Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit?


  • This topic is locked This topic is locked
105 replies to this topic

#1 sally23

sally23

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 29 November 2011 - 11:39 PM

I am having problems with my computer and started a topic in "Am I Infected." The reason I wrote in was because I would get a message about a system shut down by the NT Authority\System. This message showed a code of 1073741819. Then after that happened for a while, I could not even access the internet and had a 169 IP address.

After talking with Broni, and doing the winsockfix, I was back on the internet with a new IP address.

We started doing some more tests and he felt I could be infected with ZeroAccess rootkit.

Here is a link to our conversations: http://www.bleepingcomputer.com/forums/topic429322.html

Before doing the tests he suggested, I ran Spybot. I got some errors which I will list below. I clicked to fix them. Then I was not able to access the internet anymore. I ran Spybot the next day and two of the errors came back. I will list them here as well. I am back to an IP of 169 and can no longer access the internet. (I had AVG on my computer but cannot find it anywhere now.)


The Spybot errors were:

TrojansC-05 Registry Key
win32.agent.cgzd
{SBI $E63E2E75} settings
HKEY_Users\S-15-21-1136082493-92844387-3815805348-1007\bfgt


TrojansC-04 File
win32.Avkillsvc.e
{SBI $ACD9F3FA} Data
C:\Windows\temp\{E9C1EQAC-C9B2-4C85-94DE-9C1518918D02}.llb

{SBI $A1061526} Data
C:\Documents and Setings\Compaq_Adminisrator\Local Settings\Temp\{E9C1EQAC-C9B2-4C85-94DE-9C1518918D02}.llb

{SBI $A106152C} Data
C:\Documents and Setings\Local Service\Local Settings\Temp\{E9C1EQAC-C9B2-4C85-94DE-9C1518918D02}.llb

{SBI $A106152C} Data
C:\Documents and Setings\Network Service\Local Settings\Temp\{E9C1EQAC-C9B2-4C85-94DE-9C1518918D02}.llb


Spybot errors the next day:

TrojansC-04 File
win32.Avkillsvc.e
{SBI $ACD9F3FA} Data
C:\Windows\temp\{E9C1EQAC-C9B2-4C85-94DE-9C1518918D02}.llb

{SBI $A106152C} Data
C:\Documents and Setings\Network Service\Local Settings\Temp\{E9C1EQAC-C9B2-4C85-94DE-9C1518918D02}.llb


Here are the results from the DDS and GMER tests Broni suggested I do.


DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Compaq_Administrator at 17:12:54 on 2011-11-29
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.92 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Common Files\AOL\1165377227\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\program files\common files\aol\1165377227\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1165377227\ee\aolsoftware.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://rdr.wildtangent.com/wire/moregames.aspx?dp=compaq&itemName=wheeloffortune
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HostManager] c:\program files\common files\aol\1165377227\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe nogui
mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195778291505
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-hotel-mahjong/zylomplayer.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/realarcade-webgames/astropop/popcaploader.cab
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
============= SERVICES / DRIVERS ===============
.
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\toolbarbroker.exe --> c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [?]
.
=============== Created Last 30 ================
.
2011-11-27 21:20:52 -------- d-----w- C:\ERDNT
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HDS728080PLAT20 rev.PF2OA28A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys
1 ntkrnlpa!IofCallDriver[0x804EE00A] -> \Device\Harddisk0\DR0[0x845DE9C0]
3 CLASSPNP[0xF761705B] -> ntkrnlpa!IofCallDriver[0x804EE00A] -> [0x842FB030]
\Driver\Disk[0x842DA030] -> IRP_MJ_CREATE -> 0xF769C8B0
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
user & kernel MBR OK
.
============= FINISH: 17:14:33.92 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2006 8:45:22 PM
System Uptime: 11/29/2011 5:07:34 PM (0 hours ago)
.
Motherboard: Hewleet-Packard | | Alhena
Processor: Intel® Celeron® D CPU 3.20GHz | CPU 1 | 3200/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 66 GiB total, 49.256 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.354 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1268: 11/29/2011 5:11:49 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
1001 Ultimate Word Games
5 Card Slingo Deluxe
5600
5600_Help
5600Trb
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.6
AiO_Scan
AiOSoftware
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Spyware Protection
AOL Toolbar
AOL Uninstaller
AOL You've Got Pictures Screensaver
ATI Control Panel
ATI Display Driver
AVG 2011
Bejeweled 2 Deluxe 1.0
Big Fish Games Client
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon SELPHY CP740
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Card Games
Championship Dominoes
Compaq Connections (remove only)
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Crosword Fill Ins
Cryptic
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destinations
DocProc
DR Systems Web Ambassador
Easy Internet Sign-up
eGames GameButler
eSupportQFolder
Fax
FullDPAppQFolder
GameSpy Arcade
GemMaster Mystic
Hidden Expedition Titanic (remove only)
Hide and Secret
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DVD Play 2.1
HP Extended Capabilities 5.3
HP Games 3.43.97
HP Imaging Device Functions 7.0
HP My Display
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Product Assistant
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
J2SE Runtime Environment 5.0 Update 6
Joy of Cooking
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.42 .1
Logitech Resource Center
Logitech User's Guide
Mahjong Escape
Mahjongg XP Championship 2006 Platinum Edition
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Away Mode
Microsoft Money 2006
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVP Word Search
My HP Games
Netscape Browser (remove only)
NetZero Internet and Voice Offer
NewCopy
OptionalContentQFolder
Otto
PC-Doctor 5 for Windows
PhotoGallery
ProductContext
Pure Networks Port Magic
Puzzle And Word Games
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Sandlot Games Client Services
Scan
ScannerCopy
Scrabble Complete
SDK
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SkinsHP1
SlideShow
SlideShowMusic
Slingo Deluxe
SolutionCenter
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
Status
Super Swap Deluxe
TrayApp
Twistingo
U.S. Slots Special Edition
Unload
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WebReg
Wendy's Word Game Special Edition
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Word Scramble
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
Zuma Deluxe 1.0
.
==== Event Viewer Messages From Past Week ========
.
11/26/2011 8:52:36 PM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The specified module could not be found.
11/26/2011 8:52:35 PM, error: Rasman [20063] - Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.
11/26/2011 8:52:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
11/26/2011 8:52:07 PM, error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Remote Access Connection Manager service which failed to start because of the following error: The specified module could not be found.
11/26/2011 8:52:05 PM, error: Service Control Manager [7024] - The Media Center Extender Service service terminated with service-specific error 2147549183 (0x8000FFFF).
11/26/2011 8:52:05 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952444 (0x8007273C).
11/26/2011 8:52:05 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: An address incompatible with the requested protocol was used.
11/26/2011 8:52:05 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The support for the specified socket type does not exist in this address family.
11/26/2011 8:41:04 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
11/26/2011 8:39:47 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'loader.tlb' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
11/26/2011 8:36:41 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
.
==== End Of File ===========================



GMER


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-29 21:10:23
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16 HDS728080PLAT20 rev.PF2OA28A
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kgxdafod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\DRIVERS\update.sys suspicious PE modification
? C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device \Driver\Disk \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 F769C8B0

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) F76A6000-F76B1000 (45056 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:152] F76AB830
Thread System [4:156] F769D710

---- EOF - GMER 1.0.15 ----


The Module message was in red.
Also, when GMER finished, a message appeared that said:
Warning! GMER has found system modification caused by rookit activity.


Would you have any suggestions about what is wrong and if there is a way to fix it?

Thanks so much for helping me with this.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:32 AM

Posted 03 December 2011 - 10:40 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sally23

sally23
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 04 December 2011 - 02:00 PM

Thank you so much for replying.

I just tried to run the Combofix yet have a problem. When I got to the part where it wants to update the Recovery Console, it says I must be connected to the internet. Unfortunately, I cannot connect to the internet. So now I have a message on my screen that says I need to connect to the internet before clicking the OK button. Do you know what I should do now? I have not clicked anything or touched anything on screen because I did not want to mess anything up.

Thanks.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:32 AM

Posted 04 December 2011 - 02:05 PM

click ok


in you first post you said you can connect - now you can't?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sally23

sally23
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 04 December 2011 - 02:17 PM

Wow, that was fast. Thank you!

I was able to connect for about an hour or two. Then right after I ran the Spybot, I lost my internet access again.

I clicked OK like you said. Now I have a window that says "Failed to download required files. Aborting... Shall continue scanning for malware." There is an OK button.

As I just typed this, that box just disappeared! Now it is running a scan in the blue box.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:32 AM

Posted 04 December 2011 - 02:55 PM

ok let me know when the scan completes



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sally23

sally23
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 04 December 2011 - 03:47 PM

Hi again.

The Combofix finished and here is the log:


ComboFix 11-12-04.02 - Compaq_Administrator 12/04/2011 12:13:47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.199 [GMT -7:00]
Running from: F:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
C:\Images
c:\images\DirCfg.ini
c:\windows\bwUnin-6.1.0.155-8876480L.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\config\systemprofile\WINDOWS
D:\Autorun.inf
.
Infected copy of c:\windows\system32\DRIVERS\update.sys was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\update.sys
.
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe . . . is infected!!
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\windows\system32\Ati2evxx.exe . . . is infected!!
c:\windows\system32\Ati2evxx.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Canon\CAL\CALMAIN.exe . . . is infected!!
c:\program files\Canon\CAL\CALMAIN.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe . . . is infected!!
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\windows\system32\HPZipm12.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1268\A0147158.exe
.
Infected copy of c:\windows\system32\HPZipm12.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1268\A0147158.exe
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-11-27 21:20 . 2011-11-27 21:24 -------- d-----w- C:\ERDNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comres.dll
[-] 2004-08-10 04:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2004-08-10 04:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[-] 2004-08-10 04:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2009-08-07 . F41202DEA4114A293CC98DDCC5C3431F . 106496 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wuauclt.exe
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll
[7] 2005-07-26 11:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2005-07-26 11:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 04:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2004-08-09 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mswsock.dll
[-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
[-] 2004-08-09 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
.
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usp10.dll
[-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
[-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
[-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hnetcfg.dll
[-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
[-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2005-08-04 08:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-08-04 08:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-08-04 08:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-10 04:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntmssvc.dll
[-] 2004-08-10 04:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-10 04:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 04:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\olepro32.dll
[-] 2004-08-10 04:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 2004-08-10 04:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2004-08-10 04:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\w32time.dll
[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\midimap.dll
[-] 2004-08-10 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
[-] 2004-08-10 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
[-] 2004-08-10 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\midimap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HostManager"="c:\program files\Common Files\AOL\1165377227\ee\AOLSoftware.exe" [2006-09-26 50736]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-06 98304]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2001-12-20 204800]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 35328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-04 180269]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-30 278528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-9-4 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Logitech Desktop Messenger.lnk - c:\program files\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-18 156160]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-4 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-4 27136]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1165377227\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Infogrames Interactive\\Scrabble Complete\\ScrabbleComplete.exe"=
"c:\\Program Files\\Common Files\\AOL\\1165377227\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
.
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-23 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-10 04:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://rdr.wildtangent.com/wire/moregames.aspx?dp=compaq&itemName=wheeloffortune
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: trymedia.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-hotel-mahjong/zylomplayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-PCDrProfiler - (no file)
AddRemove-Bejeweled 2 Deluxe 1.0 - c:\program files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-04 13:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\common files\aol\1165377227\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\program files\common files\aol\1165377227\ee\anotify.exe
.
**************************************************************************
.
Completion time: 2011-12-04 13:38:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-04 20:37
.
Pre-Run: 53,160,267,776 bytes free
Post-Run: 53,245,063,168 bytes free
.
- - End Of File - - B56C7424D8AA7D3F01DCEA63CD4DAFE0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:32 AM

Posted 04 December 2011 - 05:22 PM

Hello

Looks like you may have a broken catroot folder, lets do this to see if we can get it fixed

Repair Catroot

  • Click Start, click Run, type Notepad, and then click OK.
  • Copy the following text, and then paste the text into Notepad.
net stop wuauserv
cd %systemroot%\SoftwareDistribution
ren Download Download.old
net start wuauserv
net stop bits
net start bits
net stop cryptsvc
cd %systemroot%\system32
ren catroot2 catroot2old
net start cryptsvc
  • Click File, click Save As, and then type Repair.bat.
  • In the Save as type box, click All Files.
  • In the Save in box, click Desktop, and then click Save.
  • On the File menu, click Exit.
    Double-click the Repair.bat file

Now I need you to go to windows update and download any update that it wants you to download.

Once that is complete please rerun combofix for me and if it asks you to update please allow it to.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sally23

sally23
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 04 December 2011 - 06:08 PM

Thanks for getting back to me again.

I had a quick question before I start. You wrote: "Now I need you to go to windows update and download any update that it wants you to download." How will I do this if I am still not on the internet? Or will it tell me what I need and then I should download from my other computer and transfer it over?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:32 AM

Posted 04 December 2011 - 08:17 PM

Hello

OK we will do that later

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sally23

sally23
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 05 December 2011 - 11:04 AM

Just to confirm. I should run the Tdskiller now and wait on the Catroot? Thanks.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:32 AM

Posted 05 December 2011 - 03:03 PM

yes
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sally23

sally23
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 05 December 2011 - 03:17 PM

Thanks! I will do it right now.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:32 AM

Posted 05 December 2011 - 03:23 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 sally23

sally23
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 05 December 2011 - 03:37 PM

Here is the report from tdsskiller:


13:27:29.0703 3548 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:27:29.0859 3548 ============================================================
13:27:29.0859 3548 Current date / time: 2011/12/05 13:27:29.0859
13:27:29.0859 3548 SystemInfo:
13:27:29.0859 3548
13:27:29.0859 3548 OS Version: 5.1.2600 ServicePack: 2.0
13:27:29.0859 3548 Product type: Workstation
13:27:29.0859 3548 ComputerName: YOUR-4DACD0EA75
13:27:29.0859 3548 UserName: Compaq_Administrator
13:27:29.0859 3548 Windows directory: C:\WINDOWS
13:27:29.0859 3548 System windows directory: C:\WINDOWS
13:27:29.0859 3548 Processor architecture: Intel x86
13:27:29.0859 3548 Number of processors: 1
13:27:29.0859 3548 Page size: 0x1000
13:27:29.0859 3548 Boot type: Normal boot
13:27:29.0859 3548 ============================================================
13:27:33.0828 3548 Initialize success
13:27:40.0906 3564 ============================================================
13:27:40.0906 3564 Scan started
13:27:40.0906 3564 Mode: Manual;
13:27:40.0906 3564 ============================================================
13:27:45.0218 3564 Abiosdsk - ok
13:27:46.0609 3564 abp480n5 - ok
13:27:48.0265 3564 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:27:48.0843 3564 ACPI - ok
13:27:50.0234 3564 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:27:50.0250 3564 ACPIEC - ok
13:27:51.0671 3564 adpu160m - ok
13:27:54.0093 3564 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
13:27:54.0250 3564 aec - ok
13:27:56.0328 3564 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
13:27:56.0468 3564 AFD - ok
13:27:57.0968 3564 Aha154x - ok
13:27:58.0953 3564 aic78u2 - ok
13:27:59.0937 3564 aic78xx - ok
13:28:00.0984 3564 AliIde - ok
13:28:02.0015 3564 amsint - ok
13:28:03.0140 3564 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
13:28:03.0171 3564 aracpi - ok
13:28:04.0187 3564 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
13:28:04.0203 3564 arhidfltr - ok
13:28:05.0203 3564 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
13:28:05.0218 3564 arkbcfltr - ok
13:28:06.0218 3564 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
13:28:06.0234 3564 armoucfltr - ok
13:28:07.0328 3564 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:28:07.0390 3564 Arp1394 - ok
13:28:08.0421 3564 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
13:28:08.0437 3564 ARPolicy - ok
13:28:09.0437 3564 asc - ok
13:28:10.0421 3564 asc3350p - ok
13:28:11.0406 3564 asc3550 - ok
13:28:12.0468 3564 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:28:12.0484 3564 AsyncMac - ok
13:28:13.0640 3564 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:28:13.0640 3564 atapi - ok
13:28:14.0609 3564 Atdisk - ok
13:28:17.0250 3564 ati2mtag (dd222ce49e79f15d2312a5e1f42e716e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:28:18.0890 3564 ati2mtag - ok
13:28:19.0984 3564 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:28:20.0046 3564 Atmarpc - ok
13:28:21.0078 3564 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:28:21.0093 3564 audstub - ok
13:28:22.0125 3564 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:28:22.0125 3564 Beep - ok
13:28:22.0156 3564 catchme - ok
13:28:23.0234 3564 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:28:23.0250 3564 cbidf2k - ok
13:28:24.0343 3564 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:28:24.0375 3564 CCDECODE - ok
13:28:25.0375 3564 cd20xrnt - ok
13:28:26.0421 3564 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:28:26.0453 3564 Cdaudio - ok
13:28:27.0546 3564 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
13:28:27.0609 3564 Cdfs - ok
13:28:28.0750 3564 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:28:28.0812 3564 Cdrom - ok
13:28:29.0796 3564 Changer - ok
13:28:30.0796 3564 CmdIde - ok
13:28:31.0812 3564 Cpqarray - ok
13:28:32.0875 3564 dac2w2k - ok
13:28:33.0937 3564 dac960nt - ok
13:28:35.0031 3564 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
13:28:35.0078 3564 Disk - ok
13:28:36.0968 3564 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
13:28:37.0765 3564 dmboot - ok
13:28:39.0000 3564 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
13:28:39.0156 3564 dmio - ok
13:28:40.0171 3564 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:28:40.0187 3564 dmload - ok
13:28:41.0296 3564 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
13:28:41.0343 3564 DMusic - ok
13:28:42.0359 3564 dpti2o - ok
13:28:43.0484 3564 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
13:28:43.0484 3564 drmkaud - ok
13:28:44.0718 3564 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
13:28:44.0859 3564 Fastfat - ok
13:28:45.0937 3564 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:28:45.0968 3564 Fdc - ok
13:28:47.0015 3564 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
13:28:47.0046 3564 Fips - ok
13:28:48.0140 3564 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:28:48.0156 3564 Flpydisk - ok
13:28:49.0390 3564 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:28:49.0515 3564 FltMgr - ok
13:28:50.0531 3564 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:28:50.0546 3564 Fs_Rec - ok
13:28:51.0765 3564 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:28:51.0890 3564 Ftdisk - ok
13:28:52.0875 3564 ftsata2 - ok
13:28:53.0968 3564 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:28:54.0000 3564 Gpc - ok
13:28:55.0171 3564 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:28:55.0312 3564 HDAudBus - ok
13:28:56.0328 3564 hpn - ok
13:28:57.0437 3564 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:28:57.0500 3564 HPZid412 - ok
13:28:58.0593 3564 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:28:58.0609 3564 HPZipr12 - ok
13:28:59.0796 3564 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:28:59.0812 3564 HPZius12 - ok
13:29:01.0109 3564 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
13:29:01.0375 3564 HSXHWBS2 - ok
13:29:03.0421 3564 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
13:29:04.0390 3564 HSX_DP - ok
13:29:05.0734 3564 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
13:29:06.0000 3564 HTTP - ok
13:29:07.0015 3564 i2omgmt - ok
13:29:08.0015 3564 i2omp - ok
13:29:09.0156 3564 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:29:09.0203 3564 i8042prt - ok
13:29:10.0406 3564 Icam4USB (222f74130a2e3a2ed655226d97f03812) C:\WINDOWS\system32\Drivers\Icam4USB.sys
13:29:10.0562 3564 Icam4USB - ok
13:29:11.0656 3564 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:29:11.0703 3564 Imapi - ok
13:29:12.0687 3564 ini910u - ok
13:29:18.0046 3564 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:29:22.0484 3564 IntcAzAudAddService - ok
13:29:23.0531 3564 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:29:23.0546 3564 IntelIde - ok
13:29:24.0671 3564 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:29:24.0703 3564 intelppm - ok
13:29:25.0765 3564 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:29:25.0796 3564 Ip6Fw - ok
13:29:26.0859 3564 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:29:26.0906 3564 IpFilterDriver - ok
13:29:27.0937 3564 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:29:27.0953 3564 IpInIp - ok
13:29:29.0093 3564 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:29:29.0312 3564 IpNat - ok
13:29:30.0437 3564 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:29:30.0515 3564 IPSec - ok
13:29:31.0546 3564 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:29:31.0546 3564 IRENUM - ok
13:29:32.0609 3564 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:29:32.0656 3564 isapnp - ok
13:29:33.0718 3564 itchfltr (e28b9746a8888c6536691d6f72fc6a61) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
13:29:33.0734 3564 itchfltr - ok
13:29:34.0843 3564 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:29:34.0875 3564 Kbdclass - ok
13:29:36.0093 3564 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
13:29:36.0265 3564 kmixer - ok
13:29:37.0406 3564 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
13:29:37.0515 3564 KSecDD - ok
13:29:38.0578 3564 l8042pr2 (cb129b5b0e47b0f34be950939da52e7f) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
13:29:38.0640 3564 l8042pr2 - ok
13:29:39.0671 3564 lbrtfdc - ok
13:29:40.0718 3564 LKbdFlt2 (18e48e9d5683860773a078c7c3837daf) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
13:29:40.0734 3564 LKbdFlt2 - ok
13:29:41.0843 3564 LMouFlt2 (d1d5f7cbecef5c0c9f019b0c534be289) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
13:29:41.0921 3564 LMouFlt2 - ok
13:29:42.0921 3564 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:29:42.0937 3564 mdmxsdk - ok
13:29:43.0968 3564 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:29:43.0984 3564 MHNDRV - ok
13:29:45.0031 3564 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:29:45.0031 3564 mnmdd - ok
13:29:46.0109 3564 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
13:29:46.0140 3564 Modem - ok
13:29:47.0187 3564 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:29:47.0218 3564 Mouclass - ok
13:29:48.0656 3564 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
13:29:48.0703 3564 MountMgr - ok
13:29:49.0750 3564 mraid35x - ok
13:29:51.0046 3564 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:29:51.0312 3564 MRxDAV - ok
13:29:52.0859 3564 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:29:53.0328 3564 MRxSmb - ok
13:29:54.0375 3564 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
13:29:54.0390 3564 Msfs - ok
13:29:55.0515 3564 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:29:55.0531 3564 MSKSSRV - ok
13:29:56.0531 3564 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:29:56.0546 3564 MSPCLOCK - ok
13:29:57.0562 3564 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
13:29:57.0578 3564 MSPQM - ok
13:29:58.0593 3564 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:29:58.0609 3564 mssmbios - ok
13:29:59.0625 3564 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
13:29:59.0640 3564 MSTEE - ok
13:30:00.0875 3564 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
13:30:00.0984 3564 Mup - ok
13:30:02.0171 3564 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:30:02.0265 3564 NABTSFEC - ok
13:30:03.0484 3564 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
13:30:03.0671 3564 NDIS - ok
13:30:04.0718 3564 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:30:04.0734 3564 NdisIP - ok
13:30:05.0796 3564 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:30:05.0812 3564 NdisTapi - ok
13:30:06.0843 3564 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:30:06.0859 3564 Ndisuio - ok
13:30:07.0968 3564 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:30:08.0062 3564 NdisWan - ok
13:30:09.0140 3564 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
13:30:09.0171 3564 NDProxy - ok
13:30:10.0296 3564 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:30:10.0328 3564 NetBIOS - ok
13:30:11.0546 3564 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:30:11.0718 3564 NetBT - ok
13:30:12.0812 3564 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:30:12.0875 3564 NIC1394 - ok
13:30:13.0968 3564 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
13:30:14.0000 3564 Npfs - ok
13:30:15.0671 3564 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
13:30:16.0265 3564 Ntfs - ok
13:30:17.0265 3564 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:30:17.0281 3564 Null - ok
13:30:18.0296 3564 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:30:18.0312 3564 NwlnkFlt - ok
13:30:19.0359 3564 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:30:19.0406 3564 NwlnkFwd - ok
13:30:20.0515 3564 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:30:20.0578 3564 ohci1394 - ok
13:30:21.0781 3564 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
13:30:21.0859 3564 Parport - ok
13:30:23.0062 3564 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
13:30:23.0093 3564 PartMgr - ok
13:30:24.0187 3564 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:30:24.0203 3564 ParVdm - ok
13:30:25.0640 3564 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
13:30:25.0734 3564 PCI - ok
13:30:26.0984 3564 PCIDump - ok
13:30:28.0156 3564 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:30:28.0218 3564 PCIIde - ok
13:30:29.0593 3564 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:30:29.0734 3564 Pcmcia - ok
13:30:30.0812 3564 PDCOMP - ok
13:30:31.0828 3564 PDFRAME - ok
13:30:32.0890 3564 pdiddcci (d1fc85a4880539657bb4d3775da0c541) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys
13:30:32.0906 3564 pdiddcci - ok
13:30:33.0937 3564 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\WINDOWS\system32\Drivers\PdiPorts.sys
13:30:33.0953 3564 PdiPorts - ok
13:30:34.0937 3564 PDRELI - ok
13:30:35.0937 3564 PDRFRAME - ok
13:30:36.0937 3564 perc2 - ok
13:30:37.0921 3564 perc2hib - ok
13:30:39.0046 3564 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:30:39.0093 3564 PptpMiniport - ok
13:30:40.0187 3564 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
13:30:40.0265 3564 PSched - ok
13:30:41.0359 3564 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:30:41.0375 3564 Ptilink - ok
13:30:42.0437 3564 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:30:42.0484 3564 PxHelp20 - ok
13:30:43.0484 3564 ql1080 - ok
13:30:44.0484 3564 Ql10wnt - ok
13:30:45.0500 3564 ql12160 - ok
13:30:46.0593 3564 ql1240 - ok
13:30:47.0609 3564 ql1280 - ok
13:30:48.0656 3564 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:30:48.0656 3564 RasAcd - ok
13:30:49.0765 3564 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:30:49.0812 3564 Rasl2tp - ok
13:30:50.0921 3564 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:30:50.0968 3564 RasPppoe - ok
13:30:52.0046 3564 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:30:52.0062 3564 Raspti - ok
13:30:53.0281 3564 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:30:53.0828 3564 Rdbss - ok
13:30:55.0218 3564 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:30:55.0234 3564 RDPCDD - ok
13:30:56.0500 3564 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:30:56.0703 3564 rdpdr - ok
13:30:57.0875 3564 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
13:30:58.0031 3564 RDPWD - ok
13:30:59.0156 3564 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:30:59.0218 3564 redbook - ok
13:31:00.0328 3564 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
13:31:00.0421 3564 RTL8023xp - ok
13:31:01.0546 3564 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:31:01.0562 3564 rtl8139 - ok
13:31:02.0640 3564 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:31:02.0671 3564 Secdrv - ok
13:31:03.0781 3564 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
13:31:03.0843 3564 Serial - ok
13:31:04.0906 3564 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:31:04.0921 3564 Sfloppy - ok
13:31:05.0921 3564 Simbad - ok
13:31:07.0015 3564 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:31:07.0031 3564 SLIP - ok
13:31:08.0031 3564 Sparrow - ok
13:31:09.0093 3564 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
13:31:09.0093 3564 splitter - ok
13:31:10.0234 3564 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
13:31:10.0312 3564 sr - ok
13:31:11.0765 3564 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
13:31:12.0125 3564 Srv - ok
13:31:13.0171 3564 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
13:31:13.0187 3564 StillCam - ok
13:31:14.0250 3564 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:31:14.0265 3564 streamip - ok
13:31:15.0343 3564 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:31:15.0359 3564 swenum - ok
13:31:16.0468 3564 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
13:31:16.0531 3564 swmidi - ok
13:31:17.0578 3564 symc810 - ok
13:31:18.0578 3564 symc8xx - ok
13:31:19.0593 3564 sym_hi - ok
13:31:20.0640 3564 sym_u3 - ok
13:31:21.0734 3564 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
13:31:21.0796 3564 sysaudio - ok
13:31:23.0281 3564 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:31:23.0640 3564 Tcpip - ok
13:31:24.0703 3564 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:31:24.0718 3564 TDPIPE - ok
13:31:25.0765 3564 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
13:31:25.0796 3564 TDTCP - ok
13:31:26.0875 3564 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:31:26.0921 3564 TermDD - ok
13:31:27.0968 3564 TosIde - ok
13:31:29.0093 3564 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
13:31:29.0171 3564 Udfs - ok
13:31:30.0156 3564 ultra - ok
13:31:31.0562 3564 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
13:31:31.0921 3564 Update - ok
13:31:33.0078 3564 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:31:33.0109 3564 usbccgp - ok
13:31:34.0187 3564 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:31:34.0203 3564 usbehci - ok
13:31:35.0328 3564 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:31:35.0390 3564 usbhub - ok
13:31:36.0453 3564 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:31:36.0468 3564 usbohci - ok
13:31:37.0578 3564 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:31:37.0609 3564 usbprint - ok
13:31:38.0656 3564 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:31:38.0671 3564 usbscan - ok
13:31:39.0734 3564 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:31:39.0734 3564 usbstor - ok
13:31:40.0781 3564 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:31:40.0796 3564 usbuhci - ok
13:31:41.0843 3564 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
13:31:41.0859 3564 VgaSave - ok
13:31:42.0953 3564 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:31:42.0953 3564 ViaIde - ok
13:31:44.0031 3564 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
13:31:44.0093 3564 VolSnap - ok
13:31:45.0218 3564 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:31:45.0250 3564 Wanarp - ok
13:31:46.0343 3564 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
13:31:46.0375 3564 wanatw - ok
13:31:47.0359 3564 WDICA - ok
13:31:48.0500 3564 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
13:31:48.0593 3564 wdmaud - ok
13:31:50.0312 3564 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
13:31:51.0093 3564 winachsx - ok
13:31:52.0234 3564 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:31:52.0265 3564 WSTCODEC - ok
13:31:52.0343 3564 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
13:31:52.0390 3564 \Device\Harddisk0\DR0 - ok
13:31:52.0406 3564 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR3
13:31:52.0546 3564 \Device\Harddisk1\DR3 - ok
13:31:52.0562 3564 Boot (0x1200) (94e85f516febf4aa26f4f5fbc3114897) \Device\Harddisk0\DR0\Partition0
13:31:52.0609 3564 \Device\Harddisk0\DR0\Partition0 - ok
13:31:52.0625 3564 Boot (0x1200) (39e626b1d05d6ad7724b9afe9d03ddde) \Device\Harddisk0\DR0\Partition1
13:31:52.0625 3564 \Device\Harddisk0\DR0\Partition1 - ok
13:31:52.0625 3564 Boot (0x1200) (e950458de2bf0c68056929cc179e58b8) \Device\Harddisk1\DR3\Partition0
13:31:52.0640 3564 \Device\Harddisk1\DR3\Partition0 - ok
13:31:52.0640 3564 ============================================================
13:31:52.0640 3564 Scan finished
13:31:52.0640 3564 ============================================================
13:31:52.0656 3556 Detected object count: 0
13:31:52.0656 3556 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users