxSmb - ok
01:50:15.0218 5308 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:50:15.0750 5308 Msfs - ok
01:50:16.0265 5308 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:50:16.0531 5308 MSKSSRV - ok
01:50:17.0015 5308 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:50:17.0296 5308 MSPCLOCK - ok
01:50:17.0734 5308 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:50:18.0015 5308 MSPQM - ok
01:50:18.0546 5308 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:50:18.0781 5308 mssmbios - ok
01:50:19.0265 5308 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
01:50:19.0578 5308 MSTEE - ok
01:50:20.0015 5308 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:50:20.0203 5308 Mup - ok
01:50:20.0671 5308 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:50:20.0921 5308 NABTSFEC - ok
01:50:21.0421 5308 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:50:21.0765 5308 NDIS - ok
01:50:22.0218 5308 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:50:22.0468 5308 NdisIP - ok
01:50:22.0859 5308 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:50:23.0062 5308 NdisTapi - ok
01:50:23.0531 5308 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:50:23.0828 5308 Ndisuio - ok
01:50:24.0390 5308 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:50:24.0703 5308 NdisWan - ok
01:50:25.0125 5308 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:50:25.0281 5308 NDProxy - ok
01:50:25.0734 5308 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:50:26.0015 5308 NetBIOS - ok
01:50:26.0640 5308 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:50:26.0937 5308 NetBT - ok
01:50:27.0453 5308 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:50:27.0781 5308 Npfs - ok
01:50:28.0562 5308 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:50:29.0234 5308 Ntfs - ok
01:50:29.0718 5308 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
01:50:29.0843 5308 NuidFltr - ok
01:50:30.0406 5308 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:50:30.0656 5308 Null - ok
01:50:31.0640 5308 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:50:33.0390 5308 nv - ok
01:50:33.0906 5308 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:50:34.0234 5308 NwlnkFlt - ok
01:50:34.0781 5308 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:50:35.0015 5308 NwlnkFwd - ok
01:50:35.0625 5308 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
01:50:35.0890 5308 NwlnkIpx - ok
01:50:36.0625 5308 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
01:50:36.0984 5308 NwlnkNb - ok
01:50:37.0593 5308 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
01:50:37.0906 5308 NwlnkSpx - ok
01:50:38.0656 5308 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
01:50:39.0015 5308 Parport - ok
01:50:39.0781 5308 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\WINDOWS\system32\drivers\Partizan.sys
01:50:39.0843 5308 Partizan - ok
01:50:40.0562 5308 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:50:40.0968 5308 PartMgr - ok
01:50:41.0593 5308 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:50:41.0921 5308 ParVdm - ok
01:50:42.0484 5308 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:50:42.0921 5308 PCI - ok
01:50:43.0421 5308 PCIDump - ok
01:50:44.0031 5308 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:50:44.0312 5308 PCIIde - ok
01:50:45.0718 5308 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:50:46.0234 5308 Pcmcia - ok
01:50:46.0921 5308 PCTCore (55e00ae13bb55e66030f2eb429a33156) C:\WINDOWS\system32\drivers\PCTCore.sys
01:50:47.0234 5308 PCTCore - ok
01:50:48.0093 5308 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
01:50:48.0421 5308 pctDS - ok
01:50:49.0468 5308 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
01:50:50.0515 5308 pctEFA - ok
01:50:51.0218 5308 PCTSD (c718f517b49b23d456b4a70789035df5) C:\WINDOWS\system32\Drivers\PCTSD.sys
01:50:51.0343 5308 PCTSD - ok
01:50:51.0656 5308 PDCOMP - ok
01:50:52.0203 5308 PDFRAME - ok
01:50:52.0640 5308 PDRELI - ok
01:50:53.0296 5308 PDRFRAME - ok
01:50:53.0859 5308 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
01:50:54.0296 5308 perc2 - ok
01:50:54.0828 5308 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
01:50:56.0281 5308 perc2hib - ok
01:50:57.0296 5308 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:50:57.0593 5308 PptpMiniport - ok
01:50:58.0656 5308 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:50:58.0937 5308 Ptilink - ok
01:50:59.0890 5308 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:51:00.0000 5308 PxHelp20 - ok
01:51:00.0671 5308 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
01:51:01.0312 5308 ql1080 - ok
01:51:01.0812 5308 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
01:51:02.0265 5308 Ql10wnt - ok
01:51:02.0828 5308 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
01:51:03.0078 5308 ql12160 - ok
01:51:03.0718 5308 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
01:51:03.0937 5308 ql1240 - ok
01:51:04.0656 5308 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
01:51:04.0890 5308 ql1280 - ok
01:51:05.0500 5308 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:51:05.0750 5308 RasAcd - ok
01:51:06.0187 5308 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:51:06.0609 5308 Rasl2tp - ok
01:51:07.0312 5308 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:51:07.0640 5308 RasPppoe - ok
01:51:08.0406 5308 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:51:08.0718 5308 Raspti - ok
01:51:09.0437 5308 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:51:09.0765 5308 Rdbss - ok
01:51:10.0156 5308 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:51:10.0562 5308 RDPCDD - ok
01:51:11.0062 5308 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:51:11.0578 5308 rdpdr - ok
01:51:12.0031 5308 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
01:51:12.0187 5308 RDPWD - ok
01:51:12.0765 5308 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:51:13.0156 5308 redbook - ok
01:51:13.0843 5308 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\WINDOWS\system32\Drivers\regguard.sys
01:51:13.0890 5308 RegGuard - ok
01:51:14.0781 5308 RT73 (da4980fad2b7d86d6ed8e35e3874f65e) C:\WINDOWS\system32\DRIVERS\rt73.sys
01:51:15.0484 5308 RT73 - ok
01:51:16.0078 5308 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:51:16.0578 5308 Secdrv - ok
01:51:17.0562 5308 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
01:51:18.0578 5308 senfilt - ok
01:51:19.0140 5308 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
01:51:19.0234 5308 Sentinel ( UnsignedFile.Multi.Generic ) - warning
01:51:19.0234 5308 Sentinel - detected UnsignedFile.Multi.Generic (1)
01:51:20.0296 5308 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:51:20.0781 5308 serenum - ok
01:51:21.0750 5308 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:51:22.0062 5308 Serial - ok
01:51:22.0609 5308 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:51:22.0890 5308 Sfloppy - ok
01:51:23.0859 5308 Sftfs (44d20201a6c3fe4a634a559f8105f5b4) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
01:51:24.0718 5308 Sftfs - ok
01:51:25.0328 5308 Sftplay (0e108d75f8db551669e5eb37cbf5bc02) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
01:51:25.0671 5308 Sftplay - ok
01:51:26.0218 5308 Sftredir (65b31b4ba9efeace4dd95ed94051139f) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
01:51:26.0281 5308 Sftredir - ok
01:51:26.0953 5308 Sftvol (97604f605310f50dc49a2994c3264a42) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
01:51:27.0046 5308 Sftvol - ok
01:51:27.0375 5308 Simbad - ok
01:51:27.0984 5308 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
01:51:28.0265 5308 sisagp - ok
01:51:28.0953 5308 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:51:29.0203 5308 SLIP - ok
01:51:29.0968 5308 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
01:51:30.0187 5308 smwdm - ok
01:51:30.0593 5308 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
01:51:30.0843 5308 Sntnlusb ( UnsignedFile.Multi.Generic ) - warning
01:51:30.0843 5308 Sntnlusb - detected UnsignedFile.Multi.Generic (1)
01:51:31.0296 5308 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
01:51:31.0453 5308 Sparrow - ok
01:51:32.0125 5308 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:51:32.0390 5308 splitter - ok
01:51:33.0062 5308 sptd - ok
01:51:33.0484 5308 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:51:33.0875 5308 sr - ok
01:51:34.0500 5308 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:51:35.0109 5308 Srv - ok
01:51:35.0531 5308 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
01:51:35.0593 5308 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
01:51:35.0593 5308 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
01:51:36.0156 5308 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
01:51:36.0234 5308 ssrtln ( UnsignedFile.Multi.Generic ) - warning
01:51:36.0234 5308 ssrtln - detected UnsignedFile.Multi.Generic (1)
01:51:36.0671 5308 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:51:37.0250 5308 streamip - ok
01:51:37.0640 5308 SWDUMon (5a8900251c6bb93f9fe9f2f556e3593e) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
01:51:37.0734 5308 SWDUMon - ok
01:51:38.0281 5308 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:51:38.0640 5308 swenum - ok
01:51:39.0218 5308 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:51:40.0046 5308 swmidi - ok
01:51:40.0625 5308 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
01:51:41.0078 5308 symc810 - ok
01:51:41.0625 5308 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
01:51:41.0875 5308 symc8xx - ok
01:51:42.0515 5308 SymDSMon (4c155fa65cbf81513e4b9d088737e9cf) C:\WINDOWS\system32\drivers\SymDSMon.sys
01:51:42.0656 5308 SymDSMon - ok
01:51:43.0343 5308 SYMSpeedDisk (e9983667331d463f1e5b34f9170a9ae0) C:\WINDOWS\system32\drivers\SymSpeedDisk.sys
01:51:43.0468 5308 SYMSpeedDisk - ok
01:51:44.0093 5308 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
01:51:44.0343 5308 sym_hi - ok
01:51:44.0828 5308 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
01:51:45.0437 5308 sym_u3 - ok
01:51:45.0906 5308 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:51:46.0343 5308 sysaudio - ok
01:51:46.0859 5308 TBU11 (ef0d78b3a6284d6c502e5aad700df9e9) C:\WINDOWS\system32\Drivers\tbu11.sys
01:51:47.0093 5308 TBU11 ( UnsignedFile.Multi.Generic ) - warning
01:51:47.0109 5308 TBU11 - detected UnsignedFile.Multi.Generic (1)
01:51:47.0734 5308 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:51:48.0421 5308 Tcpip - ok
01:51:48.0796 5308 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:51:49.0218 5308 TDPIPE - ok
01:51:49.0671 5308 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:51:50.0109 5308 TDTCP - ok
01:51:50.0578 5308 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:51:50.0875 5308 TermDD - ok
01:51:51.0500 5308 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
01:51:51.0578 5308 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
01:51:51.0578 5308 tfsnboio - detected UnsignedFile.Multi.Generic (1)
01:51:52.0125 5308 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
01:51:52.0203 5308 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
01:51:52.0203 5308 tfsncofs - detected UnsignedFile.Multi.Generic (1)
01:51:52.0593 5308 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
01:51:52.0640 5308 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
01:51:52.0640 5308 tfsndrct - detected UnsignedFile.Multi.Generic (1)
01:51:53.0343 5308 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
01:51:53.0390 5308 tfsndres ( UnsignedFile.Multi.Generic ) - warning
01:51:53.0390 5308 tfsndres - detected UnsignedFile.Multi.Generic (1)
01:51:53.0906 5308 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
01:51:54.0218 5308 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
01:51:54.0218 5308 tfsnifs - detected UnsignedFile.Multi.Generic (1)
01:51:54.0671 5308 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
01:51:54.0765 5308 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
01:51:54.0765 5308 tfsnopio - detected UnsignedFile.Multi.Generic (1)
01:51:55.0484 5308 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
01:51:55.0546 5308 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
01:51:55.0546 5308 tfsnpool - detected UnsignedFile.Multi.Generic (1)
01:51:56.0046 5308 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
01:51:56.0296 5308 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
01:51:56.0296 5308 tfsnudf - detected UnsignedFile.Multi.Generic (1)
01:51:56.0687 5308 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
01:51:56.0796 5308 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
01:51:56.0796 5308 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
01:51:57.0343 5308 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
01:51:57.0609 5308 TosIde - ok
01:51:58.0328 5308 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:51:58.0578 5308 Udfs - ok
01:51:58.0968 5308 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
01:51:59.0328 5308 ultra - ok
01:51:59.0921 5308 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:52:00.0609 5308 Update - ok
01:52:01.0078 5308 USBAAPL - ok
01:52:01.0750 5308 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
01:52:02.0031 5308 usbaudio - ok
01:52:02.0796 5308 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:52:03.0062 5308 usbccgp - ok
01:52:03.0671 5308 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:52:03.0921 5308 usbehci - ok
01:52:04.0562 5308 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:52:04.0843 5308 usbhub - ok
01:52:05.0390 5308 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:52:05.0656 5308 usbprint - ok
01:52:06.0171 5308 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:52:06.0593 5308 usbscan - ok
01:52:07.0140 5308 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:52:07.0562 5308 USBSTOR - ok
01:52:07.0953 5308 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:52:08.0203 5308 usbuhci - ok
01:52:08.0781 5308 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:52:09.0093 5308 VgaSave - ok
01:52:09.0781 5308 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
01:52:10.0062 5308 viaagp - ok
01:52:10.0671 5308 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
01:52:10.0953 5308 ViaIde - ok
01:52:11.0671 5308 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:52:11.0906 5308 VolSnap - ok
01:52:12.0781 5308 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
01:52:13.0437 5308 vsdatant - ok
01:52:14.0078 5308 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:52:14.0484 5308 Wanarp - ok
01:52:14.0828 5308 wanatw - ok
01:52:15.0578 5308 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
01:52:15.0953 5308 Wdf01000 - ok
01:52:16.0343 5308 WDICA - ok
01:52:17.0015 5308 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:52:17.0484 5308 wdmaud - ok
01:52:18.0046 5308 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
01:52:18.0140 5308 WinUSB - ok
01:52:18.0812 5308 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
01:52:19.0062 5308 WpdUsb - ok
01:52:19.0656 5308 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:52:19.0890 5308 WS2IFSL - ok
01:52:20.0406 5308 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:52:20.0796 5308 WSTCODEC - ok
01:52:21.0265 5308 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:52:21.0406 5308 WudfPf - ok
01:52:22.0015 5308 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:52:22.0140 5308 WudfRd - ok
01:52:22.0296 5308 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
01:52:22.0781 5308 \Device\Harddisk0\DR0 - ok
01:52:22.0796 5308 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
01:52:24.0078 5308 \Device\Harddisk1\DR4 - ok
01:52:24.0093 5308 Boot (0x1200) (fdc39527d9489680141f1568d8c10c76) \Device\Harddisk0\DR0\Partition0
01:52:24.0109 5308 \Device\Harddisk0\DR0\Partition0 - ok
01:52:24.0125 5308 Boot (0x1200) (529ba13dbe5337593ef8d67b6ad20dab) \Device\Harddisk1\DR4\Partition0
01:52:24.0125 5308 \Device\Harddisk1\DR4\Partition0 - ok
01:52:24.0125 5308 ============================================================
01:52:24.0125 5308 Scan finished
01:52:24.0125 5308 ============================================================
01:52:24.0265 4320 Detected object count: 22
01:52:24.0265 4320 Actual detected object count: 22
01:52:53.0265 4320 Asapi ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0265 4320 Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0265 4320 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0265 4320 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0281 4320 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0281 4320 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0281 4320 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0281 4320 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0281 4320 DS1410D ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0281 4320 DS1410D ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0296 4320 hardlock ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0296 4320 hardlock ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0296 4320 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0296 4320 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0312 4320 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0312 4320 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0312 4320 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0312 4320 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0312 4320 Sntnlusb ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0312 4320 Sntnlusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0328 4320 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0328 4320 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0328 4320 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0328 4320 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0343 4320 TBU11 ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0343 4320 TBU11 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0343 4320 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0343 4320 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0343 4320 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0343 4320 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0359 4320 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0359 4320 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0359 4320 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0375 4320 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0375 4320 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0375 4320 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0375 4320 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0375 4320 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0390 4320 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0390 4320 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0390 4320 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0390 4320 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:52:53.0406 4320 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
01:52:53.0406 4320 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

#6 Angelfuzz

Angelfuzz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 04 October 2011 - 02:16 AM

I am currently running the aswMBR scan.

Here is a chat log between a good friend and me as he tried to help me with this:


Doug Barrett it looks like explorer.exe may have a trojan attached to it, and that is probably the root cause of the problems you are having...
September 24 at 1:37pm
Doug Barrett export me a copy of your registry...run regedit.exe, click file -> export -> select desktop then type "cherylregistry" - it should save a file on your desktop called cherylregistry.reg
September 24 at 1:39pm
Doug Barrett zip that up and email it to me... cyntax713@yahoo.com
September 24 at 1:39pm
Doug Barrett let me browse around that - also give me your email and i can send you a file that will let me browse your system - assuming you can still get online?
September 24 at 1:40pm
Doug Barrett we might need to do this more tonight after my kids go to bed
September 24 at 1:42pm
Cheryl Morrell Sorry took a nap. I'll be at a concert later but I'll add my registry file to the forum post
September 24 at 3:46pm via mobile
Cheryl Morrell ok nvm it's 100mb...posting to ftw will send link shortly
September 24 at 4:09pm
Cheryl Morrell regisry file, zipped with winrar: https://skydrive.live.com/redir.aspx?cid=fb219d101d12f097&resid=FB219D101D12F097%21102

https://skydrive.live.com/redir.aspx?cid=fb219d101d12f097&resid=FB219D101D12F097!102

skydrive.live.com
September 24 at 4:22pm
Doug Barrett got it, thank you, ill check it out later tonight...
September 24 at 6:16pm
Doug Barrett download and install this client so i can work with you if necessary: https://skydrive.live.com/redir.aspx?cid=0842f54feb432b87&resid=842F54FEB432B87%21104

https://skydrive.live.com/redir.aspx?cid=0842f54feb432b87&resid=842F54FEB432B87!104

skydrive.live.com
September 24 at 6:21pm
Cheryl Morrell I have no install permissions, unless it'll let me do it in safe mode...we'll see.
September 25 at 11:25am
Cheryl Morrell hey that link says it's either expired or i don't have permission...can you check it out please?
September 25 at 2:15pm
Cheryl Morrell or just tell me what it is...is it log me in or something?
September 25 at 2:15pm
Doug Barrett i just changed the permissions to everyone - try again - then i will switch it back, let me know once you download the zip
September 25 at 2:38pm ·
Cheryl Morrell ‎"The system administrator has set policies to prevent this installation" in safe mode, as administrator
September 25 at 2:47pm ·
Cheryl Morrell would a system restore help do you think?
September 25 at 2:48pm ·
Doug Barrett ok, scratch the remote desktop thing... do you have the xp software if you need it? i have a few ideas for you
September 25 at 2:52pm ·
Cheryl Morrell i do not. i bought this pc from someone without disks :(
September 25 at 2:53pm ·
Doug Barrett dang, ok, does it have a COA sticker?
September 25 at 2:53pm ·
Doug Barrett let's move this to a chat instead of comments
September 25 at 2:53pm ·
Cheryl Morrell fb chat doesn't show you available.
September 25 at 2:54pm ·
Doug Barrett funny, ditto for you, ok then... do you have that COA sticker? what does it say? (meaning what version of windows are you licensed for)
September 25 at 2:56pm ·
Cheryl Morrell yes on the coa, XP home
September 25 at 2:58pm ·
Cheryl Morrell would a belarc do anything for u?
September 25 at 2:58pm ·
Doug Barrett i would extract one for your records but i dont need it yet
September 25 at 2:59pm ·
Cheryl Morrell k
September 25 at 2:59pm ·
Doug Barrett so have you ever used msconfig?
September 25 at 2:59pm ·
Cheryl Morrell tiny bits...not super savvy
September 25 at 3:00pm ·
Cheryl Morrell http://forums.techarena.in/windows-xp-support/930671.htm

The system administrator has set policies to prevent this installation - Windows XP Support

forums.techarena.in
The system administrator has set policies to prevent this installation, Windows ...See More
September 25 at 3:00pm · ·
Cheryl Morrell considering TheKLF99's fix
September 25 at 3:00pm ·
Cheryl Morrell same as yours?
September 25 at 3:00pm ·
Doug Barrett nothin to it, you'll be fine, it's a microsoft utility to turn off services and startup items for diagnostic purposes...
September 25 at 3:01pm ·
Doug Barrett give me a minute to read that thread
September 25 at 3:01pm ·
Cheryl Morrell take ur time. i was already in middle of googling msconfig info
September 25 at 3:02pm ·
Cheryl Morrell omg i'm in love with msconfig...was wrong...never used this...
September 25 at 3:06pm ·
Doug Barrett yes, that is pretty much what i was going to recommend, so i say do it,... now MSCONFIG just gives you the chance to disable everything or specific things, then it forces a reboot so you can see the outcome of what you've requested it to do... you can always just select 'diagnostic startup' and see how that goes...

September 25 at 3:09pm ·
Doug Barrett going this path in my opinion is to make the goal to get into normal mode so you can install the logmein software i sent you
September 25 at 3:10pm ·
Cheryl Morrell awesome...btw belarc says no group policies are assigned
September 25 at 3:10pm ·
Doug Barrett that will let me remote desktop in so i can look around
September 25 at 3:10pm ·
Cheryl Morrell ya i've worked with log me in before. i'll see what i can do...there's alot of stuff going on in msconfig that i'm gonna have to google.
September 25 at 3:11pm ·
Cheryl Morrell Install Driver Table Manager
September 25 at 3:18pm ·
Cheryl Morrell http://www.bleepingcomputer.com/startups/wpablan.exe-16801.html

Install Driver Table Manager - wpablan.exe - Program Information

www.bleepingcomputer.com

This entry has information about the startup entry named Install Driver Table Ma...See More
September 25 at 3:18pm · Like ·
Cheryl Morrell running this now...http://www.sophos.com/support/disinfection/sdbot.html

Sophos - W32/Sdbot disinfection instructions

www.sophos.com

You can use Resolve tools to disinfect W32/Sdbot.
September 25 at 3:22pm · ·
Doug Barrett ok
September 25 at 3:23pm ·
Doug Barrett also you should get LSPFIX: http://www.cexx.org/lspfix.htm

LSP-Fix - a free program to repair damaged Winsock 2 stacks

www.cexx.org

This program fixes loss of Internet access caused by buggy or improperly removed software.
September 25 at 3:31pm · ·
Doug Barrett in your hijackthis log: O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
September 25 at 3:32pm ·
Doug Barrett use lspfix to remove that file
September 25 at 3:32pm ·
Cheryl Morrell ‎100% sure? lspfix detects no issue.
September 25 at 3:39pm ·
Doug Barrett i am sure, but the error in that file may not be causing you any problems at the moment so we can wait until the end to remove it
September 25 at 3:44pm ·
Doug Barrett what happened with the sophos utility
September 25 at 3:44pm ·
Cheryl Morrell Firstscan found nothing. Default searches expected areas, configured to every file...waiting
September 25 at 3:49pm via mobile ·
Cheryl Morrell if you're sure i don't mind removing now.
September 25 at 3:49pm ·
Doug Barrett i'm sure, go ahead.
September 25 at 3:50pm ·
Cheryl Morrell removed. can i assume manufacturer is accurate in msconfig, or can that be manipulated?
September 25 at 3:54pm ·
Cheryl Morrell ‎"client virtualization handler" manufacturer unknown in msconfig. thoughts?

September 25 at 3:59pm ·
Doug Barrett it can be manipulated
September 25 at 4:01pm ·
Doug Barrett can you try to go to diagnostic mode thru msconfig and reboot? see if there is a change in normal mode?
September 25 at 4:01pm ·
Cheryl Morrell it launches DOS window and immediately closes...another window just popped up showing windows help/support info for network diagnostics, but it closed immediately, also...this thing really doesn't like your idea. -.- gonna try for a reboot...hope i haven't broken anything
September 25 at 4:05pm ·
Cheryl Morrell lmao oops nvm i got it...rebooting as soon as scan is done

September 25 at 4:08pm · Like
Cheryl Morrell scan found nothing again...checked diagnostic startup...any other advice before i reboot? do i have to hit f8 still or just let it do it's thing?
September 25 at 4:13pm ·
Cheryl Morrell ok just gonna wing it i guess. lol if i don't make it back...you're still crazy stupid awesome for helping me with this!! Thank you so much!!!!
September 25 at 4:22pm ·
Cheryl Morrell Logmein will install, working on figuring out what services to enable for internet
September 25 at 4:38pm ·
Cheryl Morrell Got Logmein to work...running in normal mode...lots of my legit programs are updating themselves...seems like we're on the right track...
September 25 at 6:20pm ·
Doug Barrett hola, sorry bout that, when kids are involved it's hard to keep a schedule =)
September 25 at 10:31pm ·
Doug Barrett i see your name listed in my logmein account now, but you are offline - so next time we are both available i can remote in and look around with you.
September 25 at 10:32pm ·
Doug Barrett we need to try relatively soon because we only have a 14 day free trial of the pro version (it has extra features we may need)
September 25 at 10:32pm ·
Doug Barrett anyways, i am going to be online for 10 more mins or so then i am hittin the hay
September 25 at 10:33pm ·
Cheryl Morrell hey sorry, long weekend...passed out super early lol. I got Logmein to work, but read up on some things and decided to remove connectivity until i was sure you'd be able to log in. I've gotten things now to where Malwarebytes can update and scan...found several trojan files/keys:
September 26 at 6:57am ·
Cheryl Morrell Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
September 26 at 6:59am ·
Cheryl Morrell I currently have Malwarebytes and Avira up and running, Malwarebytes will update, Avira still errors with random looking wingding symbols as the message...seems to be 2 or 3 variations
September 26 at 7:01am ·
Cheryl Morrell Avira found this: The file 'C:\Documents and Settings\Xavier\My Documents\Downloads\Torrents\Complete Downloads\OTK2010V201.zip' contained a virus or unwanted program 'SPR/Tool.Keygen.BI.38' [riskware]
Action(s) taken:
The file was moved to the quarantine directory under the name '45cefefa.qua'.
September 26 at 7:01am ·
Cheryl Morrell Avira also found an unreadable file "MasterCollection_CS5_5_LS1.7z.adadownload"
September 26 at 7:04am ·
Cheryl Morrell I'm currently downloading Sophos, as I've read that it seems to have high rootkit detectability. My internet definitely seems faster.
September 26 at 7:05am ·

Edited by Angelfuzz, 04 October 2011 - 02:17 AM.


#7 Angelfuzz

Angelfuzz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 04 October 2011 - 02:26 AM

Attached File  MBR.zip   575bytes   0 downloads

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-04 01:29:16
-----------------------------
01:29:16.812 OS Version: Windows 5.1.2600 Service Pack 3
01:29:16.812 Number of processors: 1 586 0x401
01:29:16.812 ComputerName: BREAKINGDAWN UserName: Xavier
01:29:21.390 Initialize success
01:29:26.578 AVAST engine defs: 11100301
01:30:11.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:30:11.968 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
01:30:12.000 Disk 0 MBR read successfully
01:30:12.015 Disk 0 MBR scan
01:30:12.312 Disk 0 unknown MBR code
01:30:12.359 Disk 0 scanning sectors +156232125
01:30:12.578 Disk 0 scanning C:\WINDOWS\system32\drivers
01:31:09.593 Service scanning
01:31:13.437 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
01:31:14.031 Modules scanning
01:31:48.328 Disk 0 trace - called modules:
01:31:48.390 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll pciide.sys
01:31:48.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83bc9ab8]
01:31:48.421 3 CLASSPNP.SYS[f7697fd7] -> nt!IofCallDriver -> [0x83b67920]
01:31:48.453 5 PCTCore.sys[f753d0ad] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83b88d98]
01:31:50.546 AVAST engine scan C:\WINDOWS
01:32:05.984 AVAST engine scan C:\WINDOWS\system32
01:39:30.968 AVAST engine scan C:\WINDOWS\system32\drivers
01:40:16.687 AVAST engine scan C:\Documents and Settings\Xavier
02:01:54.125 AVAST engine scan C:\Documents and Settings\All Users
02:13:55.671 Scan finished successfully
02:17:52.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Xavier\Desktop\MBR.dat"
02:17:52.687 The log file has been saved successfully to "C:\Documents and Settings\Xavier\Desktop\aswMBR.txt"

#8 Angelfuzz

Angelfuzz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 04 October 2011 - 02:43 AM

I am currently running Zone Alarm and Avast (free versions) as my primary firewall/AV protections...please advise on your best recommended combination. (UnHackme/Reanimator are set to scan at each boot, and Malwarebytes and Adaware are also usually running unless i disable them...yes i know that there could be software conflicts, but so far they all seem to play nicely.) i tried Kaspersky PURE, but my machine simply does not have the resources to support such a program.

I've been afraid to log into any accounts on this pc for the past 2 weeks...deleted all my passwords and temp files, disabled system restore until a few hours ago, and have been booting in diagnostic mode (msconfig) up until today. i couldn't begin to assess how many file, registry, and driver scans and "cleanups" I've performed...or everything that's been removed through the past 14 days. I'm not at all a computer guru...I've just done the best I can in researching every file and process I find, and this is where I've gotten. I am absolutely certain that my situation has improved (just the ability to update and install software is a big deal), but I'm very skeptical of the possibility that I've gotten everything completely cleaned.

Again, thank you so much for your help. I understand that this forum keeps you guys very busy...any help/advice/safety reassurance you can offer me is more appreciated than you could possibly know.

Sincerely and Respectfully yours,

Cheryl

Edited by Angelfuzz, 04 October 2011 - 02:44 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:16 AM

Posted 04 October 2011 - 09:57 AM

Zone Alarm and Avast (free versions) as my primary firewall/AV protections...please advise on your best recommended combination.


Your good. Make sure you have the latest versions and keep it up to date.

===

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#10 Angelfuzz

Angelfuzz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 04 October 2011 - 07:46 PM

Combofix is uninstalled

most protection was disabled for the combofix uninstall

Results of screen317's Security Check version 0.99.20
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
ZoneAlarm
ZoneAlarm Toolbar
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Wise Disk Cleaner 6.15
Wise Registry Cleaner 6.14
Java™ 6 Update 26
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Mozilla Firefox (7.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Emsisoft Anti-Malware a2service.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:16 AM

Posted 04 October 2011 - 07:53 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26
Java 2 Runtime Environment, SE v1.4.2_03

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Flash Player 10.3.183.10 ... Flash Player for Android update to Adobe Flash Player for Android 10.3.186.7

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

You can now delete the other tools we used to clean this computer.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:16 AM

Posted 07 October 2011 - 07:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users