Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/CRYPT.XPACK.Gen


  • This topic is locked This topic is locked
13 replies to this topic

#1 vptony

vptony

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 07 October 2011 - 02:44 PM

My wife got an email from USPS and it told her to download a file to take to the post office because they had tryed to drop off a package and no one was home. so she clicked the file and Avira instantly picked it up and it was quarantined. but Firefox wont open and i know that its still in the pc somewhere. Avira log below. Please help me i cannot do any of my online banking until i know its gone....

thanks, tony




Avira AntiVir Personal
Report file date: Thursday, October 06, 2011 14:42

Scanning for 3365449 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : Tony
Computer name : MASCHARI

Version information:
BUILD.DAT : 10.2.0.703 35935 Bytes 8/29/2011 16:39:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 6/28/2011 13:28:15
AVSCAN.DLL : 10.0.5.0 47464 Bytes 6/28/2011 13:28:15
LUKE.DLL : 10.3.0.5 45416 Bytes 6/28/2011 13:28:17
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 6/28/2011 13:28:17
AVREG.DLL : 10.3.0.9 88833 Bytes 7/12/2011 12:13:39
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 19:40:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 16:52:29
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 01:19:51
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 20:42:16
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 19:35:34
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 16:53:18
VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 08:31:45
VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 15:15:25
VBASE008.VDF : 7.11.15.107 2048 Bytes 10/5/2011 15:15:25
VBASE009.VDF : 7.11.15.108 2048 Bytes 10/5/2011 15:15:26
VBASE010.VDF : 7.11.15.109 2048 Bytes 10/5/2011 15:15:26
VBASE011.VDF : 7.11.15.110 2048 Bytes 10/5/2011 15:15:26
VBASE012.VDF : 7.11.15.111 2048 Bytes 10/5/2011 15:15:29
VBASE013.VDF : 7.11.15.112 2048 Bytes 10/5/2011 15:15:30
VBASE014.VDF : 7.11.15.113 2048 Bytes 10/5/2011 15:15:52
VBASE015.VDF : 7.11.15.114 2048 Bytes 10/5/2011 15:15:53
VBASE016.VDF : 7.11.15.115 2048 Bytes 10/5/2011 15:15:56
VBASE017.VDF : 7.11.15.116 2048 Bytes 10/5/2011 15:15:57
VBASE018.VDF : 7.11.15.117 2048 Bytes 10/5/2011 15:15:57
VBASE019.VDF : 7.11.15.118 2048 Bytes 10/5/2011 15:15:57
VBASE020.VDF : 7.11.15.119 2048 Bytes 10/5/2011 15:15:57
VBASE021.VDF : 7.11.15.120 2048 Bytes 10/5/2011 15:15:58
VBASE022.VDF : 7.11.15.121 2048 Bytes 10/5/2011 15:15:59
VBASE023.VDF : 7.11.15.122 2048 Bytes 10/5/2011 15:15:59
VBASE024.VDF : 7.11.15.123 2048 Bytes 10/5/2011 15:15:59
VBASE025.VDF : 7.11.15.124 2048 Bytes 10/5/2011 15:16:02
VBASE026.VDF : 7.11.15.125 2048 Bytes 10/5/2011 15:16:02
VBASE027.VDF : 7.11.15.126 2048 Bytes 10/5/2011 15:16:03
VBASE028.VDF : 7.11.15.127 2048 Bytes 10/5/2011 15:16:04
VBASE029.VDF : 7.11.15.128 2048 Bytes 10/5/2011 15:16:04
VBASE030.VDF : 7.11.15.129 2048 Bytes 10/5/2011 15:16:04
VBASE031.VDF : 7.11.15.140 131584 Bytes 10/6/2011 15:09:40
Engineversion : 8.2.6.76
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 16:07:58
AESCRIPT.DLL : 8.1.3.81 467322 Bytes 10/5/2011 15:23:45
AESCN.DLL : 8.1.7.2 127349 Bytes 11/22/2010 16:54:53
AESBX.DLL : 8.2.1.34 323957 Bytes 6/2/2011 19:31:17
AERDL.DLL : 8.1.9.15 639348 Bytes 9/10/2011 03:40:12
AEPACK.DLL : 8.2.10.11 684408 Bytes 9/23/2011 08:20:45
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 9/16/2011 08:20:51
AEHEUR.DLL : 8.1.2.175 3731831 Bytes 10/5/2011 15:23:22
AEHELP.DLL : 8.1.17.7 254327 Bytes 7/28/2011 16:50:17
AEGEN.DLL : 8.1.5.9 401780 Bytes 8/26/2011 06:19:54
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/22/2010 16:52:05
AECORE.DLL : 8.1.23.0 196983 Bytes 8/26/2011 06:19:39
AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 03:47:12
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 19:23:32
AVPREF.DLL : 10.0.3.2 44904 Bytes 6/28/2011 13:28:15
AVREP.DLL : 10.0.0.10 174120 Bytes 5/17/2011 23:33:46
AVARKT.DLL : 10.0.26.1 255336 Bytes 6/28/2011 13:28:14
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 6/28/2011 13:28:14
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 19:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 6/28/2011 13:28:13
RCTEXT.DLL : 10.0.64.0 97640 Bytes 6/28/2011 13:28:13

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\program files\avira\antivir desktop\alldiscs.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Thursday, October 06, 2011 14:42

The scan of running processes will be started
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'daemonu.exe' - '1' Module(s) have been scanned
Scan process 'InputPersonalization.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'YspService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'mswinext.exe' - '1' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'sttray.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'nvtray.exe' - '1' Module(s) have been scanned
Scan process 'LBTWiz.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'Pen_TabletUser.exe' - '1' Module(s) have been scanned
Scan process 'WTouchUser.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'TabTip.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WISPTIS.EXE' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'xaudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CSHelper.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'TabTip.exe' - '1' Module(s) have been scanned
Scan process 'WISPTIS.EXE' - '1' Module(s) have been scanned
Scan process 'WTouchService.exe' - '1' Module(s) have been scanned
Scan process 'LBTSERV.EXE' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1333' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@APPDATALOCAL@\Temp\IXP000.TMP\dxwsetup.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@APPDATALOCAL@\Temp\nsl7805.tmp\DivXComponent.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@APPDATALOCAL@\Temp\nsl7805.tmp\DivXConnectionTester.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@APPDATALOCAL@\Temp\nsl7805.tmp\ydetect.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@PROFILE@\Downloads\DivXBundle.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@PROFILE@\Downloads\dxwebsetup(2).exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@PROGRAMFILES@\Mozilla Firefox\firefox.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@SYSTEM@\divxsm.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@WINDIR@\explorer.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@WINDIR@\explorer.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4bdc8b03.qua'.
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@SYSTEM@\divxsm.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '52b1a455.qua'.
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@PROGRAMFILES@\Mozilla Firefox\firefox.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '00eafebd.qua'.
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@PROFILE@\Downloads\dxwebsetup(2).exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '66d8b18e.qua'.
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@PROFILE@\Downloads\DivXBundle.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '235d9c41.qua'.
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@APPDATALOCAL@\Temp\nsl7805.tmp\ydetect.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5db1ae2d.qua'.
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@APPDATALOCAL@\Temp\nsl7805.tmp\DivXConnectionTester.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '10fe826a.qua'.
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@APPDATALOCAL@\Temp\nsl7805.tmp\DivXComponent.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6ce6c23a.qua'.
C:\Users\Tony\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v70A6B3A1\Native\STUBEXE\@APPDATALOCAL@\Temp\IXP000.TMP\dxwsetup.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '41bded86.qua'.


End of the scan: Thursday, October 06, 2011 17:05
Used time: 1:51:03 Hour(s)

The scan has been done completely.

40798 Scanned directories
530755 Files were scanned
9 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
9 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
530746 Files not concerned
5285 Archives were scanned
0 Warnings
9 Notes

BC AdBot (Login to Remove)

 


#2 vptony

vptony
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 07 October 2011 - 08:17 PM

So i decided to possible make this easier on whom ever helps me by following the directions from the last time i had a trojan. so here are some logs

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Tony at 19:57:57.63 on Fri 10/07/2011
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.844 [GMT -5:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\WTouch\WTouchService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CSHelper.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\alg.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
C:\Users\Tony\Desktop\Defogger(1).exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tony\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.atcomet.com/b/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
uRun: [Google Update] "c:\users\tony\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {48DD0448-9209-4F81-9F6D-D83562940134}
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
TCP: {7ADA386C-1157-4D69-B2F2-E065D272A5EA} = 156.154.70.22,156.154.71.22
TCP: {EF8F6197-CFB9-4078-91C2-8D45F25477CE} = 156.154.70.22,156.154.71.22
AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tony\appdata\roaming\mozilla\firefox\profiles\6pj6244n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\tony\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\tony\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 19839812;19839812 Boot Guard Driver;c:\windows\system32\drivers\19839812.sys [2011-5-7 37392]
R1 19839811;19839811;c:\windows\system32\drivers\19839811.sys [2011-5-7 128016]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-11 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 36568]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-11 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-11 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-11 66616]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-1-31 266240]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-16 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-8 2214504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-16 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-2-24 4408616]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-2-24 112936]
R3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2008-11-26 333824]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-2-24 13224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 Alg78onenuvv;Alg78onenuvv; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-2-24 15656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 7/17/2007 11:43:13 AM
System Uptime: 10/7/2011 2:27:09 PM (5 hours ago)
.
Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+ | Socket M2 | 2100/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 79.347 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.769 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP1546: 9/23/2011 1:41:54 AM - Scheduled Checkpoint
RP1547: 9/24/2011 12:00:03 AM - Scheduled Checkpoint
RP1548: 9/25/2011 12:19:50 PM - Scheduled Checkpoint
RP1549: 9/27/2011 12:00:05 AM - Scheduled Checkpoint
RP1550: 9/27/2011 11:00:58 AM - Installed Adobe Reader X (10.1.0).
RP1551: 9/28/2011 12:00:03 AM - Scheduled Checkpoint
RP1552: 9/28/2011 3:00:12 AM - Windows Update
RP1553: 9/29/2011 12:00:06 AM - Scheduled Checkpoint
RP1554: 9/30/2011 6:00:18 PM - Scheduled Checkpoint
RP1555: 10/2/2011 9:39:18 AM - Scheduled Checkpoint
RP1556: 10/3/2011 12:00:04 AM - Scheduled Checkpoint
RP1557: 10/4/2011 12:00:04 AM - Scheduled Checkpoint
RP1558: 10/5/2011 12:00:04 AM - Scheduled Checkpoint
RP1559: 10/6/2011 12:00:04 AM - Scheduled Checkpoint
RP1560: 10/7/2011 12:16:03 AM - Scheduled Checkpoint
RP1561: 10/7/2011 2:21:52 PM - Restore Operation
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Avira UnErase Personal
Bamboo
Bandlink
Bonjour
BufferChm
CCleaner
CDDRV_Installer
CoffeeCup Free HTML Editor
COMODO Internet Security
Conexant D850 PCI V.92 Modem
Corel Painter Essentials 4
D110
Dell Support Center
DellSupport
Destinations
DeviceDiscovery
DHTML Editing Component
Digital Line Detect
DivX Codec
ESET Online Scanner v3
Game Booster
Games, Music, & Photos Launcher
Garmin City Navigator North America NT 2010.10 Update
Garmin Communicator Plugin
Garmin USB Drivers
getPlus® for Adobe
GIMP 2.6.8
Google Chrome
Google Earth
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPBaseService2
Graffiti Studio 2.0
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
Imikimi Plugin
iTunes
Java Auto Updater
Java™ 6 Update 24
Java™ SE Runtime Environment 6
KhalSetup
Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1
Logitech Audio Echo Cancellation Component
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Video Enumerator
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Modem Diagnostic Tool
MonkeyJam 3_050529
Mozilla Firefox 7.0.1 (x86 en-US)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
NetWaiting
Network
NVIDIA Control Panel 275.33
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA Update Components
OGA Notifier 2.0.0048.0
PeerGuardian 2.0
Photo Explosion SE 2.0
Pocket RAR documentation
Product Documentation Launcher
PS_AIO_07_D110_SW_Min
QuickTime
QuickTransfer
RealPlayer
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Scan
Scrapbook Factory
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SetPoint
Shop for HP Supplies
ShoutBox Timer
SigmaTel Audio
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Spybot - Search & Destroy
Status
System Requirements Lab
Toolbox
TrayApp
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
User's Guides
Ventrilo Client
Voice Tweaker 4.1.0.5
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
World of Warcraft
Yahoo! BrowserPlus 2.7.1
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Search Protection
Yahoo! Software Update
Yawcam 0.3.3
Zipeg
.
==== Event Viewer Messages From Past Week ========
.
19839811 AFD avgio avipbb cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv tdx Wanarpv6 ws2ifsl
10/7/2011 7:43:37 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
10/7/2011 2:28:21 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "740" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding
10/7/2011 2:13:08 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for <null> with the following error: Access is denied.
10/7/2011 2:13:08 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: Access is denied.
10/7/2011 1:40:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/7/2011 1:35:02 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2011 1:34:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/7/2011 1:34:47 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2011 1:34:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/7/2011 1:34:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/7/2011 1:34:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/7/2011 1:34:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/7/2011 1:34:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2011 1:34:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2011 1:34:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/7/2011 1:32:47 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
10/7/2011 1:32:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
.
==== End Of File ===========================

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C007000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10670080 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 275.33 )
0x8DE02000 C:\Windows\system32\DRIVERS\19839811.sys 5373952 bytes (Kaspersky Lab, Kaspersky Unified Driver)
0x82A13000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82A13000 PnpManager 3907584 bytes
0x82A13000 RAW 3907584 bytes
0x82A13000 WMIxWDM 3907584 bytes
0x97640000 Win32k 2113536 bytes
0x97640000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88407000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8347E000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8CC09000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x83603000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80466000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA6801000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8CD0C000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x82409000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0xA5201000 C:\Windows\system32\drivers\hardlock.sys 688128 bytes (Aladdin Knowledge Systems Ltd., Hardlock Device Driver for Windows NT)
0x8D108000 C:\Windows\system32\drivers\stwrt.sys 667648 bytes (SigmaTel, Inc., NDRC)
0x8CA38000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x83770000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xA52DE000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x80546000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8DA03000 C:\Windows\system32\DRIVERS\LV561AV.SYS 491520 bytes (Logitech Inc., Logitech Video Driver)
0x8340D000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x82510000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83718000 C:\Windows\system32\DRIVERS\netr61.sys 360448 bytes (Ralink Technology, Corp., Ralink 802.11 Wireless Adapter Driver)
0x8D795000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8CB69000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 303104 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x806A8000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D6F1000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8060C000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80425000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x80749000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8D608000 C:\Windows\System32\DRIVERS\cmdguard.sys 253952 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0x8CAEE000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8DACF000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x835B4000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8DB55000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88517000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D09E000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82DCD000 ACPI_HAL 208896 bytes
0x82DCD000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xA693F000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x807A7000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8D739000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x805CF000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8D1AB000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x83589000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8CBB3000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x824C9000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA535E000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xA52A9000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8DB8E000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8DB2C000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x88567000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80663000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA68FD000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x8D1D8000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8D004000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8071B000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x825C8000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8D669000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8E3A9000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8E339000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0x8078A000 C:\Windows\system32\DRIVERS\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x8257D000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x836ED000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8E36F000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA5391000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x8259A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x80702000 C:\Windows\system32\drivers\nvraid.sys 102400 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver)
0x8CB3B000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8E3C8000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E38A000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0x8DB15000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8CBDD000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA6972000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8DA92000 C:\Windows\system32\DRIVERS\inspect.sys 90112 bytes (COMODO, COMODO Internet Security Firewall Driver)
0x8D774000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8D6BC000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x825B3000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8D04A000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8D036000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8D6DD000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x824FD000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8DAB6000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8858E000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8D0EC000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8040C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x83708000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x8CB59000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0x807D9000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8CDD0000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x824B9000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x806F2000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8D05F000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8E360000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88558000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8068A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8D027000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8CB2C000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80699000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x97880000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8DAA8000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D6A5000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x885A8000 C:\Windows\system32\DRIVERS\19839812.sys 53248 bytes (Kaspersky Lab, Kaspersky Lab Boot Guard Driver)
0xA52D1000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x8E322000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8CDC0000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8073C000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x8D091000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805C2000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA53AB000 C:\Windows\system32\DRIVERS\hidbth.sys 49152 bytes (Microsoft Corporation, Bluetooth Miniport Driver for HID Devices)
0xA68E9000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xA6933000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8D65D000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8CAD8000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8D6D2000 C:\Windows\System32\DRIVERS\cmdhlp.sys 45056 bytes (COMODO, COMODO Internet Security Helper Driver)
0x8D06F000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D07A000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8D69A000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8CBF4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8CDEB000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xA6928000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x885E9000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xA5387000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x8E32F000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8E356000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8D087000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x824F3000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8DB0B000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA68DF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8CAE4000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xA6988000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8859F000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D646000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8DA7B000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8D0E3000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8D78A000 C:\Windows\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0xA69BC000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x807E9000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8D6B3000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x97860000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x885F4000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80652000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8D76B000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x8041D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8D0D3000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8065B000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D68A000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D692000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0xA6999000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0x88550000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8D0DB000 C:\Windows\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xA68F5000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8D656000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8CDE0000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80405000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8DA84000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x8DA8B000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 28672 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xA69B5000 C:\Users\Tony\AppData\Local\Temp\mbr.sys 28672 bytes
0x8D64F000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8CB53000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8DAC9000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xA6923000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xA53B7000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8CA34000 C:\Windows\System32\Drivers\nvBridge.kmd 16384 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 275.33 )
0x8CDCD000 C:\Windows\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)
0x8DB53000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0x825E9000 C:\Windows\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0x8D085000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D793000 C:\Windows\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8CDE7000 C:\Windows\system32\DRIVERS\WacomVKHid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0x8CDE9000 C:\Windows\system32\DRIVERS\WacomVTHid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
==============================================
>Stealth
==============================================
0x66480000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0x85725D90 ] PID: 7388, 1196032 bytes
0x6D300000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0x85725D90 ] PID: 7388, 143360 bytes
0x67610000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0x85725D90 ] PID: 7388, 2375680 bytes
0x68A90000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0x85725D90 ] PID: 7388, 380928 bytes
0x66680000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0x85725D90 ] PID: 7388, 4505600 bytes
0x66AD0000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0x85725D90 ] PID: 7388, 6197248 bytes
0x68010000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0x85725D90 ] PID: 7388, 659456 bytes
0x683B0000 Hidden Image-->System.ni.dll [ EPROCESS 0x85725D90 ] PID: 7388, 671744 bytes
0x665B0000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0x85725D90 ] PID: 7388, 847872 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)



2011/10/07 20:14:40.0067 8236 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/10/07 20:14:42.0953 8236 ================================================================================
2011/10/07 20:14:42.0953 8236 SystemInfo:
2011/10/07 20:14:42.0953 8236
2011/10/07 20:14:42.0953 8236 OS Version: 6.0.6002 ServicePack: 2.0
2011/10/07 20:14:42.0953 8236 Product type: Workstation
2011/10/07 20:14:42.0953 8236 ComputerName: MASCHARI
2011/10/07 20:14:42.0953 8236 UserName: Tony
2011/10/07 20:14:42.0953 8236 Windows directory: C:\Windows
2011/10/07 20:14:42.0953 8236 System windows directory: C:\Windows
2011/10/07 20:14:42.0953 8236 Processor architecture: Intel x86
2011/10/07 20:14:42.0953 8236 Number of processors: 2
2011/10/07 20:14:42.0953 8236 Page size: 0x1000
2011/10/07 20:14:42.0953 8236 Boot type: Normal boot
2011/10/07 20:14:42.0953 8236 ================================================================================
2011/10/07 20:14:43.0187 8236 Initialize success
2011/10/07 20:14:44.0732 8960 ================================================================================
2011/10/07 20:14:44.0732 8960 Scan started
2011/10/07 20:14:44.0732 8960 Mode: Manual;
2011/10/07 20:14:44.0732 8960 ================================================================================
2011/10/07 20:14:45.0184 8960 19839811 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\19839811.sys
2011/10/07 20:14:45.0215 8960 19839812 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\19839812.sys
2011/10/07 20:14:45.0278 8960 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/10/07 20:14:45.0356 8960 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/10/07 20:14:45.0418 8960 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/10/07 20:14:45.0465 8960 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/10/07 20:14:45.0527 8960 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/10/07 20:14:45.0652 8960 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/10/07 20:14:45.0714 8960 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/10/07 20:14:45.0761 8960 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/10/07 20:14:45.0792 8960 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2011/10/07 20:14:45.0855 8960 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/10/07 20:14:45.0902 8960 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2011/10/07 20:14:45.0933 8960 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/10/07 20:14:45.0964 8960 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/10/07 20:14:46.0167 8960 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/10/07 20:14:46.0229 8960 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/10/07 20:14:46.0323 8960 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/10/07 20:14:46.0370 8960 atapi (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys
2011/10/07 20:14:46.0463 8960 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/10/07 20:14:46.0510 8960 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/10/07 20:14:46.0588 8960 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/10/07 20:14:46.0650 8960 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/10/07 20:14:46.0728 8960 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/10/07 20:14:46.0884 8960 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/10/07 20:14:46.0947 8960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/10/07 20:14:46.0978 8960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/10/07 20:14:47.0040 8960 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/10/07 20:14:47.0072 8960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/10/07 20:14:47.0134 8960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/10/07 20:14:47.0181 8960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/10/07 20:14:47.0243 8960 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/10/07 20:14:47.0290 8960 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/10/07 20:14:47.0368 8960 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/10/07 20:14:47.0446 8960 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/10/07 20:14:47.0540 8960 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/10/07 20:14:47.0680 8960 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/10/07 20:14:47.0727 8960 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/10/07 20:14:47.0789 8960 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/10/07 20:14:47.0852 8960 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/10/07 20:14:47.0961 8960 cmdGuard (ab491f59adb3a496a6a13636767c9317) C:\Windows\system32\DRIVERS\cmdguard.sys
2011/10/07 20:14:48.0008 8960 cmdHlp (4eca66ad76e621b8d4cf8b861a5d2ff6) C:\Windows\system32\DRIVERS\cmdhlp.sys
2011/10/07 20:14:48.0054 8960 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2011/10/07 20:14:48.0101 8960 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/10/07 20:14:48.0148 8960 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/10/07 20:14:48.0195 8960 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/10/07 20:14:48.0304 8960 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/10/07 20:14:48.0382 8960 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/10/07 20:14:48.0476 8960 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/10/07 20:14:48.0554 8960 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/10/07 20:14:48.0632 8960 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/10/07 20:14:48.0694 8960 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/10/07 20:14:48.0741 8960 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/10/07 20:14:48.0788 8960 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/10/07 20:14:48.0866 8960 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/10/07 20:14:48.0959 8960 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/10/07 20:14:49.0084 8960 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/10/07 20:14:49.0131 8960 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/10/07 20:14:49.0178 8960 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/10/07 20:14:49.0256 8960 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/10/07 20:14:49.0302 8960 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/10/07 20:14:49.0365 8960 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/10/07 20:14:49.0427 8960 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/10/07 20:14:49.0521 8960 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/10/07 20:14:49.0568 8960 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/10/07 20:14:49.0646 8960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/10/07 20:14:49.0833 8960 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\Windows\system32\drivers\hardlock.sys
2011/10/07 20:14:49.0911 8960 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/10/07 20:14:49.0958 8960 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/10/07 20:14:50.0020 8960 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/10/07 20:14:50.0067 8960 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/10/07 20:14:50.0145 8960 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/10/07 20:14:50.0207 8960 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/10/07 20:14:50.0301 8960 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/10/07 20:14:50.0348 8960 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/10/07 20:14:50.0426 8960 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/10/07 20:14:50.0488 8960 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/10/07 20:14:50.0550 8960 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/10/07 20:14:50.0597 8960 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/10/07 20:14:50.0660 8960 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/10/07 20:14:50.0738 8960 inspect (f0b1f95f5864e7b52332f014ea9adc63) C:\Windows\system32\DRIVERS\inspect.sys
2011/10/07 20:14:50.0800 8960 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
2011/10/07 20:14:50.0847 8960 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/10/07 20:14:50.0925 8960 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/10/07 20:14:51.0018 8960 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/10/07 20:14:51.0081 8960 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/10/07 20:14:51.0143 8960 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/10/07 20:14:51.0206 8960 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/10/07 20:14:51.0268 8960 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/10/07 20:14:51.0315 8960 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/10/07 20:14:51.0362 8960 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/10/07 20:14:51.0424 8960 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/10/07 20:14:51.0486 8960 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/10/07 20:14:51.0564 8960 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/10/07 20:14:51.0674 8960 LHidFilt (597d79382c154cedb638a65012925a23) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/10/07 20:14:51.0736 8960 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/10/07 20:14:51.0783 8960 LMouFilt (9ead053d28182bd6acb19d5f58202194) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/10/07 20:14:51.0830 8960 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/10/07 20:14:51.0892 8960 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/10/07 20:14:51.0954 8960 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/10/07 20:14:52.0032 8960 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/10/07 20:14:52.0173 8960 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/10/07 20:14:52.0251 8960 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys
2011/10/07 20:14:52.0313 8960 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/10/07 20:14:52.0360 8960 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/10/07 20:14:52.0422 8960 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/10/07 20:14:52.0454 8960 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/10/07 20:14:52.0516 8960 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/10/07 20:14:52.0578 8960 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/10/07 20:14:52.0625 8960 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/10/07 20:14:52.0703 8960 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/10/07 20:14:52.0766 8960 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/10/07 20:14:52.0812 8960 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/10/07 20:14:52.0875 8960 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/10/07 20:14:52.0922 8960 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/10/07 20:14:52.0984 8960 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/10/07 20:14:53.0015 8960 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/10/07 20:14:53.0078 8960 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
2011/10/07 20:14:53.0124 8960 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/10/07 20:14:53.0202 8960 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/10/07 20:14:53.0265 8960 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/10/07 20:14:53.0358 8960 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/10/07 20:14:53.0421 8960 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/10/07 20:14:53.0468 8960 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/10/07 20:14:53.0514 8960 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/10/07 20:14:53.0592 8960 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/10/07 20:14:53.0655 8960 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/10/07 20:14:53.0686 8960 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/10/07 20:14:53.0748 8960 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/10/07 20:14:53.0826 8960 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/10/07 20:14:53.0889 8960 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/10/07 20:14:53.0936 8960 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/10/07 20:14:53.0982 8960 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/10/07 20:14:54.0029 8960 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/10/07 20:14:54.0107 8960 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/10/07 20:14:54.0170 8960 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/10/07 20:14:54.0279 8960 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/10/07 20:14:54.0326 8960 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/10/07 20:14:54.0404 8960 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/10/07 20:14:54.0482 8960 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/10/07 20:14:54.0560 8960 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/10/07 20:14:54.0606 8960 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/10/07 20:14:54.0903 8960 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/10/07 20:14:55.0028 8960 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/10/07 20:14:55.0090 8960 nvrd32 (1988af02f581ee0a0a0c4d920b7e272f) C:\Windows\system32\drivers\nvrd32.sys
2011/10/07 20:14:55.0137 8960 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/10/07 20:14:55.0199 8960 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/10/07 20:14:55.0277 8960 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/10/07 20:14:55.0418 8960 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/10/07 20:14:55.0496 8960 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/10/07 20:14:55.0574 8960 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/10/07 20:14:55.0605 8960 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/10/07 20:14:55.0698 8960 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/10/07 20:14:55.0776 8960 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
2011/10/07 20:14:55.0823 8960 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/10/07 20:14:55.0979 8960 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/10/07 20:14:56.0229 8960 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
2011/10/07 20:14:56.0525 8960 PID_0928 (99dde24b5426f1b0cf0b2e21afae3eef) C:\Windows\system32\DRIVERS\LV561AV.SYS
2011/10/07 20:14:56.0993 8960 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/10/07 20:14:57.0196 8960 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/10/07 20:14:57.0305 8960 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/10/07 20:14:57.0383 8960 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2011/10/07 20:14:57.0820 8960 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/10/07 20:14:58.0007 8960 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/10/07 20:14:58.0148 8960 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/10/07 20:14:58.0647 8960 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/10/07 20:14:58.0974 8960 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/10/07 20:14:59.0052 8960 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/10/07 20:14:59.0130 8960 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/10/07 20:14:59.0224 8960 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/10/07 20:14:59.0380 8960 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/10/07 20:14:59.0489 8960 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/10/07 20:14:59.0692 8960 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/10/07 20:14:59.0817 8960 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/10/07 20:14:59.0926 8960 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/10/07 20:15:00.0004 8960 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/10/07 20:15:00.0082 8960 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/10/07 20:15:00.0144 8960 rt61x86 (92f0efc2d29d2b38adf9fe49701523c1) C:\Windows\system32\DRIVERS\netr61.sys
2011/10/07 20:15:00.0254 8960 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/10/07 20:15:00.0394 8960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/10/07 20:15:00.0503 8960 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/10/07 20:15:00.0675 8960 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/10/07 20:15:00.0753 8960 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/10/07 20:15:00.0878 8960 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/10/07 20:15:01.0034 8960 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/10/07 20:15:01.0424 8960 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/10/07 20:15:01.0689 8960 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/10/07 20:15:01.0782 8960 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/10/07 20:15:01.0829 8960 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/10/07 20:15:02.0016 8960 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/10/07 20:15:02.0110 8960 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/10/07 20:15:02.0344 8960 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/10/07 20:15:02.0422 8960 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/10/07 20:15:02.0469 8960 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/10/07 20:15:02.0516 8960 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/10/07 20:15:02.0578 8960 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/10/07 20:15:02.0656 8960 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
2011/10/07 20:15:02.0734 8960 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/10/07 20:15:02.0812 8960 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/10/07 20:15:02.0859 8960 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/10/07 20:15:02.0921 8960 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/10/07 20:15:02.0968 8960 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/10/07 20:15:03.0124 8960 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/10/07 20:15:03.0202 8960 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/10/07 20:15:03.0264 8960 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/10/07 20:15:03.0311 8960 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/10/07 20:15:03.0358 8960 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/10/07 20:15:03.0420 8960 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/10/07 20:15:03.0467 8960 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/10/07 20:15:03.0576 8960 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/10/07 20:15:03.0654 8960 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/10/07 20:15:03.0717 8960 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/10/07 20:15:03.0764 8960 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/10/07 20:15:03.0810 8960 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/10/07 20:15:03.0888 8960 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/10/07 20:15:03.0920 8960 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/10/07 20:15:03.0966 8960 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/10/07 20:15:04.0029 8960 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/10/07 20:15:04.0091 8960 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/10/07 20:15:04.0169 8960 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/10/07 20:15:04.0247 8960 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/10/07 20:15:04.0325 8960 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/10/07 20:15:04.0388 8960 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/10/07 20:15:04.0450 8960 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/10/07 20:15:04.0512 8960 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/10/07 20:15:04.0559 8960 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/10/07 20:15:04.0622 8960 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/10/07 20:15:04.0668 8960 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/10/07 20:15:04.0746 8960 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/10/07 20:15:04.0809 8960 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/10/07 20:15:04.0856 8960 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/10/07 20:15:04.0934 8960 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/10/07 20:15:05.0027 8960 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/10/07 20:15:05.0074 8960 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/10/07 20:15:05.0121 8960 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/10/07 20:15:05.0168 8960 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2011/10/07 20:15:05.0214 8960 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/10/07 20:15:05.0277 8960 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/10/07 20:15:05.0339 8960 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/10/07 20:15:05.0402 8960 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/10/07 20:15:05.0511 8960 wacmoumonitor (826a053968d0faf39afd8aecff580cb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/10/07 20:15:05.0573 8960 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/10/07 20:15:05.0636 8960 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/10/07 20:15:05.0682 8960 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/10/07 20:15:05.0714 8960 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
2011/10/07 20:15:05.0760 8960 WacomVTHid (799c84ce3bd9600172aa53b4ead8357a) C:\Windows\system32\DRIVERS\WacomVTHid.sys
2011/10/07 20:15:05.0792 8960 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/10/07 20:15:05.0807 8960 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/10/07 20:15:05.0870 8960 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/10/07 20:15:05.0963 8960 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/10/07 20:15:06.0072 8960 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/10/07 20:15:06.0213 8960 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/10/07 20:15:06.0306 8960 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/10/07 20:15:06.0369 8960 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/10/07 20:15:06.0462 8960 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/10/07 20:15:06.0525 8960 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/10/07 20:15:06.0618 8960 ================================================================================
2011/10/07 20:15:06.0618 8960 Scan finished
2011/10/07 20:15:06.0618 8960 ================================================================================










.

#3 vptony

vptony
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 07 October 2011 - 08:45 PM

ComboFix 11-10-07.04 - Tony 10/07/2011 20:21:26.10.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.866 [GMT -5:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL70CB.tmp
c:\programdata\SPL9057.tmp
c:\programdata\SPLA4A7.tmp
c:\programdata\SPLA84F.tmp
c:\programdata\SPLAEE9.tmp
c:\programdata\SPLB183.tmp
c:\programdata\SPLB2D5.tmp
c:\programdata\SPLB8C5.tmp
c:\programdata\SPLF2DC.tmp
c:\users\Tony\AppData\Local\{3AC403AB-9489-4163-9784-203DCD708F92}
c:\users\Tony\AppData\Local\{3AC403AB-9489-4163-9784-203DCD708F92}\chrome.manifest
c:\users\Tony\AppData\Local\{3AC403AB-9489-4163-9784-203DCD708F92}\chrome\content\_cfg.js
c:\users\Tony\AppData\Local\{3AC403AB-9489-4163-9784-203DCD708F92}\chrome\content\overlay.xul
c:\users\Tony\AppData\Local\{3AC403AB-9489-4163-9784-203DCD708F92}\install.rdf
c:\windows\TEMP\logishrd\LVPrcInj02.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))
.
.
2011-10-08 01:30 . 2011-10-08 01:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-10-08 01:30 . 2011-10-08 01:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-10-08 01:30 . 2011-10-08 01:30 -------- d-----w- c:\users\Mindi\AppData\Local\temp
2011-10-08 01:30 . 2011-10-08 01:30 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-10-08 01:30 . 2011-10-08 01:30 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-10-08 01:30 . 2011-10-08 01:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-16 03:13 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-09 11:56 . 2011-07-23 11:02 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-09-09 02:18 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-09-09 02:15 . 2011-05-21 11:01 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-09-09 02:15 . 2011-05-21 11:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-09-09 02:15 . 2011-05-21 11:01 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-09-09 02:13 . 2011-09-09 02:13 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-09-09 02:10 . 2011-09-09 02:16 -------- d-----w- c:\program files\NVIDIA Corporation
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 23:56 . 2011-05-26 19:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 22:00 . 2008-07-20 03:11 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-11 13:25 . 2011-08-24 06:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-02 15:12 . 2011-04-23 03:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-14 39408]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-04-01 243000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 101136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-16 185872]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 2552648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-6 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-17 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-7-17 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-11-16 14:27 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-14 18:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R3 Alg78onenuvv;Alg78onenuvv; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-01-30 15656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 19839812;19839812 Boot Guard Driver;c:\windows\system32\DRIVERS\19839812.sys [2009-10-22 37392]
S1 19839811;19839811;c:\windows\system32\DRIVERS\19839811.sys [2009-09-25 128016]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-05-10 238960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-05-10 36568]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-01-31 266240]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-07-15 4408616]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 112936]
S3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2008-11-26 333824]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-05-20 13224]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-14 16:31]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 01:54]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 01:54]
.
2011-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2004058217-3774420004-2904589720-1001Core.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-04 17:05]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2004058217-3774420004-2904589720-1001UA.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-04 17:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{7ADA386C-1157-4D69-B2F2-E065D272A5EA}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{EF8F6197-CFB9-4078-91C2-8D45F25477CE}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\6pj6244n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-07 20:33
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(604)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(7252)
c:\windows\system32\guard32.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\System32\osk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2011-10-07 20:40:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-08 01:40
ComboFix2.txt 2011-05-10 18:34
.
Pre-Run: 85,024,509,952 bytes free
Post-Run: 84,854,931,456 bytes free
.
- - End Of File - - BFB0A4569259D69866C297BFEEEE906C

#4 vptony

vptony
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 07 October 2011 - 08:48 PM

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-10-07 20:47:01
-----------------------------
20:47:01.421 OS Version: Windows 6.0.6002 Service Pack 2
20:47:01.421 Number of processors: 2 586 0x6B01
20:47:01.436 ComputerName: MASCHARI UserName: Tony
20:47:16.958 Initialize success
20:47:28.783 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\000000a6
20:47:28.799 Disk 0 Vendor: ST325082 3.AD Size: 238418MB BusType: 6
20:47:30.811 Disk 0 MBR read successfully
20:47:30.811 Disk 0 MBR scan
20:47:30.811 Disk 0 unknown MBR code
20:47:32.839 Disk 0 scanning sectors +488278016
20:47:32.870 Disk 0 scanning C:\Windows\system32\drivers
20:47:39.968 Service scanning
20:47:41.372 Disk 0 trace - called modules:
20:47:41.388 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
20:47:41.388 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8607eac8]
20:47:41.388 3 CLASSPNP.SYS[8071c8b3] -> nt!IofCallDriver -> [0x85bb3f08]
20:47:41.403 5 acpi.sys[806106bc] -> nt!IofCallDriver -> \Device\000000a6[0x8579ea08]
20:47:41.403 Scan finished successfully
20:48:06.722 Disk 0 MBR has been saved successfully to "C:\Users\Tony\Desktop\MBR.dat"
20:48:06.738 The log file has been saved successfully to "C:\Users\Tony\Desktop\aswMBR.txt"

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:09 PM

Posted 12 October 2011 - 09:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your logs are clean.

If avira is still reporting some malicious files I recommend you run this online scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

===
Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review and let me know what problem persists.

#6 vptony

vptony
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 12 October 2011 - 01:15 PM

Avira is not still popping up with activity, i am just trying to be extra careful because i do most of my banking online and once the file was downloaded i have not typed any passwords in except to this forum, because of the security risk involved. i wanted to make sure i looks clean to an expert because i know some of these things can be tricky. Thank you for the help. here is the log

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira UnErase Personal
ESET Online Scanner v3
COMODO Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Java™ SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:09 PM

Posted 12 October 2011 - 01:30 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26
Java™ SE Runtime Environment 6

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
===

If all is well,

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used to clean this computer.

Surf Safely, and Think Prevention!
===

#8 vptony

vptony
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 12 October 2011 - 03:00 PM

ok i have updated all, and thank you. OH another question a, are you positive that my computer is now safe? this trojan was encountered on the 6th and somehow by the seventh my xbox live account was hacked and all of my points (money) on there was drained into another account. I dont give out my passwords nor email to strangers or to shady websites and still someone got into my account and they would have had to know my email address and my password for my xbox account. and i had not typed either into my computer because i knew of potential key loggers with the trojan activity . Xbox is investigating the problem and my account is locked so they cannot access it anymore. But do you have Any ideas how they got the info? its driving me nuts not knowing how they got it.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:09 PM

Posted 12 October 2011 - 06:23 PM

You had some vulnerabilitiers in thes 3rd party programs. All fixed.
How they got your information is not being viewed in your log.

Java™ 6 Update 26
Java™ SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!

===

Chrome was also an issue as cleaned by ComboFix.
Make sure you have the latest version.
===

What I see now is a clean computer. But we are never 100% sure that nothing else is lurking around.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#10 vptony

vptony
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 13 October 2011 - 04:07 PM

Call me paranoid but, i googled TR/Crypt.XPACK.Gen' [trojan] to see what other peoples experiences with this trojan were and it seems alot of people have a hard time getting rid of it. but i did not. since avira picked it up once it would pick it up again if i moved itself and or spread? i dont really know what this trojan does except it opens a back door. i guess im just freaking out about this because i am really, really careful and i had told my wife to call USPS to see if there really was a package but instead i dozed off and she clicked the link. and then to top it off, the day after the infection was caught and cleaned and i disabled the internet on the pc, only coming online for minutes to post to this forum and then re-disconnecting my xbox account was hacked and my microsoft points were stolen and moved to another account. the person who hacked my xbox 360 had to know my email and my password for my xbox account. I am the kind of person who has to know how things work or at least have theory's lol but i am absolutely driving myself mad trying to figure out how they got this information. It might not even be connected to the trojan at all but that is a weird coincidence. If you can through ideas at me lmao im going crazy.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:09 PM

Posted 14 October 2011 - 08:14 AM

I understand your frustration but your are not alone. This scam was identified On October 11.

Threat Outbreak Alert: Fake FedEx Package Delivery Failure E-mail Messages on October 11, 2011
http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=24349

Is it related to your loss I realy do not know.

#12 vptony

vptony
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 14 October 2011 - 03:25 PM

yes that looks like the same thing basically, so i noticed on my firewall TCP listening on: 49175 and on 2869
no connection just listening? strange or explainable? Also i tryed to find info on tr/crypt.xpack gen but theres really no info. do you know anything about it? is it really as easy to remove as it was for me?

#13 vptony

vptony
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 14 October 2011 - 03:26 PM

also i use comodo firewall and did a sheildsup test and failed true stealth test my computer replied to a ping how do i fix this. and how do i disable netbios over tcp/ip?
i figure that you know how to.

thanks so much for the help...

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:09 PM

Posted 15 October 2011 - 08:44 AM

quote]Also i tryed to find info on tr/crypt.xpack gen but theres really no info. do you know anything about it? is it really as easy to remove as it was for me? [/quote]

tr/crypt.xpack gen is the name given to the infection by your virus protection program. I can only delete the file(s) that I found to be bad.

[quote]also i use comodo firewall and did a sheildsup test and failed true stealth test my computer replied to a ping how do i fix this. and how do i disable netbios over tcp/ip?
i figure that you know how to. [/quote]

Sorry no. This is not my forte.

You will be better served here.

http://www.bleepingcomputer.com/forums/forum21.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users