Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Zeroaccess , ping.exe , google redirect + popups


  • This topic is locked This topic is locked
20 replies to this topic

#1 ractive

ractive

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 05 January 2012 - 09:56 AM

i looked around to see if anyone else have the same symptoms , and its good to know that i am not alone . the agent in the other post was asking the user for the tdss report and OTL . so here they are .
09:32:53.0639 3556 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
09:32:54.0023 3556 ============================================================
09:32:54.0023 3556 Current date / time: 2012/01/05 09:32:54.0023
09:32:54.0023 3556 SystemInfo:
09:32:54.0023 3556
09:32:54.0023 3556 OS Version: 6.1.7600 ServicePack: 0.0
09:32:54.0023 3556 Product type: Workstation
09:32:54.0023 3556 ComputerName: PETRO-PC
09:32:54.0023 3556 UserName: petro
09:32:54.0023 3556 Windows directory: C:\Windows
09:32:54.0023 3556 System windows directory: C:\Windows
09:32:54.0023 3556 Processor architecture: Intel x86
09:32:54.0023 3556 Number of processors: 4
09:32:54.0023 3556 Page size: 0x1000
09:32:54.0023 3556 Boot type: Normal boot
09:32:54.0023 3556 ============================================================
09:32:54.0214 3556 Initialize success
09:33:19.0623 2744 ============================================================
09:33:19.0624 2744 Scan started
09:33:19.0624 2744 Mode: Manual; SigCheck; TDLFS;
09:33:19.0624 2744 ============================================================
09:33:19.0843 2744 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
09:33:19.0885 2744 1394ohci - ok
09:33:19.0898 2744 33790652 (89fdba391985968401f51a5c577933cd) C:\Windows\system32\drivers\87739277.sys
09:33:19.0914 2744 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
09:33:19.0923 2744 ACPI - ok
09:33:19.0935 2744 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
09:33:19.0951 2744 AcpiPmi - ok
09:33:19.0969 2744 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:33:19.0980 2744 adp94xx - ok
09:33:19.0994 2744 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:33:20.0004 2744 adpahci - ok
09:33:20.0017 2744 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:33:20.0024 2744 adpu320 - ok
09:33:20.0042 2744 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
09:33:20.0055 2744 AFD - ok
09:33:20.0066 2744 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
09:33:20.0073 2744 agp440 - ok
09:33:20.0085 2744 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:33:20.0091 2744 aic78xx - ok
09:33:20.0104 2744 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
09:33:20.0109 2744 aliide - ok
09:33:20.0122 2744 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
09:33:20.0128 2744 amdagp - ok
09:33:20.0139 2744 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
09:33:20.0145 2744 amdide - ok
09:33:20.0156 2744 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:33:20.0165 2744 AmdK8 - ok
09:33:20.0264 2744 amdkmdag (c2adec8bb690db70ccb1049d4a6873a5) C:\Windows\system32\DRIVERS\atikmdag.sys
09:33:20.0371 2744 amdkmdag - ok
09:33:20.0385 2744 amdkmdap (62d2a87296bc26e1df9e1cf0e860e653) C:\Windows\system32\DRIVERS\atikmpag.sys
09:33:20.0396 2744 amdkmdap - ok
09:33:20.0407 2744 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:33:20.0415 2744 AmdPPM - ok
09:33:20.0427 2744 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
09:33:20.0434 2744 amdsata - ok
09:33:20.0447 2744 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:33:20.0454 2744 amdsbs - ok
09:33:20.0465 2744 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
09:33:20.0471 2744 amdxata - ok
09:33:20.0483 2744 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
09:33:20.0501 2744 AppID - ok
09:33:20.0518 2744 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:33:20.0524 2744 arc - ok
09:33:20.0536 2744 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:33:20.0543 2744 arcsas - ok
09:33:20.0555 2744 asmthub3 (3413610c3956765dbb2ef656019929fb) C:\Windows\system32\DRIVERS\asmthub3.sys
09:33:20.0561 2744 asmthub3 - ok
09:33:20.0574 2744 asmtxhci (f8074a66210abbb28f855269b3c14cb2) C:\Windows\system32\DRIVERS\asmtxhci.sys
09:33:20.0583 2744 asmtxhci - ok
09:33:20.0594 2744 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:33:20.0628 2744 AsyncMac - ok
09:33:20.0640 2744 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
09:33:20.0646 2744 atapi - ok
09:33:20.0657 2744 AthBTPort (882edbafcc227852c9dca23ea48d2e78) C:\Windows\system32\DRIVERS\btath_flt.sys
09:33:20.0661 2744 AthBTPort - ok
09:33:20.0673 2744 ATHDFU (99925b8ec4fccdb3992292fbcb31069e) C:\Windows\system32\Drivers\AthDfu.sys
09:33:20.0678 2744 ATHDFU - ok
09:33:20.0693 2744 AtiHDAudioService (84faf3d287d56d210f84db7c1349d43b) C:\Windows\system32\drivers\AtihdW73.sys
09:33:20.0701 2744 AtiHDAudioService - ok
09:33:20.0719 2744 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:33:20.0732 2744 b06bdrv - ok
09:33:20.0746 2744 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:33:20.0757 2744 b57nd60x - ok
09:33:20.0771 2744 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:33:20.0787 2744 Beep - ok
09:33:20.0799 2744 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:33:20.0808 2744 blbdrive - ok
09:33:20.0820 2744 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
09:33:20.0829 2744 bowser - ok
09:33:20.0840 2744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:33:20.0848 2744 BrFiltLo - ok
09:33:20.0859 2744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:33:20.0868 2744 BrFiltUp - ok
09:33:20.0883 2744 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:33:20.0897 2744 Brserid - ok
09:33:20.0908 2744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:33:20.0918 2744 BrSerWdm - ok
09:33:20.0929 2744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:33:20.0938 2744 BrUsbMdm - ok
09:33:20.0948 2744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:33:20.0956 2744 BrUsbSer - ok
09:33:20.0971 2744 BTATH_A2DP (e5b321f18a1d8b6b8dd397d92ba5946a) C:\Windows\system32\drivers\btath_a2dp.sys
09:33:20.0978 2744 BTATH_A2DP - ok
09:33:20.0989 2744 BTATH_BUS (f60e0c722442ea91f0c253b7814d8192) C:\Windows\system32\DRIVERS\btath_bus.sys
09:33:20.0993 2744 BTATH_BUS - ok
09:33:21.0006 2744 BTATH_HCRP (f31e369db8258b28e3dcf66705aea9e9) C:\Windows\system32\DRIVERS\btath_hcrp.sys
09:33:21.0012 2744 BTATH_HCRP - ok
09:33:21.0024 2744 BTATH_LWFLT (6651798266fde23159d961463a63a77d) C:\Windows\system32\DRIVERS\btath_lwflt.sys
09:33:21.0028 2744 BTATH_LWFLT - ok
09:33:21.0040 2744 BTATH_RCP (08ef5298df80bc136523bcd2ed8b9c37) C:\Windows\system32\DRIVERS\btath_rcp.sys
09:33:21.0046 2744 BTATH_RCP - ok
09:33:21.0060 2744 BtFilter (ef6269eab772989e338ba4c833093bac) C:\Windows\system32\DRIVERS\btfilter.sys
09:33:21.0067 2744 BtFilter - ok
09:33:21.0079 2744 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
09:33:21.0088 2744 BthEnum - ok
09:33:21.0099 2744 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:33:21.0108 2744 BTHMODEM - ok
09:33:21.0120 2744 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
09:33:21.0130 2744 BthPan - ok
09:33:21.0146 2744 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
09:33:21.0157 2744 BTHPORT - ok
09:33:21.0170 2744 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
09:33:21.0178 2744 BTHUSB - ok
09:33:21.0187 2744 catchme - ok
09:33:21.0199 2744 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:33:21.0216 2744 cdfs - ok
09:33:21.0229 2744 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
09:33:21.0237 2744 cdrom - ok
09:33:21.0249 2744 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:33:21.0259 2744 circlass - ok
09:33:21.0271 2744 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:33:21.0279 2744 CLFS - ok
09:33:21.0292 2744 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:33:21.0300 2744 CmBatt - ok
09:33:21.0311 2744 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
09:33:21.0317 2744 cmdide - ok
09:33:21.0332 2744 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
09:33:21.0345 2744 CNG - ok
09:33:21.0356 2744 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:33:21.0361 2744 Compbatt - ok
09:33:21.0373 2744 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:33:21.0382 2744 CompositeBus - ok
09:33:21.0394 2744 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:33:21.0399 2744 crcdisk - ok
09:33:21.0417 2744 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
09:33:21.0430 2744 CSC - ok
09:33:21.0445 2744 DfsC (73dc69b5a3bfcad731f7bdaea8734df7) C:\Windows\system32\Drivers\dfsc.sys
09:33:21.0446 2744 Suspicious file (Forged): C:\Windows\system32\Drivers\dfsc.sys. Real md5: 73dc69b5a3bfcad731f7bdaea8734df7, Fake md5: 83d1ecea8faae75604c0fa49ac7ad996
09:33:21.0446 2744 DfsC ( Rootkit.Win32.ZAccess.aml ) - infected
09:33:21.0446 2744 DfsC - detected Rootkit.Win32.ZAccess.aml (0)
09:33:21.0460 2744 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:33:21.0477 2744 discache - ok
09:33:21.0488 2744 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:33:21.0494 2744 Disk - ok
09:33:21.0508 2744 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:33:21.0517 2744 drmkaud - ok
09:33:21.0535 2744 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
09:33:21.0550 2744 DXGKrnl - ok
09:33:21.0564 2744 e1cexpress (137482f0afa288a9e0b563c23facb4cd) C:\Windows\system32\DRIVERS\e1c6232.sys
09:33:21.0572 2744 e1cexpress - ok
09:33:21.0611 2744 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:33:21.0653 2744 ebdrv - ok
09:33:21.0671 2744 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:33:21.0682 2744 elxstor - ok
09:33:21.0694 2744 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
09:33:21.0701 2744 ErrDev - ok
09:33:21.0716 2744 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:33:21.0734 2744 exfat - ok
09:33:21.0747 2744 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:33:21.0765 2744 fastfat - ok
09:33:21.0777 2744 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:33:21.0784 2744 fdc - ok
09:33:21.0797 2744 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:33:21.0804 2744 FileInfo - ok
09:33:21.0815 2744 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:33:21.0831 2744 Filetrace - ok
09:33:21.0843 2744 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:33:21.0851 2744 flpydisk - ok
09:33:21.0865 2744 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:33:21.0873 2744 FltMgr - ok
09:33:21.0885 2744 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:33:21.0892 2744 FsDepends - ok
09:33:21.0903 2744 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:33:21.0909 2744 Fs_Rec - ok
09:33:21.0922 2744 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
09:33:21.0932 2744 fvevol - ok
09:33:21.0943 2744 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:33:21.0950 2744 gagp30kx - ok
09:33:21.0962 2744 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:33:21.0966 2744 GEARAspiWDM - ok
09:33:21.0978 2744 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:33:21.0988 2744 hcw85cir - ok
09:33:22.0003 2744 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
09:33:22.0015 2744 HdAudAddService - ok
09:33:22.0027 2744 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:33:22.0063 2744 HDAudBus - ok
09:33:22.0074 2744 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:33:22.0089 2744 HidBatt - ok
09:33:22.0101 2744 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:33:22.0184 2744 HidBth - ok
09:33:22.0196 2744 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:33:22.0265 2744 HidIr - ok
09:33:22.0280 2744 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
09:33:22.0287 2744 HidUsb - ok
09:33:22.0302 2744 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:33:22.0308 2744 HpSAMD - ok
09:33:22.0326 2744 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
09:33:22.0349 2744 HTTP - ok
09:33:22.0359 2744 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
09:33:22.0365 2744 hwpolicy - ok
09:33:22.0376 2744 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:33:22.0385 2744 i8042prt - ok
09:33:22.0400 2744 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
09:33:22.0409 2744 iaStorV - ok
09:33:22.0422 2744 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:33:22.0428 2744 iirsp - ok
09:33:22.0472 2744 IntcAzAudAddService (5294f1c52a6d8c2a15ffd2945c552736) C:\Windows\system32\drivers\RTKVHDA.sys
09:33:22.0521 2744 IntcAzAudAddService - ok
09:33:22.0540 2744 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
09:33:22.0545 2744 intelide - ok
09:33:22.0557 2744 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:33:22.0564 2744 intelppm - ok
09:33:22.0577 2744 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:33:22.0594 2744 IpFilterDriver - ok
09:33:22.0606 2744 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:33:22.0614 2744 IPMIDRV - ok
09:33:22.0626 2744 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:33:22.0643 2744 IPNAT - ok
09:33:22.0656 2744 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:33:22.0672 2744 IRENUM - ok
09:33:22.0684 2744 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
09:33:22.0691 2744 isapnp - ok
09:33:22.0703 2744 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
09:33:22.0711 2744 iScsiPrt - ok
09:33:22.0724 2744 JRAID (fe40c1ba67ec92490fce065016806aa6) C:\Windows\system32\DRIVERS\jraid.sys
09:33:22.0731 2744 JRAID - ok
09:33:22.0742 2744 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:33:22.0748 2744 kbdclass - ok
09:33:22.0760 2744 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
09:33:22.0767 2744 kbdhid - ok
09:33:22.0780 2744 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
09:33:22.0786 2744 KSecDD - ok
09:33:22.0799 2744 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
09:33:22.0807 2744 KSecPkg - ok
09:33:22.0822 2744 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:33:22.0839 2744 lltdio - ok
09:33:22.0854 2744 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:33:22.0860 2744 LSI_FC - ok
09:33:22.0872 2744 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:33:22.0879 2744 LSI_SAS - ok
09:33:22.0891 2744 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:33:22.0897 2744 LSI_SAS2 - ok
09:33:22.0909 2744 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:33:22.0916 2744 LSI_SCSI - ok
09:33:22.0928 2744 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:33:22.0946 2744 luafv - ok
09:33:22.0958 2744 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
09:33:22.0963 2744 MBAMProtector - ok
09:33:22.0978 2744 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:33:22.0984 2744 megasas - ok
09:33:22.0997 2744 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:33:23.0005 2744 MegaSR - ok
09:33:23.0019 2744 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys
09:33:23.0026 2744 MEI - ok
09:33:23.0040 2744 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:33:23.0057 2744 Modem - ok
09:33:23.0068 2744 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:33:23.0076 2744 monitor - ok
09:33:23.0089 2744 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:33:23.0095 2744 mouclass - ok
09:33:23.0106 2744 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:33:23.0114 2744 mouhid - ok
09:33:23.0126 2744 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
09:33:23.0133 2744 mountmgr - ok
09:33:23.0145 2744 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
09:33:23.0153 2744 mpio - ok
09:33:23.0164 2744 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:33:23.0199 2744 mpsdrv - ok
09:33:23.0211 2744 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
09:33:23.0222 2744 MRxDAV - ok
09:33:23.0234 2744 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:33:23.0243 2744 mrxsmb - ok
09:33:23.0257 2744 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:33:23.0266 2744 mrxsmb10 - ok
09:33:23.0278 2744 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:33:23.0286 2744 mrxsmb20 - ok
09:33:23.0298 2744 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
09:33:23.0304 2744 msahci - ok
09:33:23.0317 2744 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
09:33:23.0324 2744 msdsm - ok
09:33:23.0336 2744 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:33:23.0352 2744 Msfs - ok
09:33:23.0363 2744 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:33:23.0379 2744 mshidkmdf - ok
09:33:23.0390 2744 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
09:33:23.0396 2744 msisadrv - ok
09:33:23.0409 2744 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:33:23.0425 2744 MSKSSRV - ok
09:33:23.0435 2744 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:33:23.0452 2744 MSPCLOCK - ok
09:33:23.0463 2744 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:33:23.0479 2744 MSPQM - ok
09:33:23.0492 2744 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:33:23.0500 2744 MsRPC - ok
09:33:23.0512 2744 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
09:33:23.0518 2744 mssmbios - ok
09:33:23.0530 2744 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:33:23.0546 2744 MSTEE - ok
09:33:23.0557 2744 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:33:23.0565 2744 MTConfig - ok
09:33:23.0576 2744 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:33:23.0583 2744 Mup - ok
09:33:23.0597 2744 mv91xx (19aab6a158bc8a16e756c010776a5546) C:\Windows\system32\DRIVERS\mv91xx.sys
09:33:23.0605 2744 mv91xx - ok
09:33:23.0620 2744 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:33:23.0633 2744 NativeWifiP - ok
09:33:23.0652 2744 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
09:33:23.0667 2744 NDIS - ok
09:33:23.0680 2744 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:33:23.0696 2744 NdisCap - ok
09:33:23.0708 2744 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:33:23.0723 2744 NdisTapi - ok
09:33:23.0735 2744 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
09:33:23.0752 2744 Ndisuio - ok
09:33:23.0764 2744 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
09:33:23.0781 2744 NdisWan - ok
09:33:23.0792 2744 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
09:33:23.0808 2744 NDProxy - ok
09:33:23.0820 2744 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:33:23.0836 2744 NetBIOS - ok
09:33:23.0849 2744 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
09:33:23.0868 2744 NetBT - ok
09:33:23.0884 2744 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:33:23.0890 2744 nfrd960 - ok
09:33:23.0902 2744 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:33:23.0919 2744 Npfs - ok
09:33:23.0932 2744 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:33:23.0948 2744 nsiproxy - ok
09:33:23.0972 2744 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
09:33:23.0996 2744 Ntfs - ok
09:33:24.0007 2744 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:33:24.0023 2744 Null - ok
09:33:24.0035 2744 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
09:33:24.0042 2744 nvraid - ok
09:33:24.0055 2744 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
09:33:24.0062 2744 nvstor - ok
09:33:24.0074 2744 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
09:33:24.0081 2744 nv_agp - ok
09:33:24.0094 2744 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
09:33:24.0102 2744 ohci1394 - ok
09:33:24.0118 2744 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:33:24.0127 2744 Parport - ok
09:33:24.0139 2744 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
09:33:24.0145 2744 partmgr - ok
09:33:24.0156 2744 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:33:24.0164 2744 Parvdm - ok
09:33:24.0178 2744 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
09:33:24.0185 2744 pci - ok
09:33:24.0196 2744 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
09:33:24.0202 2744 pciide - ok
09:33:24.0213 2744 PciPPorts (8ebcf4fced749a2f893318e7ea65991e) C:\Windows\system32\DRIVERS\PciPPorts.sys
09:33:24.0222 2744 PciPPorts - ok
09:33:24.0234 2744 PciSPorts (ccda30f061b15b2d66a031d0b749bfc8) C:\Windows\system32\DRIVERS\PciSPorts.sys
09:33:24.0242 2744 PciSPorts - ok
09:33:24.0254 2744 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:33:24.0262 2744 pcmcia - ok
09:33:24.0274 2744 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:33:24.0280 2744 pcw - ok
09:33:24.0298 2744 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:33:24.0321 2744 PEAUTH - ok
09:33:24.0347 2744 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:33:24.0364 2744 PptpMiniport - ok
09:33:24.0375 2744 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:33:24.0383 2744 Processor - ok
09:33:24.0398 2744 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:33:24.0415 2744 Psched - ok
09:33:24.0440 2744 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:33:24.0466 2744 ql2300 - ok
09:33:24.0478 2744 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:33:24.0485 2744 ql40xx - ok
09:33:24.0497 2744 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:33:24.0506 2744 QWAVEdrv - ok
09:33:24.0517 2744 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:33:24.0534 2744 RasAcd - ok
09:33:24.0546 2744 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:33:24.0562 2744 RasAgileVpn - ok
09:33:24.0575 2744 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:33:24.0591 2744 Rasl2tp - ok
09:33:24.0604 2744 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:33:24.0622 2744 RasPppoe - ok
09:33:24.0634 2744 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:33:24.0649 2744 RasSstp - ok
09:33:24.0663 2744 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
09:33:24.0681 2744 rdbss - ok
09:33:24.0692 2744 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:33:24.0701 2744 rdpbus - ok
09:33:24.0712 2744 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:33:24.0728 2744 RDPCDD - ok
09:33:24.0742 2744 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
09:33:24.0752 2744 RDPDR - ok
09:33:24.0764 2744 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:33:24.0779 2744 RDPENCDD - ok
09:33:24.0791 2744 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:33:24.0806 2744 RDPREFMP - ok
09:33:24.0819 2744 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
09:33:24.0837 2744 RDPWD - ok
09:33:24.0850 2744 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
09:33:24.0858 2744 rdyboost - ok
09:33:24.0872 2744 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
09:33:24.0882 2744 RFCOMM - ok
09:33:24.0895 2744 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
09:33:24.0903 2744 RimUsb - ok
09:33:24.0915 2744 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
09:33:24.0922 2744 RimVSerPort - ok
09:33:24.0933 2744 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
09:33:24.0950 2744 ROOTMODEM - ok
09:33:24.0965 2744 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:33:24.0981 2744 rspndr - ok
09:33:24.0993 2744 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
09:33:25.0001 2744 s3cap - ok
09:33:25.0013 2744 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
09:33:25.0020 2744 sbp2port - ok
09:33:25.0032 2744 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
09:33:25.0049 2744 scfilter - ok
09:33:25.0063 2744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:33:25.0079 2744 secdrv - ok
09:33:25.0093 2744 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:33:25.0101 2744 Serenum - ok
09:33:25.0113 2744 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:33:25.0121 2744 Serial - ok
09:33:25.0134 2744 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:33:25.0142 2744 sermouse - ok
09:33:25.0157 2744 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
09:33:25.0165 2744 sffdisk - ok
09:33:25.0176 2744 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:33:25.0185 2744 sffp_mmc - ok
09:33:25.0196 2744 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:33:25.0205 2744 sffp_sd - ok
09:33:25.0216 2744 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:33:25.0224 2744 sfloppy - ok
09:33:25.0238 2744 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
09:33:25.0244 2744 sisagp - ok
09:33:25.0256 2744 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:33:25.0261 2744 SiSRaid2 - ok
09:33:25.0273 2744 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:33:25.0280 2744 SiSRaid4 - ok
09:33:25.0292 2744 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:33:25.0309 2744 Smb - ok
09:33:25.0323 2744 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:33:25.0329 2744 spldr - ok
09:33:25.0349 2744 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\Windows\System32\Drivers\sptd.sys
09:33:25.0349 2744 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
09:33:25.0350 2744 sptd ( LockedFile.Multi.Generic ) - warning
09:33:25.0350 2744 sptd - detected LockedFile.Multi.Generic (1)
09:33:25.0364 2744 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
09:33:25.0375 2744 srv - ok
09:33:25.0392 2744 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
09:33:25.0402 2744 srv2 - ok
09:33:25.0414 2744 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
09:33:25.0422 2744 srvnet - ok
09:33:25.0438 2744 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:33:25.0443 2744 stexstor - ok
09:33:25.0454 2744 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
09:33:25.0463 2744 StillCam - ok
09:33:25.0475 2744 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
09:33:25.0481 2744 storflt - ok
09:33:25.0493 2744 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
09:33:25.0499 2744 storvsc - ok
09:33:25.0511 2744 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
09:33:25.0516 2744 swenum - ok
09:33:25.0544 2744 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
09:33:25.0568 2744 Tcpip - ok
09:33:25.0592 2744 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
09:33:25.0609 2744 TCPIP6 - ok
09:33:25.0622 2744 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
09:33:25.0638 2744 tcpipreg - ok
09:33:25.0651 2744 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
09:33:25.0667 2744 TDPIPE - ok
09:33:25.0680 2744 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
09:33:25.0697 2744 TDTCP - ok
09:33:25.0709 2744 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
09:33:25.0726 2744 tdx - ok
09:33:25.0738 2744 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
09:33:25.0744 2744 TermDD - ok
09:33:25.0762 2744 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:33:25.0779 2744 tssecsrv - ok
09:33:25.0791 2744 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
09:33:25.0809 2744 tunnel - ok
09:33:25.0821 2744 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:33:25.0827 2744 uagp35 - ok
09:33:25.0841 2744 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
09:33:25.0860 2744 udfs - ok
09:33:25.0875 2744 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:33:25.0881 2744 uliagpkx - ok
09:33:25.0893 2744 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
09:33:25.0901 2744 umbus - ok
09:33:25.0912 2744 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:33:25.0919 2744 UmPass - ok
09:33:25.0933 2744 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:33:25.0940 2744 USBAAPL - ok
09:33:25.0952 2744 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
09:33:25.0962 2744 usbaudio - ok
09:33:25.0974 2744 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
09:33:25.0983 2744 usbccgp - ok
09:33:25.0995 2744 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
09:33:26.0004 2744 usbcir - ok
09:33:26.0016 2744 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
09:33:26.0023 2744 usbehci - ok
09:33:26.0034 2744 UsbFltr (1d6a4fa75af0400d3f99642c271f3255) C:\Windows\system32\Drivers\UsbFltr.sys
09:33:26.0042 2744 UsbFltr - ok
09:33:26.0056 2744 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
09:33:26.0065 2744 usbhub - ok
09:33:26.0077 2744 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
09:33:26.0084 2744 usbohci - ok
09:33:26.0095 2744 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:33:26.0104 2744 usbprint - ok
09:33:26.0116 2744 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:33:26.0125 2744 USBSTOR - ok
09:33:26.0136 2744 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
09:33:26.0144 2744 usbuhci - ok
09:33:26.0157 2744 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
09:33:26.0166 2744 usbvideo - ok
09:33:26.0181 2744 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:33:26.0187 2744 vdrvroot - ok
09:33:26.0200 2744 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:33:26.0209 2744 vga - ok
09:33:26.0220 2744 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:33:26.0236 2744 VgaSave - ok
09:33:26.0249 2744 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
09:33:26.0257 2744 vhdmp - ok
09:33:26.0269 2744 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
09:33:26.0275 2744 viaagp - ok
09:33:26.0287 2744 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:33:26.0295 2744 ViaC7 - ok
09:33:26.0306 2744 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
09:33:26.0312 2744 viaide - ok
09:33:26.0326 2744 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
09:33:26.0334 2744 vmbus - ok
09:33:26.0346 2744 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
09:33:26.0353 2744 VMBusHID - ok
09:33:26.0365 2744 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
09:33:26.0371 2744 volmgr - ok
09:33:26.0385 2744 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:33:26.0395 2744 volmgrx - ok
09:33:26.0408 2744 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
09:33:26.0417 2744 volsnap - ok
09:33:26.0430 2744 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:33:26.0437 2744 vsmraid - ok
09:33:26.0450 2744 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
09:33:26.0459 2744 vwifibus - ok
09:33:26.0472 2744 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:33:26.0480 2744 WacomPen - ok
09:33:26.0492 2744 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:33:26.0509 2744 WANARP - ok
09:33:26.0512 2744 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:33:26.0527 2744 Wanarpv6 - ok
09:33:26.0544 2744 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:33:26.0550 2744 Wd - ok
09:33:26.0566 2744 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:33:26.0578 2744 Wdf01000 - ok
09:33:26.0596 2744 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:33:26.0612 2744 WfpLwf - ok
09:33:26.0624 2744 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:33:26.0629 2744 WIMMount - ok
09:33:26.0649 2744 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
09:33:26.0657 2744 WinUsb - ok
09:33:26.0671 2744 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:33:26.0679 2744 WmiAcpi - ok
09:33:26.0696 2744 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:33:26.0713 2744 ws2ifsl - ok
09:33:26.0728 2744 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
09:33:26.0745 2744 WudfPf - ok
09:33:26.0758 2744 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:33:26.0775 2744 WUDFRd - ok
09:33:26.0782 2744 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:33:26.0785 2744 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:33:26.0785 2744 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:33:26.0787 2744 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
09:33:26.0834 2744 \Device\Harddisk1\DR1 - ok
09:33:26.0836 2744 Boot (0x1200) (3a681daf28148ac1ddec096a466a4ad1) \Device\Harddisk0\DR0\Partition0
09:33:26.0837 2744 \Device\Harddisk0\DR0\Partition0 - ok
09:33:26.0842 2744 Boot (0x1200) (a1db6cb2f3c779d9b42e8b4b05dfadd6) \Device\Harddisk0\DR0\Partition1
09:33:26.0842 2744 \Device\Harddisk0\DR0\Partition1 - ok
09:33:26.0845 2744 Boot (0x1200) (bc8b12bb6244d60226b08758ec7d9bfa) \Device\Harddisk1\DR1\Partition0
09:33:26.0846 2744 \Device\Harddisk1\DR1\Partition0 - ok
09:33:26.0847 2744 ============================================================
09:33:26.0847 2744 Scan finished
09:33:26.0847 2744 ============================================================
09:33:26.0855 6100 Detected object count: 3
09:33:26.0855 6100 Actual detected object count: 3
09:33:46.0606 6100 DfsC ( Rootkit.Win32.ZAccess.aml ) - skipped by user
09:33:46.0606 6100 DfsC ( Rootkit.Win32.ZAccess.aml ) - User select action: Skip
09:33:46.0607 6100 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:33:46.0607 6100 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
09:33:46.0608 6100 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:33:46.0608 6100 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:34:17.0135 6584 ============================================================
09:34:17.0135 6584 Scan started
09:34:17.0135 6584 Mode: Manual; SigCheck; TDLFS;
09:34:17.0135 6584 ============================================================
09:34:17.0216 6584 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
09:34:17.0227 6584 1394ohci - ok
09:34:17.0239 6584 33790652 (89fdba391985968401f51a5c577933cd) C:\Windows\system32\drivers\87739277.sys
09:34:17.0255 6584 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
09:34:17.0262 6584 ACPI - ok
09:34:17.0274 6584 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
09:34:17.0281 6584 AcpiPmi - ok
09:34:17.0298 6584 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:34:17.0306 6584 adp94xx - ok
09:34:17.0321 6584 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:34:17.0328 6584 adpahci - ok
09:34:17.0341 6584 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:34:17.0347 6584 adpu320 - ok
09:34:17.0363 6584 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
09:34:17.0371 6584 AFD - ok
09:34:17.0382 6584 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
09:34:17.0388 6584 agp440 - ok
09:34:17.0400 6584 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:34:17.0405 6584 aic78xx - ok
09:34:17.0417 6584 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
09:34:17.0422 6584 aliide - ok
09:34:17.0434 6584 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
09:34:17.0439 6584 amdagp - ok
09:34:17.0450 6584 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
09:34:17.0455 6584 amdide - ok
09:34:17.0466 6584 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:34:17.0472 6584 AmdK8 - ok
09:34:17.0565 6584 amdkmdag (c2adec8bb690db70ccb1049d4a6873a5) C:\Windows\system32\DRIVERS\atikmdag.sys
09:34:17.0630 6584 amdkmdag - ok
09:34:17.0644 6584 amdkmdap (62d2a87296bc26e1df9e1cf0e860e653) C:\Windows\system32\DRIVERS\atikmpag.sys
09:34:17.0652 6584 amdkmdap - ok
09:34:17.0663 6584 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:34:17.0670 6584 AmdPPM - ok
09:34:17.0682 6584 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
09:34:17.0687 6584 amdsata - ok
09:34:17.0700 6584 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:34:17.0706 6584 amdsbs - ok
09:34:17.0717 6584 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
09:34:17.0722 6584 amdxata - ok
09:34:17.0733 6584 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
09:34:17.0742 6584 AppID - ok
09:34:17.0756 6584 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:34:17.0762 6584 arc - ok
09:34:17.0773 6584 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:34:17.0779 6584 arcsas - ok
09:34:17.0790 6584 asmthub3 (3413610c3956765dbb2ef656019929fb) C:\Windows\system32\DRIVERS\asmthub3.sys
09:34:17.0795 6584 asmthub3 - ok
09:34:17.0809 6584 asmtxhci (f8074a66210abbb28f855269b3c14cb2) C:\Windows\system32\DRIVERS\asmtxhci.sys
09:34:17.0816 6584 asmtxhci - ok
09:34:17.0827 6584 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:34:17.0842 6584 AsyncMac - ok
09:34:17.0853 6584 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
09:34:17.0858 6584 atapi - ok
09:34:17.0869 6584 AthBTPort (882edbafcc227852c9dca23ea48d2e78) C:\Windows\system32\DRIVERS\btath_flt.sys
09:34:17.0873 6584 AthBTPort - ok
09:34:17.0884 6584 ATHDFU (99925b8ec4fccdb3992292fbcb31069e) C:\Windows\system32\Drivers\AthDfu.sys
09:34:17.0887 6584 ATHDFU - ok
09:34:17.0901 6584 AtiHDAudioService (84faf3d287d56d210f84db7c1349d43b) C:\Windows\system32\drivers\AtihdW73.sys
09:34:17.0908 6584 AtiHDAudioService - ok
09:34:17.0926 6584 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:34:17.0935 6584 b06bdrv - ok
09:34:17.0948 6584 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:34:17.0955 6584 b57nd60x - ok
09:34:17.0968 6584 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:34:17.0983 6584 Beep - ok
09:34:17.0995 6584 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:34:18.0001 6584 blbdrive - ok
09:34:18.0014 6584 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
09:34:18.0020 6584 bowser - ok
09:34:18.0031 6584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:34:18.0038 6584 BrFiltLo - ok
09:34:18.0049 6584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:34:18.0056 6584 BrFiltUp - ok
09:34:18.0071 6584 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:34:18.0080 6584 Brserid - ok
09:34:18.0091 6584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:34:18.0099 6584 BrSerWdm - ok
09:34:18.0109 6584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:34:18.0117 6584 BrUsbMdm - ok
09:34:18.0128 6584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:34:18.0134 6584 BrUsbSer - ok
09:34:18.0147 6584 BTATH_A2DP (e5b321f18a1d8b6b8dd397d92ba5946a) C:\Windows\system32\drivers\btath_a2dp.sys
09:34:18.0152 6584 BTATH_A2DP - ok
09:34:18.0164 6584 BTATH_BUS (f60e0c722442ea91f0c253b7814d8192) C:\Windows\system32\DRIVERS\btath_bus.sys
09:34:18.0167 6584 BTATH_BUS - ok
09:34:18.0180 6584 BTATH_HCRP (f31e369db8258b28e3dcf66705aea9e9) C:\Windows\system32\DRIVERS\btath_hcrp.sys
09:34:18.0184 6584 BTATH_HCRP - ok
09:34:18.0195 6584 BTATH_LWFLT (6651798266fde23159d961463a63a77d) C:\Windows\system32\DRIVERS\btath_lwflt.sys
09:34:18.0199 6584 BTATH_LWFLT - ok
09:34:18.0210 6584 BTATH_RCP (08ef5298df80bc136523bcd2ed8b9c37) C:\Windows\system32\DRIVERS\btath_rcp.sys
09:34:18.0215 6584 BTATH_RCP - ok
09:34:18.0229 6584 BtFilter (ef6269eab772989e338ba4c833093bac) C:\Windows\system32\DRIVERS\btfilter.sys
09:34:18.0234 6584 BtFilter - ok
09:34:18.0245 6584 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
09:34:18.0252 6584 BthEnum - ok
09:34:18.0263 6584 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:34:18.0270 6584 BTHMODEM - ok
09:34:18.0282 6584 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
09:34:18.0290 6584 BthPan - ok
09:34:18.0305 6584 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
09:34:18.0313 6584 BTHPORT - ok
09:34:18.0332 6584 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
09:34:18.0338 6584 BTHUSB - ok
09:34:18.0346 6584 catchme - ok
09:34:18.0359 6584 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:34:18.0374 6584 cdfs - ok
09:34:18.0385 6584 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
09:34:18.0392 6584 cdrom - ok
09:34:18.0405 6584 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:34:18.0412 6584 circlass - ok
09:34:18.0424 6584 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:34:18.0431 6584 CLFS - ok
09:34:18.0443 6584 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:34:18.0449 6584 CmBatt - ok
09:34:18.0460 6584 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
09:34:18.0465 6584 cmdide - ok
09:34:18.0480 6584 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
09:34:18.0490 6584 CNG - ok
09:34:18.0501 6584 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:34:18.0506 6584 Compbatt - ok
09:34:18.0518 6584 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:34:18.0525 6584 CompositeBus - ok
09:34:18.0537 6584 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:34:18.0543 6584 crcdisk - ok
09:34:18.0559 6584 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
09:34:18.0568 6584 CSC - ok
09:34:18.0583 6584 DfsC (73dc69b5a3bfcad731f7bdaea8734df7) C:\Windows\system32\Drivers\dfsc.sys
09:34:18.0584 6584 Suspicious file (Forged): C:\Windows\system32\Drivers\dfsc.sys. Real md5: 73dc69b5a3bfcad731f7bdaea8734df7, Fake md5: 83d1ecea8faae75604c0fa49ac7ad996
09:34:18.0584 6584 DfsC ( Rootkit.Win32.ZAccess.aml ) - infected
09:34:18.0584 6584 DfsC - detected Rootkit.Win32.ZAccess.aml (0)
09:34:18.0596 6584 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:34:18.0611 6584 discache - ok
09:34:18.0623 6584 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:34:18.0628 6584 Disk - ok
09:34:18.0642 6584 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:34:18.0649 6584 drmkaud - ok
09:34:18.0668 6584 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
09:34:18.0679 6584 DXGKrnl - ok
09:34:18.0692 6584 e1cexpress (137482f0afa288a9e0b563c23facb4cd) C:\Windows\system32\DRIVERS\e1c6232.sys
09:34:18.0699 6584 e1cexpress - ok
09:34:18.0738 6584 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:34:18.0764 6584 ebdrv - ok
09:34:18.0782 6584 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:34:18.0791 6584 elxstor - ok
09:34:18.0803 6584 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
09:34:18.0809 6584 ErrDev - ok
09:34:18.0824 6584 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:34:18.0840 6584 exfat - ok
09:34:18.0853 6584 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:34:18.0868 6584 fastfat - ok
09:34:18.0882 6584 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:34:18.0888 6584 fdc - ok
09:34:18.0901 6584 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:34:18.0907 6584 FileInfo - ok
09:34:18.0918 6584 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:34:18.0932 6584 Filetrace - ok
09:34:18.0943 6584 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:34:18.0950 6584 flpydisk - ok
09:34:18.0963 6584 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:34:18.0970 6584 FltMgr - ok
09:34:18.0983 6584 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:34:18.0988 6584 FsDepends - ok
09:34:18.0999 6584 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:34:19.0004 6584 Fs_Rec - ok
09:34:19.0017 6584 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
09:34:19.0025 6584 fvevol - ok
09:34:19.0037 6584 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:34:19.0043 6584 gagp30kx - ok
09:34:19.0054 6584 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:34:19.0058 6584 GEARAspiWDM - ok
09:34:19.0070 6584 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:34:19.0076 6584 hcw85cir - ok
09:34:19.0091 6584 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
09:34:19.0101 6584 HdAudAddService - ok
09:34:19.0112 6584 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:34:19.0120 6584 HDAudBus - ok
09:34:19.0132 6584 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:34:19.0138 6584 HidBatt - ok
09:34:19.0156 6584 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:34:19.0164 6584 HidBth - ok
09:34:19.0176 6584 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:34:19.0183 6584 HidIr - ok
09:34:19.0195 6584 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
09:34:19.0201 6584 HidUsb - ok
09:34:19.0215 6584 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:34:19.0220 6584 HpSAMD - ok
09:34:19.0238 6584 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
09:34:19.0256 6584 HTTP - ok
09:34:19.0268 6584 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
09:34:19.0273 6584 hwpolicy - ok
09:34:19.0284 6584 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:34:19.0291 6584 i8042prt - ok
09:34:19.0305 6584 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
09:34:19.0313 6584 iaStorV - ok
09:34:19.0326 6584 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:34:19.0331 6584 iirsp - ok
09:34:19.0372 6584 IntcAzAudAddService (5294f1c52a6d8c2a15ffd2945c552736) C:\Windows\system32\drivers\RTKVHDA.sys
09:34:19.0408 6584 IntcAzAudAddService - ok
09:34:19.0419 6584 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
09:34:19.0424 6584 intelide - ok
09:34:19.0435 6584 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:34:19.0442 6584 intelppm - ok
09:34:19.0455 6584 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:34:19.0471 6584 IpFilterDriver - ok
09:34:19.0484 6584 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:34:19.0490 6584 IPMIDRV - ok
09:34:19.0502 6584 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:34:19.0518 6584 IPNAT - ok
09:34:19.0530 6584 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:34:19.0538 6584 IRENUM - ok
09:34:19.0549 6584 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
09:34:19.0555 6584 isapnp - ok
09:34:19.0568 6584 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
09:34:19.0575 6584 iScsiPrt - ok
09:34:19.0587 6584 JRAID (fe40c1ba67ec92490fce065016806aa6) C:\Windows\system32\DRIVERS\jraid.sys
09:34:19.0592 6584 JRAID - ok
09:34:19.0603 6584 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:34:19.0609 6584 kbdclass - ok
09:34:19.0620 6584 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
09:34:19.0626 6584 kbdhid - ok
09:34:19.0639 6584 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
09:34:19.0644 6584 KSecDD - ok
09:34:19.0657 6584 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
09:34:19.0662 6584 KSecPkg - ok
09:34:19.0678 6584 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:34:19.0693 6584 lltdio - ok
09:34:19.0707 6584 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:34:19.0713 6584 LSI_FC - ok
09:34:19.0724 6584 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:34:19.0730 6584 LSI_SAS - ok
09:34:19.0741 6584 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:34:19.0746 6584 LSI_SAS2 - ok
09:34:19.0758 6584 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:34:19.0764 6584 LSI_SCSI - ok
09:34:19.0776 6584 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:34:19.0791 6584 luafv - ok
09:34:19.0802 6584 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
09:34:19.0807 6584 MBAMProtector - ok
09:34:19.0821 6584 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:34:19.0826 6584 megasas - ok
09:34:19.0839 6584 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:34:19.0846 6584 MegaSR - ok
09:34:19.0859 6584 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys
09:34:19.0865 6584 MEI - ok
09:34:19.0878 6584 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:34:19.0893 6584 Modem - ok
09:34:19.0904 6584 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:34:19.0911 6584 monitor - ok
09:34:19.0922 6584 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:34:19.0927 6584 mouclass - ok
09:34:19.0939 6584 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:34:19.0946 6584 mouhid - ok
09:34:19.0957 6584 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
09:34:19.0963 6584 mountmgr - ok
09:34:19.0975 6584 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
09:34:19.0981 6584 mpio - ok
09:34:19.0993 6584 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:34:20.0007 6584 mpsdrv - ok
09:34:20.0019 6584 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
09:34:20.0028 6584 MRxDAV - ok
09:34:20.0040 6584 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:34:20.0047 6584 mrxsmb - ok
09:34:20.0060 6584 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:34:20.0067 6584 mrxsmb10 - ok
09:34:20.0079 6584 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:34:20.0086 6584 mrxsmb20 - ok
09:34:20.0097 6584 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
09:34:20.0102 6584 msahci - ok
09:34:20.0114 6584 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
09:34:20.0120 6584 msdsm - ok
09:34:20.0133 6584 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:34:20.0148 6584 Msfs - ok
09:34:20.0160 6584 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:34:20.0175 6584 mshidkmdf - ok
09:34:20.0186 6584 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
09:34:20.0191 6584 msisadrv - ok
09:34:20.0204 6584 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:34:20.0220 6584 MSKSSRV - ok
09:34:20.0230 6584 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:34:20.0245 6584 MSPCLOCK - ok
09:34:20.0256 6584 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:34:20.0271 6584 MSPQM - ok
09:34:20.0284 6584 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:34:20.0290 6584 MsRPC - ok
09:34:20.0302 6584 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
09:34:20.0308 6584 mssmbios - ok
09:34:20.0319 6584 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:34:20.0333 6584 MSTEE - ok
09:34:20.0344 6584 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:34:20.0351 6584 MTConfig - ok
09:34:20.0362 6584 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:34:20.0367 6584 Mup - ok
09:34:20.0381 6584 mv91xx (19aab6a158bc8a16e756c010776a5546) C:\Windows\system32\DRIVERS\mv91xx.sys
09:34:20.0388 6584 mv91xx - ok
09:34:20.0402 6584 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:34:20.0412 6584 NativeWifiP - ok
09:34:20.0430 6584 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
09:34:20.0442 6584 NDIS - ok
09:34:20.0453 6584 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:34:20.0468 6584 NdisCap - ok
09:34:20.0479 6584 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:34:20.0493 6584 NdisTapi - ok
09:34:20.0505 6584 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
09:34:20.0520 6584 Ndisuio - ok
09:34:20.0532 6584 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
09:34:20.0548 6584 NdisWan - ok
09:34:20.0559 6584 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
09:34:20.0574 6584 NDProxy - ok
09:34:20.0586 6584 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:34:20.0601 6584 NetBIOS - ok
09:34:20.0614 6584 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
09:34:20.0630 6584 NetBT - ok
09:34:20.0645 6584 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:34:20.0650 6584 nfrd960 - ok
09:34:20.0662 6584 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:34:20.0677 6584 Npfs - ok
09:34:20.0689 6584 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:34:20.0704 6584 nsiproxy - ok
09:34:20.0729 6584 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
09:34:20.0745 6584 Ntfs - ok
09:34:20.0756 6584 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:34:20.0771 6584 Null - ok
09:34:20.0783 6584 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
09:34:20.0789 6584 nvraid - ok
09:34:20.0801 6584 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
09:34:20.0807 6584 nvstor - ok
09:34:20.0820 6584 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
09:34:20.0825 6584 nv_agp - ok
09:34:20.0838 6584 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
09:34:20.0844 6584 ohci1394 - ok
09:34:20.0859 6584 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:34:20.0866 6584 Parport - ok
09:34:20.0878 6584 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
09:34:20.0883 6584 partmgr - ok
09:34:20.0894 6584 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:34:20.0901 6584 Parvdm - ok
09:34:20.0915 6584 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
09:34:20.0921 6584 pci - ok
09:34:20.0932 6584 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
09:34:20.0937 6584 pciide - ok
09:34:20.0949 6584 PciPPorts (8ebcf4fced749a2f893318e7ea65991e) C:\Windows\system32\DRIVERS\PciPPorts.sys
09:34:20.0955 6584 PciPPorts - ok
09:34:20.0968 6584 PciSPorts (ccda30f061b15b2d66a031d0b749bfc8) C:\Windows\system32\DRIVERS\PciSPorts.sys
09:34:20.0974 6584 PciSPorts - ok
09:34:20.0987 6584 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:34:20.0993 6584 pcmcia - ok
09:34:21.0005 6584 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:34:21.0010 6584 pcw - ok
09:34:21.0029 6584 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:34:21.0047 6584 PEAUTH - ok
09:34:21.0070 6584 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:34:21.0085 6584 PptpMiniport - ok
09:34:21.0097 6584 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:34:21.0103 6584 Processor - ok
09:34:21.0117 6584 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:34:21.0132 6584 Psched - ok
09:34:21.0159 6584 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:34:21.0177 6584 ql2300 - ok
09:34:21.0188 6584 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:34:21.0194 6584 ql40xx - ok
09:34:21.0207 6584 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:34:21.0215 6584 QWAVEdrv - ok
09:34:21.0227 6584 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:34:21.0242 6584 RasAcd - ok
09:34:21.0253 6584 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:34:21.0267 6584 RasAgileVpn - ok
09:34:21.0279 6584 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:34:21.0294 6584 Rasl2tp - ok
09:34:21.0308 6584 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:34:21.0324 6584 RasPppoe - ok
09:34:21.0335 6584 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:34:21.0350 6584 RasSstp - ok
09:34:21.0363 6584 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
09:34:21.0379 6584 rdbss - ok
09:34:21.0390 6584 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:34:21.0397 6584 rdpbus - ok
09:34:21.0408 6584 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:34:21.0423 6584 RDPCDD - ok
09:34:21.0435 6584 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
09:34:21.0442 6584 RDPDR - ok
09:34:21.0453 6584 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:34:21.0467 6584 RDPENCDD - ok
09:34:21.0479 6584 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:34:21.0493 6584 RDPREFMP - ok
09:34:21.0505 6584 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
09:34:21.0521 6584 RDPWD - ok
09:34:21.0533 6584 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
09:34:21.0540 6584 rdyboost - ok
09:34:21.0553 6584 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
09:34:21.0561 6584 RFCOMM - ok
09:34:21.0573 6584 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
09:34:21.0579 6584 RimUsb - ok
09:34:21.0590 6584 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
09:34:21.0595 6584 RimVSerPort - ok
09:34:21.0605 6584 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
09:34:21.0620 6584 ROOTMODEM - ok
09:34:21.0635 6584 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:34:21.0650 6584 rspndr - ok
09:34:21.0660 6584 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
09:34:21.0666 6584 s3cap - ok
09:34:21.0678 6584 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
09:34:21.0683 6584 sbp2port - ok
09:34:21.0695 6584 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
09:34:21.0710 6584 scfilter - ok
09:34:21.0724 6584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:34:21.0739 6584 secdrv - ok
09:34:21.0753 6584 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:34:21.0759 6584 Serenum - ok
09:34:21.0771 6584 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:34:21.0778 6584 Serial - ok
09:34:21.0789 6584 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:34:21.0795 6584 sermouse - ok
09:34:21.0810 6584 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
09:34:21.0817 6584 sffdisk - ok
09:34:21.0828 6584 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:34:21.0835 6584 sffp_mmc - ok
09:34:21.0846 6584 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:34:21.0853 6584 sffp_sd - ok
09:34:21.0864 6584 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:34:21.0870 6584 sfloppy - ok
09:34:21.0883 6584 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
09:34:21.0889 6584 sisagp - ok
09:34:21.0901 6584 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:34:21.0906 6584 SiSRaid2 - ok
09:34:21.0918 6584 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:34:21.0923 6584 SiSRaid4 - ok
09:34:21.0935 6584 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:34:21.0951 6584 Smb - ok
09:34:21.0965 6584 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:34:21.0970 6584 spldr - ok
09:34:21.0988 6584 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\Windows\System32\Drivers\sptd.sys
09:34:21.0988 6584 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
09:34:21.0988 6584 sptd ( LockedFile.Multi.Generic ) - warning
09:34:21.0988 6584 sptd - detected LockedFile.Multi.Generic (1)
09:34:22.0003 6584 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
09:34:22.0010 6584 srv - ok
09:34:22.0025 6584 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
09:34:22.0033 6584 srv2 - ok
09:34:22.0045 6584 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
09:34:22.0052 6584 srvnet - ok
09:34:22.0067 6584 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:34:22.0072 6584 stexstor - ok
09:34:22.0083 6584 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
09:34:22.0091 6584 StillCam - ok
09:34:22.0103 6584 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
09:34:22.0108 6584 storflt - ok
09:34:22.0120 6584 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
09:34:22.0126 6584 storvsc - ok
09:34:22.0137 6584 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
09:34:22.0142 6584 swenum - ok
09:34:22.0170 6584 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
09:34:22.0188 6584 Tcpip - ok
09:34:22.0211 6584 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
09:34:22.0228 6584 TCPIP6 - ok
09:34:22.0241 6584 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
09:34:22.0256 6584 tcpipreg - ok
09:34:22.0268 6584 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
09:34:22.0283 6584 TDPIPE - ok
09:34:22.0294 6584 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
09:34:22.0310 6584 TDTCP - ok
09:34:22.0322 6584 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
09:34:22.0337 6584 tdx - ok
09:34:22.0348 6584 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
09:34:22.0354 6584 TermDD - ok
09:34:22.0370 6584 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:34:22.0385 6584 tssecsrv - ok
09:34:22.0398 6584 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
09:34:22.0413 6584 tunnel - ok
09:34:22.0425 6584 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:34:22.0430 6584 uagp35 - ok
09:34:22.0445 6584 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
09:34:22.0461 6584 udfs - ok
09:34:22.0476 6584 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:34:22.0481 6584 uliagpkx - ok
09:34:22.0493 6584 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
09:34:22.0500 6584 umbus - ok
09:34:22.0511 6584 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:34:22.0517 6584 UmPass - ok
09:34:22.0531 6584 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:34:22.0537 6584 USBAAPL - ok
09:34:22.0549 6584 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
09:34:22.0557 6584 usbaudio - ok
09:34:22.0570 6584 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
09:34:22.0576 6584 usbccgp - ok
09:34:22.0588 6584 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
09:34:22.0596 6584 usbcir - ok
09:34:22.0607 6584 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
09:34:22.0614 6584 usbehci - ok
09:34:22.0625 6584 UsbFltr (1d6a4fa75af0400d3f99642c271f3255) C:\Windows\system32\Drivers\UsbFltr.sys
09:34:22.0630 6584 UsbFltr - ok
09:34:22.0644 6584 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
09:34:22.0652 6584 usbhub - ok
09:34:22.0663 6584 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
09:34:22.0670 6584 usbohci - ok
09:34:22.0681 6584 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:34:22.0688 6584 usbprint - ok
09:34:22.0700 6584 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:34:22.0707 6584 USBSTOR - ok
09:34:22.0718 6584 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
09:34:22.0724 6584 usbuhci - ok
09:34:22.0737 6584 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
09:34:22.0744 6584 usbvideo - ok
09:34:22.0758 6584 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:34:22.0763 6584 vdrvroot - ok
09:34:22.0776 6584 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:34:22.0783 6584 vga - ok
09:34:22.0796 6584 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:34:22.0811 6584 VgaSave - ok
09:34:22.0824 6584 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
09:34:22.0831 6584 vhdmp - ok
09:34:22.0843 6584 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
09:34:22.0849 6584 viaagp - ok
09:34:22.0860 6584 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:34:22.0867 6584 ViaC7 - ok
09:34:22.0878 6584 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
09:34:22.0883 6584 viaide - ok
09:34:22.0896 6584 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
09:34:22.0903 6584 vmbus - ok
09:34:22.0914 6584 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
09:34:22.0921 6584 VMBusHID - ok
09:34:22.0933 6584 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
09:34:22.0938 6584 volmgr - ok
09:34:22.0953 6584 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:34:22.0960 6584 volmgrx - ok
09:34:22.0974 6584 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
09:34:22.0981 6584 volsnap - ok
09:34:22.0993 6584 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:34:23.0000 6584 vsmraid - ok
09:34:23.0012 6584 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
09:34:23.0020 6584 vwifibus - ok
09:34:23.0033 6584 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:34:23.0040 6584 WacomPen - ok
09:34:23.0052 6584 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:34:23.0067 6584 WANARP - ok
09:34:23.0069 6584 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:34:23.0085 6584 Wanarpv6 - ok
09:34:23.0100 6584 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:34:23.0105 6584 Wd - ok
09:34:23.0122 6584 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:34:23.0131 6584 Wdf01000 - ok
09:34:23.0148 6584 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:34:23.0163 6584 WfpLwf - ok
09:34:23.0175 6584 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:34:23.0181 6584 WIMMount - ok
09:34:23.0198 6584 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
09:34:23.0205 6584 WinUsb - ok
09:34:23.0218 6584 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:34:23.0225 6584 WmiAcpi - ok
09:34:23.0241 6584 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:34:23.0257 6584 ws2ifsl - ok
09:34:23.0272 6584 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
09:34:23.0287 6584 WudfPf - ok
09:34:23.0300 6584 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:34:23.0316 6584 WUDFRd - ok
09:34:23.0322 6584 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:34:23.0325 6584 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:34:23.0325 6584 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:34:23.0341 6584 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
09:34:24.0116 6584 \Device\Harddisk1\DR1 - ok
09:34:24.0118 6584 Boot (0x1200) (3a681daf28148ac1ddec096a466a4ad1) \Device\Harddisk0\DR0\Partition0
09:34:24.0119 6584 \Device\Harddisk0\DR0\Partition0 - ok
09:34:24.0122 6584 Boot (0x1200) (a1db6cb2f3c779d9b42e8b4b05dfadd6) \Device\Harddisk0\DR0\Partition1
09:34:24.0123 6584 \Device\Harddisk0\DR0\Partition1 - ok
09:34:24.0140 6584 Boot (0x1200) (bc8b12bb6244d60226b08758ec7d9bfa) \Device\Harddisk1\DR1\Partition0
09:34:24.0141 6584 \Device\Harddisk1\DR1\Partition0 - ok
09:34:24.0141 6584 ============================================================
09:34:24.0141 6584 Scan finished
09:34:24.0141 6584 ============================================================
09:34:24.0148 4020 Detected object count: 3
09:34:24.0148 4020 Actual detected object count: 3
09:34:40.0261 4020 DfsC ( Rootkit.Win32.ZAccess.aml ) - skipped by user
09:34:40.0261 4020 DfsC ( Rootkit.Win32.ZAccess.aml ) - User select action: Skip
09:34:40.0262 4020 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:34:40.0263 4020 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
09:34:40.0264 4020 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:34:40.0264 4020 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:34:43.0831 4548 Deinitialize success

OTL logfile created on: 1/5/2012 9:50:40 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\petro\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.23 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 54.82% Memory free
10.99 Gb Paging File | 8.74 Gb Available in Paging File | 79.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 6.62 Gb Free Space | 8.89% Space Free | Partition Type: NTFS
Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive R: | 465.76 Gb Total Space | 122.10 Gb Free Space | 26.22% Space Free | Partition Type: NTFS

Computer Name: PETRO-PC | User Name: petro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 09:35:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\petro\Downloads\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- r:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- R:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/15 07:13:25 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/11/08 07:52:55 | 001,242,448 | ---- | M] (Valve Corporation) -- R:\Program Files\Steam\steam.exe
PRC - [2011/11/05 01:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/03 10:59:38 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/03 10:59:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/08/31 04:59:14 | 000,274,216 | ---- | M] (Conduit Ltd.) -- C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe
PRC - [2011/07/15 23:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/13 09:57:48 | 000,490,656 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\BtvStack.exe
PRC - [2011/03/13 09:57:44 | 000,302,240 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe
PRC - [2011/03/13 09:57:42 | 000,068,768 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/08/12 14:00:18 | 000,087,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/03/26 06:53:14 | 000,524,288 | ---- | M] (Brother Industries Ltd.) -- C:\Program Files\Brother\Brmfl07b\FAXRX.exe
PRC - [2009/02/24 14:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [1998/03/09 23:00:00 | 000,251,904 | ---- | M] (T. Teranishi) -- R:\Program Files\TTERMPRO\ttermpro.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/15 07:13:25 | 014,410,024 | ---- | M] () -- R:\Program Files\Steam\bin\libcef.dll
MOD - [2011/12/15 07:13:25 | 000,914,216 | ---- | M] () -- R:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/12/15 07:13:25 | 000,194,344 | ---- | M] () -- R:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/12/15 07:13:25 | 000,155,432 | ---- | M] () -- R:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/12/15 07:13:25 | 000,091,432 | ---- | M] () -- R:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/11/18 12:47:07 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/05 01:53:18 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 02:23:37 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a5feb05f9283b0e79e0959b5df220130\WindowsFormsIntegration.ni.dll
MOD - [2011/10/13 02:22:52 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/13 02:17:45 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 02:17:42 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/13 02:17:35 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/13 02:17:35 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fccf285ecdd9091a3f8d5e73d79c3300\UIAutomationProvider.ni.dll
MOD - [2011/10/13 02:17:29 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/13 02:17:26 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:17:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 02:17:15 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll
MOD - [2011/10/13 02:17:12 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/13 02:17:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/13 02:17:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/13 02:17:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/13 02:17:02 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/10/03 10:59:24 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2005/02/02 12:38:18 | 000,024,576 | ---- | M] () -- C:\Program Files\Brother\Brmfl07b\brrunpp.dll
MOD - [2002/11/26 12:43:18 | 000,106,496 | ---- | M] () -- C:\Windows\System32\BrMuSNMP.dll
MOD - [1998/03/09 23:00:00 | 000,056,320 | ---- | M] () -- R:\Program Files\TTERMPRO\ttpcmn.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- r:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/15 07:13:25 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/03 10:59:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/09/03 11:33:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/13 09:57:42 | 000,068,768 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/08/12 14:00:18 | 000,087,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/25 08:06:28 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/10/03 11:55:32 | 008,606,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/03 10:22:20 | 000,248,832 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/06/06 17:06:54 | 000,211,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/04/26 21:33:46 | 000,078,336 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/03/13 09:57:54 | 000,242,336 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/03/13 09:57:54 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011/03/13 09:57:54 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011/03/13 09:57:54 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011/03/13 09:57:54 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011/03/13 09:57:54 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2011/03/13 09:57:52 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011/03/13 09:57:52 | 000,043,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AthDfu.sys -- (ATHDFU)
DRV - [2010/12/08 17:17:40 | 000,292,840 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV - [2010/12/08 17:17:40 | 000,095,720 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV - [2010/10/19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel®
DRV - [2010/09/21 01:33:00 | 000,238,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) Intel®
DRV - [2010/08/27 12:38:56 | 000,261,160 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv91xx.sys -- (mv91xx)
DRV - [2010/08/10 04:29:03 | 000,104,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2008/05/22 05:33:44 | 000,081,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PciPPorts.sys -- (PciPPorts)
DRV - [2008/05/22 05:31:16 | 000,115,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PciSPorts.sys -- (PciSPorts)
DRV - [2007/04/09 08:50:34 | 000,009,600 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UsbFltr.sys -- (UsbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.online.petro-canada.ca/cleartrust/ct_logon.asp?CTAuthMode=SECURID&ct_orig_uri=%2Fppass%2F
IE - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 29 15 F9 52 6A CC 01 [binary data]
IE - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\petro\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\petro\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\petro\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\petro\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/18 11:40:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/18 11:40:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\petro\AppData\Roaming\Mozilla\Extensions
[2011/11/18 11:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


Hosts file not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [ConduitHelper] C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe (Conduit Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] r:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] R:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000..\Run: [Steam] R:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAXRX.lnk = C:\Program Files\Brother\Brmfl07b\FAXRX.exe (Brother Industries Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1158921400-4108885450-3742613323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C622A0E4-97D0-4AF1-863C-70C3FDBF7104}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 00:30:13 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{2245A310-A8E8-4147-B809-CB780D370120}
[2012/01/05 00:30:02 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{0E333929-3F15-4A20-862D-7E9B32A205AB}
[2012/01/04 12:29:38 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{11F5D549-1DD7-4431-867C-C84159DB4720}
[2012/01/04 12:29:27 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{D1C29D10-2275-4163-9FDE-05CBBD3DEA39}
[2012/01/03 12:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/03 12:49:27 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/01/03 12:29:37 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\87739277.sys
[2012/01/03 08:39:24 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{4A0314C6-27AD-456C-8A4F-407BACDB0B59}
[2012/01/03 08:39:12 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{EDD81048-F359-45B0-A099-CB6139A6A0A1}
[2012/01/02 20:39:00 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{561384B6-1B5E-4860-8CDE-C796E40BCECB}
[2012/01/02 20:38:49 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{3221BBEB-B1DF-4ED8-9244-3644C0CCB4BE}
[2012/01/02 20:38:40 | 000,000,000 | R--D | C] -- C:\Users\petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/01/01 11:07:56 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{E24EC52D-5B0D-4981-BE51-F22DAC04C0A9}
[2012/01/01 11:07:45 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{FD044564-FC6A-45A8-810C-E1F2675D31F7}
[2011/12/31 23:07:33 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{5872BB70-F4BF-41F7-9302-A00AD93DE1C7}
[2011/12/31 23:07:22 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{3325E589-5D22-4EAB-B23E-6E79FA79EE05}
[2011/12/31 11:07:11 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{300A470D-2611-4218-B52E-6BBDDAEDE80F}
[2011/12/31 11:07:00 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{D17B3D0D-0B04-46FB-A11E-24DF944E7F68}
[2011/12/30 23:06:48 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{514121F1-340F-4315-B1F5-17226D836B4B}
[2011/12/30 23:06:38 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{C24B30F0-A91B-4B7E-A0EF-4B083DC7B893}
[2011/12/30 13:04:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/30 11:06:13 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{B598DC0F-9121-47FB-BBF3-8BB6F8D64365}
[2011/12/30 11:06:02 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{83CF8D19-4E99-4E8D-9251-2C8C22EF4C82}
[2011/12/29 23:05:50 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{A48A9D6C-550A-41C4-8C95-784756A40EB7}
[2011/12/29 23:05:39 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{12620EE4-B681-40A4-8F1F-D358CB7FDFCD}
[2011/12/29 11:05:15 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{594726B2-F000-4B91-B02F-789A16334276}
[2011/12/29 11:05:04 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{B8E8E4D6-8D03-418F-879B-BA2AC046AFB4}
[2011/12/28 11:10:31 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{35C061DB-D694-4A41-A836-1E3414567551}
[2011/12/28 11:10:20 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{17DFF84C-F15C-4A01-B34F-CC15A3CEBF0C}
[2011/12/23 10:23:41 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{FBD1BE04-E396-4FD2-B5B3-B29A87CCE920}
[2011/12/23 10:23:30 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{AC5816EF-6864-4EB7-8ED9-EC7E14DF24EB}
[2011/12/22 09:18:29 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{5FD33B20-B85A-49A4-862C-E3F978D83113}
[2011/12/22 09:18:06 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{0B2BD7CD-BACB-44F8-B2A6-17D1AB2EA79E}
[2011/12/21 19:08:52 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{32EB6B12-C39D-414D-B571-37C8CFFD39B6}
[2011/12/21 19:08:42 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{E3235D0D-9521-4CF5-9389-FEAF7292AE33}
[2011/12/21 10:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steel Armor
[2011/12/21 07:08:18 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{0279304D-34AB-4CE1-8DD9-DC8CADE6B0BD}
[2011/12/21 07:08:07 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{DCBFFCBB-4B5F-478A-B8B9-9AA9B4B64511}
[2011/12/20 14:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011/12/20 14:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueMagnet
[2011/12/20 14:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\BlueMagnet
[2011/12/20 07:17:16 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{85EF3173-C573-4A6A-86C4-4F664D02BA45}
[2011/12/20 07:17:06 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{B1FD5E90-AB0D-4732-9C2B-D24DB1B40A16}
[2011/12/19 13:40:00 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{55BEBAC2-1E77-4FB6-A8BB-1DF0786F14CC}
[2011/12/19 13:39:49 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{82842238-C1A7-4265-A54C-631B870692AA}
[2011/12/19 01:39:37 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{DF04544A-4285-4FCF-8319-0F38B3579015}
[2011/12/19 01:39:27 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{D408E09C-C1FA-492F-8158-9AB19BE79A09}
[2011/12/18 13:39:15 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{182686F4-1F07-49A0-950D-8B3E12276523}
[2011/12/18 13:39:04 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{84839031-C971-4967-BB70-7E375E636F96}
[2011/12/18 01:38:53 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{3778812E-BBB6-45F4-8068-71A336A0EA3E}
[2011/12/18 01:38:42 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{ABA34693-E529-42F3-8141-EEBC8E401EF1}
[2011/12/17 13:38:30 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{1FDABF97-C7D2-4C16-B84E-5A4782E1B4B8}
[2011/12/17 13:38:20 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{D1D61808-DA7E-4558-85D5-2DEE67728ABC}
[2011/12/16 21:09:23 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{68EDDC6E-574B-4E0E-9AF7-EC0AD36F5828}
[2011/12/16 21:09:13 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{B2B6A551-FE42-495B-8899-98500633D57E}
[2011/12/16 09:09:01 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{18C7A1CD-5A58-481D-8ACB-0CE3434CFBC4}
[2011/12/16 09:08:50 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{840DE0DF-B536-4965-959C-44CED3F02825}
[2011/12/16 07:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/12/15 07:16:39 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{A496213C-A4E7-47EC-8DD4-F4DA380B2270}
[2011/12/15 07:16:28 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{45114645-4359-43BA-8806-73604C898947}
[2011/12/14 19:16:04 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{D43D3795-09E4-412C-AF9C-216ED79A691E}
[2011/12/14 19:15:47 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{36E3AA7E-23D5-424B-ADFE-A63719303518}
[2011/12/14 17:07:08 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/14 17:07:08 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/14 17:07:08 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/14 17:07:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 17:07:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 17:07:07 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/14 17:07:07 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/14 17:07:07 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 17:07:07 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/14 17:07:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 17:07:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/14 17:07:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/14 17:05:57 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 17:05:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 17:05:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 17:04:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 17:04:14 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 17:04:14 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 16:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ski Region Simulator 2012
[2011/12/12 09:37:33 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{D116FE38-2F63-4EA9-8436-9DB5C279A937}
[2011/12/12 09:37:23 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{A29F95A9-7C62-42C3-ACA4-B64979FD85C1}
[2011/12/09 13:58:40 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\Downloaded Installations
[2011/12/07 07:56:13 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{CE7CAC5A-0822-4198-8F30-0AE961D30AB2}
[2011/12/07 07:56:02 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{B3810437-1471-43E0-9FB3-6FD7BD2C1EBB}
[2011/12/06 19:55:38 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{93A870EF-A62E-44CA-8E8B-B20D97F3F7D4}
[2011/12/06 19:55:27 | 000,000,000 | ---D | C] -- C:\Users\petro\AppData\Local\{E4C0CFAB-9121-43D9-9924-17E19F83D02D}
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 09:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/01/05 09:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/01/05 09:03:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1158921400-4108885450-3742613323-1000UA.job
[2012/01/05 08:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/01/05 08:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/01/05 07:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/01/05 07:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/01/05 06:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/01/05 06:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/01/05 06:16:16 | 000,000,179 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2012/01/05 05:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/01/05 05:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/01/05 04:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/01/05 04:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/01/05 03:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/01/05 03:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/01/05 02:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/01/05 02:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/01/05 01:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/01/05 01:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/01/05 00:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/01/05 00:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/01/04 23:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/01/04 23:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/01/04 22:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/01/04 22:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/01/04 21:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/01/04 21:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/01/04 20:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/01/04 20:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/01/04 19:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/01/04 19:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/01/04 18:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/01/04 18:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/01/04 17:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/01/04 17:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/01/04 16:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/01/04 16:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/01/04 16:03:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1158921400-4108885450-3742613323-1000Core.job
[2012/01/04 15:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/01/04 15:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/01/04 14:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/01/04 14:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/01/04 13:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/01/04 13:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/01/04 12:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/01/04 12:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/01/04 11:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/01/04 11:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/01/04 10:22:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/01/04 10:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/01/03 12:49:24 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/01/03 12:49:24 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/01/03 12:49:24 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/01/03 12:49:23 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/01/03 12:49:23 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/01/03 12:29:37 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\87739277.sys
[2012/01/02 12:37:47 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/02 12:37:47 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/02 12:33:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/02 12:33:36 | 2605,137,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/02 12:32:59 | 000,009,776 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 12:32:59 | 000,009,776 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 11:09:15 | 000,003,245 | ---- | M] () -- C:\Users\petro\Documents\ax_files.xml
[2011/12/28 08:13:18 | 000,000,112 | ---- | M] () -- C:\ProgramData\55r6b3.dat
[2011/12/28 08:13:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\81M1t5U36.com.b
[2011/12/22 09:03:29 | 000,000,962 | ---- | M] () -- C:\Users\petro\AppData\Local\7F68A003.il
[2011/12/22 09:03:29 | 000,000,280 | ---- | M] () -- C:\Users\petro\AppData\Local\IndexIE_7F68A003.il
[2011/12/20 14:40:04 | 000,221,530 | ---- | M] () -- C:\Users\petro\Desktop\prom1.jpg
[2011/12/20 14:27:27 | 002,600,819 | ---- | M] () -- C:\Users\petro\Desktop\tesd.jpg
[2011/12/20 14:21:25 | 000,000,937 | ---- | M] () -- C:\Users\petro\Desktop\BlueMagnet.lnk
[2011/12/19 09:10:17 | 000,018,596 | ---- | M] () -- C:\Users\petro\Desktop\jn.jpg
[2011/12/16 19:11:55 | 000,088,276 | ---- | M] () -- C:\Users\petro\Desktop\2012show.jpg
[2011/12/16 07:18:14 | 000,000,505 | ---- | M] () -- C:\Users\Public\Desktop\FlatOut 3.lnk
[2011/12/15 03:17:14 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/14 16:08:45 | 000,000,871 | ---- | M] () -- C:\Users\petro\Desktop\Ski Region Simulator 2012 .lnk
[2011/12/13 11:29:24 | 011,303,424 | ---- | M] () -- C:\Users\petro\Desktop\oct 17 2011.avi
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/28 08:13:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\81M1t5U36.com.b
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/28 08:09:44 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/28 08:09:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/28 08:09:44 | 000,000,112 | ---- | C] () -- C:\ProgramData\55r6b3.dat
[2011/12/28 08:09:43 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/28 08:09:43 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/28 08:09:43 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/28 08:09:43 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/28 08:09:43 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/28 08:09:43 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/28 08:09:43 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/28 08:09:43 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/12/20 14:40:04 | 000,221,530 | ---- | C] () -- C:\Users\petro\Desktop\prom1.jpg
[2011/12/20 14:25:26 | 002,600,819 | ---- | C] () -- C:\Users\petro\Desktop\tesd.jpg
[2011/12/20 14:21:25 | 000,000,937 | ---- | C] () -- C:\Users\petro\Desktop\BlueMagnet.lnk
[2011/12/19 09:10:16 | 000,018,596 | ---- | C] () -- C:\Users\petro\Desktop\jn.jpg
[2011/12/16 19:11:54 | 000,088,276 | ---- | C] () -- C:\Users\petro\Desktop\2012show.jpg
[2011/12/16 07:18:14 | 000,000,505 | ---- | C] () -- C:\Users\Public\Desktop\FlatOut 3.lnk
[2011/12/16 07:18:14 | 000,000,505 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlatOut 3.lnk
[2011/12/14 16:08:45 | 000,000,871 | ---- | C] () -- C:\Users\petro\Desktop\Ski Region Simulator 2012 .lnk
[2011/12/13 11:50:35 | 011,303,424 | ---- | C] () -- C:\Users\petro\Desktop\oct 17 2011.avi
[2011/11/25 14:28:19 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/11/25 14:28:19 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/10/27 07:59:32 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\kltamvi.sys
[2011/10/27 07:28:35 | 000,000,224 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/27 07:28:35 | 000,000,112 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/27 07:28:31 | 000,000,448 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/09/11 00:37:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/11 00:37:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/11 00:37:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/11 00:37:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/11 00:37:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/08 18:43:40 | 000,007,604 | ---- | C] () -- C:\Users\petro\AppData\Local\Resmon.ResmonCfg
[2011/09/07 21:22:24 | 000,000,849 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/09/07 21:22:24 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/09/07 21:22:12 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/07 21:21:56 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7440n.dat
[2011/09/07 21:21:54 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/09/07 21:21:54 | 000,000,179 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/09/07 21:21:54 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/09/07 21:21:53 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/09/07 21:21:52 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/09/06 23:22:37 | 000,115,712 | ---- | C] () -- C:\Windows\System32\drivers\PciSPorts.sys
[2011/09/06 23:22:37 | 000,081,920 | ---- | C] () -- C:\Windows\System32\drivers\PciPPorts.sys
[2011/09/06 00:18:32 | 000,042,496 | ---- | C] () -- C:\Windows\ttuninst.exe
[2011/09/04 02:07:03 | 000,078,336 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/09/03 23:48:31 | 000,000,962 | ---- | C] () -- C:\Users\petro\AppData\Local\7F68A003.il
[2011/09/03 23:48:31 | 000,000,280 | ---- | C] () -- C:\Users\petro\AppData\Local\IndexIE_7F68A003.il
[2011/09/03 11:19:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/03 10:53:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011/09/03 10:50:41 | 000,040,699 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/09/03 10:49:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/09/03 10:49:28 | 000,028,503 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/08/26 09:34:14 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/04/20 00:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/03/13 09:53:28 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,409,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,615,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,103,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008/05/22 05:43:36 | 000,249,856 | ---- | C] () -- C:\Windows\System32\MOSCHIP_PciUninst.exe

< End of report >


OTL Extras logfile created on: 1/5/2012 9:35:30 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\petro\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.23 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 52.45% Memory free
10.99 Gb Paging File | 8.61 Gb Available in Paging File | 78.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 6.61 Gb Free Space | 8.87% Space Free | Partition Type: NTFS
Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive R: | 465.76 Gb Total Space | 122.10 Gb Free Space | 26.22% Space Free | Partition Type: NTFS

Computer Name: PETRO-PC | User Name: petro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05757DB5-6E9F-97E2-111F-DA2B6E75290F}" = CCC Help Chinese Traditional
"{0983F01E-51B9-AB95-A359-4EA7E06A3B8E}" = CCC Help Korean
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CAE2FF0-AFC9-733D-EC3C-04BCB6B3C06F}" = Application Profiles
"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{136E21EB-B3DC-A814-E7FC-EF9D1DC81689}" = CCC Help Hungarian
"{17FAA4AF-EB06-0050-D3B1-9F1747B9E4AA}" = CCC Help Swedish
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1A837B5C-AC31-2F10-DE76-E019DA223EDC}" = Catalyst Control Center Localization All
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java™ 7 Update 2
"{29D84B61-2248-564D-4255-573E3825ED97}" = Catalyst Control Center
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{36531AC5-D134-E5A6-1319-12783351366A}" = AMD Media Foundation Decoders
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"{450A2869-616A-48C6-ECCC-59636695F35D}" = CCC Help Danish
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7440N
"{4912B33D-2F49-5626-103B-6E1F01A82FD3}" = CCC Help Portuguese
"{49B69BBA-8769-778F-D31B-8FF5608B8133}" = AMD Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B7IL77L-T4D4-75B1-97C5-18CD6E6334R1}_is1" = Warhammer 40k Space Marine version 1.0
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{52516A9C-C9DE-6745-DB13-D9628EB99D12}" = CCC Help Turkish
"{53953DEA-A309-4B81-ACE4-F462FD46C176}" = WarBirds Dogfights
"{55F64B9E-3C68-37F4-0D63-E566E7698413}" = AMD AVIVO Codecs
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57E489DE-46DB-2546-EA42-FB0D704559BE}" = Catalyst Control Center InstallProxy
"{59BB3D25-77C9-EDBC-FF56-5952567BD070}" = CCC Help Thai
"{5AC11070-A1CB-11E0-A0DC-0013D3D69929}" = Vegas Pro 10.0
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DF1B3E4-3EF6-4BFD-8C60-ABBCD423B5A6}_is1" = TrackMania 2 - Canyon
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73BFA936-50E9-0DF6-ADE1-2B22FEDF1C29}" = CCC Help Finnish
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADE1C0F-CC4B-46CC-92E2-855B6E39BD2A}" = WRC 2 FIA World Rally Championship
"{8B2F67C8-C4AC-9093-A94C-CD89566740A7}" = CCC Help Chinese Standard
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A1AE7AED-A090-0CD8-BE77-5EE59218F994}" = CCC Help Greek
"{A1C29F65-FA94-88FA-7716-71C842050A19}" = CCC Help Spanish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B9B476BD-EBCD-4401-9638-5323215E1465}_is1" = Portal 2
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel® Network Connections 15.6.25.0
"{C38F5ADE-EA15-147A-1539-FB9E48F544B5}" = CCC Help English
"{C3B22968-5D94-4CBF-AC9B-4ACDD95E1153}_is1" = Steel Armor
"{C4B3B964-173A-2324-D28E-D222026486F7}" = CCC Help Norwegian
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6369A55-984D-806C-5725-1A9F663DCCE8}" = CCC Help Czech
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA9DAC4A-ADB2-B128-FD79-86DCE24FB8D3}" = CCC Help Italian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D38F781D-C6D6-3CD4-BEB8-B11D87B53A7F}" = AMD Drag and Drop Transcoding
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB3812C4-8ECB-4151-6256-CE86C52067C1}" = CCC Help German
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E27E5F62-7AB0-3789-56EF-5774482E4DC8}" = CCC Help Russian
"{E3CA67A5-53E8-602E-D17A-45EFDE3DDD53}" = HydraVision
"{E4BB976A-A6E5-49A4-9885-A58B519C2705}" = WRC 2 FIA World Rally Championship
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E78B0798-2AD2-25FC-F3F9-C8E4A1131630}" = CCC Help French
"{E8A606FD-B650-34EE-164E-F6A9FAC38421}" = CCC Help Japanese
"{EF0407CF-760A-46CC-EE33-43CFDCE0FCE5}" = Catalyst Control Center Graphics Previews Common
"{EF175304-DE47-65A8-3D7C-4C78EF05976C}" = CCC Help Polish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2367D64-89DE-6A33-FA62-A2679980E030}" = ccc-utility
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F60DDBEA-DCF6-BC00-5B7B-A5253CEFBAC0}" = CCC Help Dutch
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"BlueMAGNET_is1" = BlueMAGNET 3.1
"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
"Driver San Francisco" = Driver San Francisco
"Driving Simulator 2011_is1" = Driving Simulator 2011 Version 1.46
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FIFA 12 © EA_is1" = FIFA 12 © EA version 1
"FlatOut 3 © Strategy First_is1" = FlatOut 3 © Strategy First version 1
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"ImgBurn" = ImgBurn
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"mIRC" = mIRC
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"MosChip Semiconductor Technology Ltd" = ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; File : PciPorts.inf
;; This inf file configures Pci multi I/O (COM & LPT ) ports
;; © Copyright MosChip Semiconductor Technology Limited
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


[version]
CatalogFile=Pciports.cat
signature=$Chicago$
Class=Ports
ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318}
Provider=%ProviderName%
DriverVer=05/22/2008, 1.0.0.6

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

[SourceDisksNames]
0=%DiskName%,,

[SourceDisksNames.ia64]
0=%DiskName%,,

[SourceDisksNames.amd64]
0=%DiskName%,,

[SourceDisksFiles]
PciSPorts.sys=0,X86,
PciPPorts.sys=0,X86,
PciPorts.dll=0,X86,
PciIsaSerial.sys=0,X86,

[SourceDisksFiles.ia64]
PciSPorts.sys=0,IA64,
PciPPorts.sys=0,IA64,
PciPorts.dll=0,IA64,
PciIsaSerial.sys=0,IA64,

[SourceDisksFiles.amd64]
PciSPorts.sys=0,AMD64,
PciPPorts.sys=0,AMD64,
PciPorts.dll=0,AMD64,
PciIsaSerial.sys=0,AMD64,



[DestinationDirs]
Common.Files.x86_11 = 11
Sys.Files.x86_12 = 12

Common.Files.x64_11 = 11
Sys.Files.x64_12 = 12

Common.Files.Amd64_11 = 11
Sys.Files.Amd64_12 = 12



;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Driver Installation
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

[Manufacturer]
%ProviderName%=PCIPorts, NTamd64, NTia64

[PCIPorts]
%PCI.SerialPort%=ComCard,PCI\VEN_9710&DEV_9865&SUBSYS_1000A000&REV_00
%PCI.ParallelPort%=LptCard,PCI\VEN_9710&DEV_9865&SUBSYS_2000A000&REV_00
%PCI.ComPort%=ISAComPort, MCS9000MF\PCI_COM
%PCI.EcpPort%=ISAEcpPort, MCS9000MF\PCI_LPT


[PCIPorts.NTamd64]
%PCI.SerialPort%=ComCard,PCI\VEN_9710&DEV_9865&SUBSYS_1000A000&REV_00
%PCI.ParallelPort%=LptCard,PCI\VEN_9710&DEV_9865&SUBSYS_2000A000&REV_00
%PCI.ComPort%=ISAComPort, MCS9000MF\PCI_COM
%PCI.EcpPort%=ISAEcpPort, MCS9000MF\PCI_LPT


[PCIPorts.NTia64]
%PCI.SerialPort%=ComCard,PCI\VEN_9710&DEV_9865&SUBSYS_1000A000&REV_00
%PCI.ParallelPort%=LptCard,PCI\VEN_9710&DEV_9865&SUBSYS_2000A000&REV_00
%PCI.ComPort%=ISAComPort, MCS9000MF\PCI_COM
%PCI.EcpPort%=ISAEcpPort, MCS9000MF\PCI_LPT


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; COM Port Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;;;; X86 ;;;;

[ISAComPort.NT]
CopyFiles=Common.Files.x86_11, Sys.Files.x86_12
AddReg=ComPort.AddReg, ComPort.NT.AddReg, Uninstall.AddReg
Include=msports.inf
Needs=ComPort.NT.Copy

[ISAComPort.NT.HW]
AddReg=ComPort.NT.HW.AddReg

[ISAComPort.NT.Services]
AddService = PciIsaSerial, 0x00000002, PCI_ISASerial_Service_Inst,PCI_ISASerial_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst



;;;; AMD64 ;;;;

[ISAComPort.NTamd64]
CopyFiles=Common.Files.Amd64_11, Sys.Files.Amd64_12
AddReg=ComPort.AddReg, ComPort.NT.AddReg, Uninstall.AddReg
Include=msports.inf
Needs=ComPort.NT.Copy

[ISAComPort.NTamd64.HW]
AddReg=ComPort.NT.HW.AddReg

[ISAComPort.NTamd64.Services]
AddService = PciIsaSerial, 0x00000002, PCI_ISASerial_Service_Inst,PCI_ISASerial_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst



;;;; IA64 ;;;;

[ISAComPort.NTia64]
CopyFiles=Common.Files.x64_11, Sys.Files.x64_12
AddReg=ComPort.AddReg, ComPort.NT.AddReg, Uninstall.AddReg
Include=msports.inf
Needs=ComPort.NT.Copy

[ISAComPort.NTia64.HW]
AddReg=ComPort.NT.HW.AddReg

[ISAComPort.NTia64.Services]
AddService = PciIsaSerial, 0x00000002, PCI_ISASerial_Service_Inst,PCI_ISASerial_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst




; -------------- ISASerial Port Driver install sections
[PCI_ISASerial_Service_Inst]
DisplayName = %PCI.ComPort%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START (1-SERVICE_SYSTEM_START)
ErrorControl = 0 ; SERVICE_ERROR_IGNORE
ServiceBinary = %12%\PciIsaSerial.sys
LoadOrderGroup = Extended base



;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; EcpPort Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

[ISAEcpPort.NT]
CopyFiles=Common.Files.x86_11
AddReg=EcpPort.AddReg,EcpPort.NT.AddReg

[ISAEcpPort.NT.Services]
Include=msports.inf
Needs=EcpPort.NT.Services



[ISAEcpPort.NTamd64]
CopyFiles=Common.Files.x86_11
AddReg=EcpPort.AddReg,EcpPort.NT.AddReg

[ISAEcpPort.NTamd64.Services]
Include=msports.inf
Needs=EcpPort.NT.Services



[ISAEcpPort.NTia64]
CopyFiles=Common.Files.x86_11
AddReg=EcpPort.AddReg,EcpPort.NT.AddReg

[ISAEcpPort.NTia64.Services]
Include=msports.inf
Needs=EcpPort.NT.Services



[PCI_ISASerial_EventLog_Inst]
AddReg=ISAComPort.DriverParams

[ISAComPort.DriverParams]
HKLM,System\CurrentControlSet\Services\PciIsaSerial, SetRtsOnWake, 0x10001, 1
HKLM,System\CurrentControlSet\Services\PciIsaSerial, RetainPowerOnClose, 0x10001, 1



;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; PCI COM Card Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;;;; X86 ;;;;

[ComCard.NT]
CopyFiles=Common.Files.x86_11, Sys.Files.x86_12
AddReg=ComPort.AddReg, ComCard.NT.AddReg, Uninstall.AddReg

[ComCard.NT.HW]
AddReg=ComCard.NT.HW.AddReg

[ComCard.NT.Services]
AddService = PciSPorts, 0x00000002, PCISPorts_Service_Inst,PCISPorts_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst



;;;; AMD64 ;;;;

[ComCard.NTamd64]
CopyFiles=Common.Files.Amd64_11, Sys.Files.Amd64_12
AddReg=ComPort.AddReg, ComCard.NT.AddReg, Uninstall.AddReg


[ComCard.NTamd64.HW]
AddReg=ComCard.NT.HW.AddReg

[ComCard.NTamd64.Services]
AddService = PciSPorts, 0x00000002, PCISPorts_Service_Inst,PCISPorts_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst



;;;; IA64 ;;;;

[ComCard.NTia64]
CopyFiles=Common.Files.x64_11, Sys.Files.x64_12
AddReg=ComPort.AddReg, ComCard.NT.AddReg, Uninstall.AddReg

[ComCard.NTia64.HW]
AddReg=ComCard.NT.HW.AddReg

[ComCard.NTia64.Services]
AddService = PciSPorts, 0x00000002, PCISPorts_Service_Inst,PCISPorts_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst



;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; General Sections for all Installations
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


[ComPort.AddReg]
HKR,,PortSubClass,1,01

[ComPort.NT.AddReg]
HKR,,EnumPropPages32,,MsPorts.dll,SerialPortPropPageProvider

[ComPort.NT.HW.AddReg]
HKR,,UpperFilters,0x00010000,serenum
HKR,,CUSTNAME,0x00010000,%CustomerName%

[EcpPort.AddReg]
HKR,,PortSubClass,1,00
HKR,,ECPDevice,1,01

[EcpPort.NT.AddReg]
HKR,,EnumPropPages32,,MsPorts.dll,ParallelPortPropPageProvider

[PCISPorts_EventLog_Inst]
AddReg=ComCard.DriverParams

[ComCard.NT.HW.AddReg]
HKR,,UpperFilters,0x00010000,serenum
HKR,,MaskLowBaudToHigh, 0x10001, 0
HKR,,UARTMode, 0x10001, 9
HKR,,RxFIFO, 0x10001, 64
HKR,,TxFIFO, 0x10001, 64
HKR,,RxHighWaterMark, 0x10001, 240
HKR,,RxLowWaterMark, 0x10001, 16
HKR,,EnableHwFlowControl, 0x10001, 0
HKR,,HwFlowControl, 0x10001, 0
HKR,,UseClockPrescalar, 0x10001, 0
HKR,,CPRRegValue, 0x10001, 1
HKR,,UseBaudMultiplier, 0x10001, 0
HKR,,TCRRegValue, 0x10001, 16
HKR,,XOnChar, 0x10001, 17
HKR,,XOffChar, 0x10001, 19
HKR,,TranceiverMode, 0x10001, 0
HKR,,RS485Mode, 0x10001, 1
HKR,,SampleStartBit, 0x10001, 0
HKR,,StartBitLength, 0x10001, 4
HKR,,SampleDataBit, 0x10001, 0
HKR,,DataBitLength, 0x10001, 4
HKR,,TxFifoAmount, 0x10001, 64
HKR,,TxDmaEnable, 0x10001, 0
HKR,,TxDmaLength, 0x10001, 4096
HKR,,RxDmaEnable, 0x10001, 0
HKR,,RxDmaLength, 0x10001, 4096
HKR,,Limit4k, 0x10001, 1
HKR,,SerialDebugLevel, 0x10001, 0
HKR,,PowerUpTime, 0x10001, 1000
HKR,,EnableICG, 0x10001, 0
HKR,,InterCharGap, 0x10001, 0
HKR,,UseCustomBaudrate, 0x10001, 0
HKR,,DLLValue, 0x10001, 0
HKR,,DLMValue, 0x10001, 0
HKR,,InputClock, 0x10001, 0
HKR,,UseExternalClock, 0x10001, 0
HKR,,ExternalClock, 0x10001, 14745600
HKR,,UseExtPCIeClockSource, 0x10001, 0
HKR,,RemoteWakeOn, 0x10001, 0x09000000
HKR,,CUSTNAME,0x00010000,%CustomerName%

[ComCard.DriverParams]
HKLM,System\CurrentControlSet\Services\PciSPorts, EnableTranceiverShutdown, 0x10001, 0
HKLM,System\CurrentControlSet\Services\PciSPorts, UseExtPCIeClockSource, 0x10001, 0
HKLM,System\CurrentControlSet\Services\PciSPorts, RetainPowerOnClose, 0x10001, 1



[ComCard.NT.AddReg]
HKR,,EnumPropPages32,,PciPorts.dll,SerialPortPropPageProvider


[PCISPorts_Service_Inst]
DisplayName = %PCI.SerialPort%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START (1-SERVICE_SYSTEM_START)
ErrorControl = 0 ; SERVICE_ERROR_IGNORE
ServiceBinary = %12%\PciSPorts.sys
LoadOrderGroup = Extended base

; -------------- Serenum Driver install section
[Serenum_Service_Inst]
DisplayName = %Serenum.SVCDESC%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %12%\serenum.sys
LoadOrderGroup = PNP Filter




;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; PCI LPT Card Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;;;; X86 ;;;;

[LptCard.NT]
CopyFiles=Common.Files.x86_11, Sys.Files.x86_12
AddReg=LptCard.AddReg,LptCard.NT.AddReg,Uninstall.AddReg

[LptCard.NT.HW]
AddReg = LptCard.NT.HW.AddReg

[LptCard.NT.Services]
AddService = PciPPorts, 0x00000002, PCIPPorts_Service_Inst, PCIPPorts_EventLog_Inst



;;;; AMD64 ;;;;

[LptCard.NTamd64]
CopyFiles=Common.Files.Amd64_11, Sys.Files.Amd64_12
AddReg=LptCard.AddReg,LptCard.NT.AddReg,Uninstall.AddReg

[LptCard.NT.HW]
AddReg = LptCard.NT.HW.AddReg

[LptCard.NTamd64.Services]
AddService = PciPPorts, 0x00000002, PCIPPorts_Service_Inst, PCIPPorts_EventLog_Inst



;;;; IA64 ;;;;

[LptCard.NTia64]
CopyFiles=Common.Files.x64_11, Sys.Files.x64_12
AddReg=LptCard.AddReg,LptCard.NT.AddReg,Uninstall.AddReg

[LptCard.NT.HW]
AddReg = LptCard.NT.HW.AddReg

[LptCard.NTia64.Services]
AddService = PciPPorts, 0x00000002, PCIPPorts_Service_Inst, PCIPPorts_EventLog_Inst





;;; Other sections

[LptCard.NT.HW.AddReg]
HKR,,CUSTNAME,0x00010000,%CustomerName%

[LptCard.AddReg]
HKR,,PortSubClass,1,00
HKR,,ECPDevice,1,01

[LptCard.NT.AddReg]
HKR,,EnumPropPages32,,PciPorts.dll,ParallelPortPropPageProvider

; -------------- Parallel Port Driver install sections
[PCIPPorts_Service_Inst]
DisplayName = %PCI.ParallelPort%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START (1-SERVICE_SYSTEM_START)
ErrorControl = 0 ; SERVICE_ERROR_IGNORE ;; Check
ServiceBinary = %12%\PciPPorts.sys
LoadOrderGroup = Parallel arbitrator

[PCIPPorts_EventLog_Inst]
AddReg = PCIPPorts_EventLog_AddReg

[PCIPPorts_EventLog_AddReg]
HKR,,EventMessageFile,0x00020000,%%SystemRoot%%\System32\IoLogMsg.dll;%%SystemRoot%%\System32\drivers\PciPPorts.sys
HKR,,TypesSupported,0x00010001,7


[Uninstall.AddReg]
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\PCI Multi-Io Controller\%CustomerName%,VID_PID_NAME1,0,VEN_9710&DEV_9865



[Common.Files.x86_11]
PciPorts.dll

[Sys.Files.x86_12]
PciSPorts.sys
PciPPorts.sys
PciIsaSerial.sys


[Common.Files.x64_11]
PciPorts.dll

[Sys.Files.x64_12]
PciSPorts.sys
PciPPorts.sys
PciIsaSerial.sys


[Common.Files.AMD64_11]
PciPorts.dll

[Sys.Files.AMD64_12]
PciSPorts.sys
PciPPorts.sys
PciIsaSerial.sys



; User readable strings
;----------------------------------------------------------
[Strings]
CustomerName=MOSCHIP
ProviderName=MosChip Semiconductor Technology Ltd
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"OpenAL" = OpenAL
"PROSetDX" = Intel® Network Connections 15.6.25.0
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"Rage_is1" = Rage
"Red Faction Armageddon_is1" = Red Faction Armageddon
"Red Orchestra 2 Heroes of Stalingrad_is1" = Red Orchestra 2 Heroes of Stalingrad
"Shadowgrounds_is1" = Shadowgrounds
"SkiRegionSimulator2012EN_is1" = Ski Region Simulator 2012
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Tera Term Pro" = Tera Term Pro
"TightProjector_is1" = TightProjector 1.1.0
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/2/2012 12:45:19 PM | Computer Name = petro-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 1/2/2012 9:38:34 PM | Computer Name = petro-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 1/3/2012 5:50:23 PM | Computer Name = petro-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16912 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1b48 Start
Time: 01ccca618ec74d93 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: e9c9edf5-3654-11e1-89fa-14dae9096849

Error - 1/4/2012 1:30:03 AM | Computer Name = petro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 1:30:33 AM | Computer Name = petro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "R:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 8:34:18 AM | Computer Name = petro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 8:34:37 AM | Computer Name = petro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "R:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2012 8:34:59 AM | Computer Name = petro-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "R:\Program Files\f1\CustomActionOnFinishInst.exe".Error
in manifest or policy file "R:\Program Files\f1\CustomActionOnFinishInst.exe" on
line 1. Multiple requestedPrivileges elements are not allowed in manifest.

Error - 1/4/2012 8:33:37 PM | Computer Name = petro-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16912 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1484 Start
Time: 01cccb27bc8f6fab Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: d56d7a7f-3734-11e1-89fa-14dae9096849

Error - 1/4/2012 8:34:31 PM | Computer Name = petro-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16912 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 139c Start
Time: 01cccb41ac2e9ed7 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 03236742-3735-11e1-89fa-14dae9096849

[ OSession Events ]
Error - 12/7/2011 8:15:45 AM | Computer Name = petro-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 39805
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/2/2012 1:33:36 PM | Computer Name = petro-PC | Source = PciSPorts | ID = 393234
Description =

Error - 1/2/2012 1:33:39 PM | Computer Name = petro-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/2/2012 1:33:40 PM | Computer Name = petro-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 1/2/2012 1:33:40 PM | Computer Name = petro-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 1/2/2012 1:33:40 PM | Computer Name = petro-PC | Source = Service Control Manager | ID = 7003
Description = The Internet Connection Sharing (ICS) service depends the following
service: BFE. This service might not be installed.

Error - 1/2/2012 1:33:42 PM | Computer Name = petro-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 1/2/2012 1:33:50 PM | Computer Name = petro-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/2/2012 9:38:42 PM | Computer Name = petro-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 1/3/2012 4:34:14 AM | Computer Name = petro-PC | Source = DCOM | ID = 10001
Description =

Error - 1/4/2012 11:33:49 PM | Computer Name = petro-PC | Source = DCOM | ID = 10001
Description =


< End of report >

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 08 January 2012 - 03:19 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 10 January 2012 - 11:26 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 ractive

ractive
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 11 January 2012 - 12:17 PM

sorry , i just got back ,, i will post back in a min .

#5 ractive

ractive
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 11 January 2012 - 12:22 PM

Hello gringo . i was being impatient after i had my first post , and i started looking in the forum for others that might have same problem and i notice that combofix was used , so i used it and here is the log .
the computer seem to be doing much better now , no popup , no redirecing , but i thought i come back here and check anyway .
TIA

ComboFix 12-01-05.01 - petro 01/05/2012 10:53:10.5.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3313.2392 [GMT -5:00]
Running from: c:\users\petro\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\$NtUninstallKB46359$\1712069376
c:\windows\$NtUninstallKB46359$\1798102587\@
c:\windows\$NtUninstallKB46359$\1798102587\bckfg.tmp
c:\windows\$NtUninstallKB46359$\1798102587\cfg.ini
c:\windows\$NtUninstallKB46359$\1798102587\Desktop.ini
c:\windows\$NtUninstallKB46359$\1798102587\keywords
c:\windows\$NtUninstallKB46359$\1798102587\kwrd.dll
c:\windows\$NtUninstallKB46359$\1798102587\L\xadqgnnk
c:\windows\$NtUninstallKB46359$\1798102587\U\00000001.@
c:\windows\$NtUninstallKB46359$\1798102587\U\00000002.@
c:\windows\$NtUninstallKB46359$\1798102587\U\00000004.@
c:\windows\$NtUninstallKB46359$\1798102587\U\80000000.@
c:\windows\$NtUninstallKB46359$\1798102587\U\80000004.@
c:\windows\$NtUninstallKB46359$\1798102587\U\80000032.@
c:\windows\system32\tmp428C.tmp
c:\windows\system32\tmp428D.tmp
R:\install.exe
c:\windows\$NtUninstallKB46359$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 15:55 . 2012-01-05 15:57 -------- d-----w- c:\users\petro\AppData\Local\temp
2012-01-05 15:55 . 2012-01-05 15:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-05 15:55 . 2012-01-05 15:55 -------- d-----w- c:\users\Petro staff\AppData\Local\temp
2012-01-05 15:55 . 2012-01-05 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-05 15:50 . 2009-07-13 23:11 53760 ----a-w- c:\windows\system32\drivers\intelppm.sys
2012-01-03 17:49 . 2012-01-03 17:49 -------- d-----w- c:\program files\Common Files\Java
2012-01-03 17:49 . 2012-01-03 17:49 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-30 18:04 . 2011-12-30 18:04 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-20 19:21 . 2011-12-20 19:21 -------- d-----w- c:\programdata\IsolatedStorage
2011-12-20 19:21 . 2011-12-21 12:58 -------- d-----w- c:\program files\BlueMagnet
2011-12-19 08:43 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{851A97DB-BC3E-43AB-A772-2C4C00C4BBCC}\mpengine.dll
2011-12-16 12:19 . 2011-12-16 12:19 -------- d-----w- c:\programdata\RELOADED
2011-12-14 22:05 . 2011-11-24 04:23 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 22:05 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 22:05 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 22:04 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 22:04 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 22:04 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-09 18:59 . 2011-12-09 18:59 53248 ----a-r- c:\users\petro\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-12-09 18:58 . 2011-12-09 18:58 -------- d-----w- c:\users\petro\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 17:49 . 2011-09-12 20:50 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 20:24 . 2011-09-08 23:49 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 19:28 . 2011-11-25 19:28 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-11-25 19:28 . 2011-11-25 19:28 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-18 17:47 . 2011-09-03 16:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-27 12:59 . 2011-10-27 12:59 54016 ----a-w- c:\windows\system32\drivers\kltamvi.sys
2011-11-05 06:53 . 2011-11-18 16:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-09-03 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Steam"="r:\program files\Steam\Steam.exe" [2011-11-08 1242448]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-13 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-13 302240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="r:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ConduitHelper"="c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe" [2011-08-31 274216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-03 343168]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Malwarebytes' Anti-Malware"="r:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\users\petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FAXRX.lnk - c:\program files\Brother\Brmfl07b\FAXRX.exe [2011-9-7 524288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 MBAMService;MBAMService;r:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 43680]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-03 1343400]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 261160]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-03 176128]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-13 68768]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 87712]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-03 8606208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-03 248832]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-08 95720]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-08 292840]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 34976]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 242336]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-09-21 238248]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys [2008-05-22 81920]
S3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\DRIVERS\PciSPorts.sys [2008-05-22 115712]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 9600]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1158921400-4108885450-3742613323-1000Core.job
- c:\users\petro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:58]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1158921400-4108885450-3742613323-1000UA.job
- c:\users\petro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:58]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.online.petro-canada.ca/cleartrust/ct_logon.asp?CTAuthMode=SECURID&ct_orig_uri=%2Fppass%2F
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\petro\AppData\Roaming\Mozilla\Firefox\Profiles\wd5hjolm.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-13277964.sys
SafeBoot-33790652.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1158921400-4108885450-3742613323-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**ĂS&iü']
"LP_LastUpdateTime"="1316631108"
"LP_LastCheckTime"=dword:4e7a3248
"LP_ReloadIntervalInHours"=dword:000002a0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3312)
c:\program files\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PrintIsolationHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-01-05 10:57:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-05 15:57
ComboFix2.txt 2011-09-12 18:02
ComboFix3.txt 2011-09-11 12:07
ComboFix4.txt 2011-09-10 18:53
ComboFix5.txt 2012-01-05 15:49
.
Pre-Run: 13,125,971,968 bytes free
Post-Run: 13,146,980,352 bytes free
.
- - End Of File - - BE3BF2E53321C506A8F9178E383F0131

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 11 January 2012 - 01:46 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\uTorrentBar
c:\users\Public\Conduit

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ractive

ractive
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 12 January 2012 - 09:43 AM

Hello .
okay so i ran combofix , and it says that was infected with a rootkit .


ComboFix 12-01-12.02 - petro 01/12/2012 9:37.6.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3313.2461 [GMT -5:00]
Running from: c:\users\petro\Downloads\ComboFix.exe
Command switches used :: c:\users\petro\Desktop\cfscript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\ldrtbuTor.dll
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\prxtbuTor.dll
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\uninstall.exe
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\users\Public\Conduit
c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe
c:\users\Public\Conduit\ConduitHelper\ELib.dll
c:\users\Public\Conduit\ConduitHelper\Lang\en.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 14:39 . 2012-01-12 14:39 -------- d-----w- c:\users\petro\AppData\Local\temp
2012-01-11 14:08 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:07 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:07 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:07 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-09 19:17 . 2012-01-09 19:17 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-09 19:17 . 2012-01-09 19:17 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 19:17 . 2012-01-09 19:17 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-09 19:17 . 2012-01-09 19:17 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-06 12:33 . 2012-01-06 12:33 -------- d-----w- c:\program files\HyperSerialPort
2012-01-05 15:50 . 2009-07-13 23:11 53760 ----a-w- c:\windows\system32\drivers\intelppm.sys
2012-01-03 17:49 . 2012-01-03 17:49 -------- d-----w- c:\program files\Common Files\Java
2012-01-03 17:49 . 2012-01-03 17:49 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-30 18:04 . 2011-12-30 18:04 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-20 19:21 . 2011-12-20 19:21 -------- d-----w- c:\programdata\IsolatedStorage
2011-12-20 19:21 . 2011-12-21 12:58 -------- d-----w- c:\program files\BlueMagnet
2011-12-19 08:43 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{851A97DB-BC3E-43AB-A772-2C4C00C4BBCC}\mpengine.dll
2011-12-16 12:19 . 2011-12-16 12:19 -------- d-----w- c:\programdata\RELOADED
2011-12-14 22:05 . 2011-11-24 04:23 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 22:05 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 22:05 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 22:04 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 22:04 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 22:04 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 17:49 . 2011-09-12 20:50 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 20:24 . 2011-09-08 23:49 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 18:59 . 2011-12-09 18:59 53248 ----a-r- c:\users\petro\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-11-25 19:28 . 2011-11-25 19:28 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-11-25 19:28 . 2011-11-25 19:28 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-18 17:47 . 2011-09-03 16:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-27 12:59 . 2011-10-27 12:59 54016 ----a-w- c:\windows\system32\drivers\kltamvi.sys
2012-01-09 19:17 . 2011-11-18 16:40 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-09-03 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
c:\program files\uTorrentBar\prxtbuTor.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Steam"="r:\program files\Steam\Steam.exe" [2011-11-08 1242448]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-03-13 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-03-13 302240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="r:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-03 343168]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Malwarebytes' Anti-Malware"="r:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\users\petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FAXRX.lnk - c:\program files\Brother\Brmfl07b\FAXRX.exe [2011-9-7 524288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 43680]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-03 1343400]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 261160]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-03 176128]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-03-13 68768]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 87712]
S2 MBAMService;MBAMService;r:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-03 8606208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-03 248832]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-08 95720]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-08 292840]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 34976]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 242336]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-09-21 238248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys [2008-05-22 81920]
S3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\DRIVERS\PciSPorts.sys [2008-05-22 115712]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 9600]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1158921400-4108885450-3742613323-1000Core.job
- c:\users\petro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:58]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1158921400-4108885450-3742613323-1000UA.job
- c:\users\petro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:58]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.online.petro-canada.ca/cleartrust/ct_logon.asp?CTAuthMode=SECURID&ct_orig_uri=%2Fppass%2F
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\petro\AppData\Roaming\Mozilla\Firefox\Profiles\wd5hjolm.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ConduitHelper - c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1158921400-4108885450-3742613323-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**ĂS&iü']
"LP_LastUpdateTime"="1316631108"
"LP_LastCheckTime"=dword:4e7a3248
"LP_ReloadIntervalInHours"=dword:000002a0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-12 09:40:27
ComboFix-quarantined-files.txt 2012-01-12 14:40
ComboFix2.txt 2012-01-05 15:57
ComboFix3.txt 2011-09-12 18:02
ComboFix4.txt 2011-09-11 12:07
ComboFix5.txt 2012-01-12 14:35
.
Pre-Run: 12,485,287,936 bytes free
Post-Run: 12,435,857,408 bytes free
.
- - End Of File - - 1535D7299F48914240F0C314F77DFF28

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 12 January 2012 - 01:38 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ractive

ractive
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 12 January 2012 - 03:53 PM

Update for Microsoft Office 2007 (KB2508958)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
AMD APP SDK Runtime
AMD AVIVO Codecs
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
Asmedia ASM104x USB 3.0 Host Controller Driver
Assassin's Creed Revelations
Battlefield: Bad Company™ 2
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
BlueMAGNET 3.1
Bluetooth Win7 Suite
Bonjour
Brother MFL-Pro Suite MFC-7440N
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Counter-Strike: Condition Zero
D3DX10
Deus Ex - Human Revolution version 1.0
DiRT 3
Driver San Francisco
Driving Simulator 2011 Version 1.46
ESET Online Scanner v3
F1 2011
FIFA 12 © EA version 1
FlatOut 3 © Strategy First version 1
Google Talk Plugin
HiJackThis
HydraVision
HyperSerialPort
ImgBurn
Intel® Management Engine Components
Intel® Network Connections 15.6.25.0
iTunes
Java Auto Updater
Java™ 7 Update 2
JMicron JMB36X Driver
Malwarebytes Anti-Malware version 1.60.0.1800
marvell 91xx driver
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MixMeister BPM Analyzer 1.0
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT Redists
Need for Speed™ The Run
NewsLeecher v3.9 Final
NVIDIA PhysX
OpenAL
Portal 2
PunkBuster Services
QuickPar 0.9
QuickTime
Rage
Rapture3D 2.4.9 Game
Realtek High Definition Audio Driver
Red Faction Armageddon
Red Orchestra 2 Heroes of Stalingrad
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shadowgrounds
Ski Region Simulator 2012
Skype™ 5.5
Steam
Steel Armor
System Requirements Lab CYRI
Tera Term Pro
TightProjector 1.1.0
TrackMania 2 - Canyon
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
Vegas Pro 10.0
VLC media player 1.1.11
WarBirds Dogfights
Warhammer 40k Space Marine version 1.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (32-bit)
WRC 2 FIA World Rally Championship

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 12 January 2012 - 04:19 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

µTorrent
McAfee Security Scan Plus
uTorrentBar Toolbar


and click on remove



TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ractive

ractive
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 13 January 2012 - 07:59 AM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
petro :: PETRO-PC [administrator]

Protection: Disabled

1/13/2012 7:55:53 AM
mbam-log-2012-01-13 (07-55-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206274
Time elapsed: 1 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:57:52 AM, on 1/13/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
R:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
R:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.online.petro-canada.ca/cleartrust/ct_logon.asp?CTAuthMode=SECURID&ct_orig_uri=%2Fppass%2F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "R:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "r:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "R:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\Brmfl07b\FAXRX.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - r:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7002 bytes

no problems ,, clean as a whistle , i think .

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 13 January 2012 - 10:32 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [Steam] "R:\Program Files\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ractive

ractive
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 13 January 2012 - 03:47 PM

C:\Qoobox\Quarantine\C\Windows\msmgm.exe.vir a variant of Win32/Agent.SDL trojan
C:\Qoobox\Quarantine\C\Windows\System32\ad5ox.dll.vir a variant of Win32/Ertfor.C trojan
C:\Windows\System32\drivers\dfsc.sys a variant of Win32/Rootkit.Kryptik.HA trojan
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_87c60c95472f7333\dfsc.sys a variant of Win32/Rootkit.Kryptik.HA trojan
R:\downloads\Microsoft Office 2007 Ultimate Edition with SP1 v12 0 6213 1000-NoPE\n-mo2k7u.iso MSIL/TrojanDownloader.Agent.AF trojan
R:\downloads\Newsleecher_3.9_Final_with_CRK_keygens\NewsLeecher_3.9_Final_and_[FFF-Keygen].rar probably a variant of Win32/Agent.DWEJFBY trojan
R:\downloads\NFS.THE.RUN.BITGAMER\CRACK.rar a variant of Win32/Packed.VMProtect.AAM trojan
R:\downloads\Sony Software Bundle and key gen-patch\Sony Keygen.rar a variant of Win32/Packed.VMProtect.AAD trojan
R:\downloads\Sony Software Bundle and key gen-patch\Vegas 10c Keygen.exe a variant of Win32/Packed.VMProtect.AAD trojan

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:56 AM

Posted 13 January 2012 - 05:15 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
dfsc.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ractive

ractive
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 13 January 2012 - 06:12 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 18:11 on 13/01/2012 by petro
Administrator - Elevation successful

========== filefind ==========

Searching for "dfsc.sys"
C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_89a197c9445dfde9\dfsc.sys --a---- 78336 bytes [11:01 05/09/2011] [08:42 20/11/2010] F024449C97EC1E464AAFFDA18593DB88
C:\Windows\System32\drivers\dfsc.sys --a---- 78336 bytes [07:07 04/09/2011] [02:33 27/04/2011] 73DC69B5A3BFCAD731F7BDAEA8734DF7
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys --a---- 78336 bytes [23:14 13/07/2009] [23:14 13/07/2009] 8E09E52EE2E3CEB199EF3DD99CF9E3FB
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_87c60c95472f7333\dfsc.sys --a---- 78336 bytes [07:07 04/09/2011] [02:33 27/04/2011] 73DC69B5A3BFCAD731F7BDAEA8734DF7
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_8818997a6076855b\dfsc.sys --a---- 78336 bytes [07:07 04/09/2011] [02:24 27/04/2011] 886E8C1608146CC355DDD455F5C8DD87

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users