Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue scanner, ESET, sirefef trojan


  • This topic is locked This topic is locked
26 replies to this topic

#1 babelsgp

babelsgp

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 09 February 2012 - 01:27 AM

I have ESET NOD32 Antivirus 4.2.67.10, it came with my computer. I recently had an attack by one of those rogue scanners, I don't remember which one. I knew I didn't install it, intentionally, so I ran my antivirus software and thought that would be that. However, every time I run a scan I get the same trojan file as if ESET isn't cleaning it properly.

This is the file ESET finds everytime I run a scan.
Operating memory » \GLOBAL??\0b043b2e\WINDOWS\$NtUninstallKB12330$\184826670\Desktop.ini - a variant of Win32/Sirefef.DN trojan - cleaned by deleting [1]

Since the attack by the rogue scanner: when I do google searches and click on weblinks I get sent to other sites, and sometimes new tabs will also generate. Unsure if it related but when I use gmail, sometimes my cursor will change location making typing an email frustrating.

Also, this is my first PC in a long time, used to game, and have since gone to Mac. In the past I had prefered to stay away from Symantec, Norton, etc. is there any other less invasive anti-virus software available?

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:47 AM

Posted 10 February 2012 - 02:22 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 babelsgp

babelsgp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 10 February 2012 - 07:34 PM

Firstly, thank you, I did run the dds, and gmer that we were told to use prior to posting, if you need that information as well let me know. Here is the info from the TDSS rootkit tool.

19:23:34.0734 1076 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
19:23:35.0109 1076 ============================================================
19:23:35.0109 1076 Current date / time: 2012/02/10 19:23:35.0109
19:23:35.0109 1076 SystemInfo:
19:23:35.0109 1076
19:23:35.0109 1076 OS Version: 5.1.2600 ServicePack: 3.0
19:23:35.0109 1076 Product type: Workstation
19:23:35.0109 1076 ComputerName: 0015C54172AB2K6
19:23:35.0109 1076 UserName: Administrator
19:23:35.0109 1076 Windows directory: C:\WINDOWS
19:23:35.0109 1076 System windows directory: C:\WINDOWS
19:23:35.0109 1076 Processor architecture: Intel x86
19:23:35.0109 1076 Number of processors: 2
19:23:35.0109 1076 Page size: 0x1000
19:23:35.0109 1076 Boot type: Normal boot
19:23:35.0109 1076 ============================================================
19:23:41.0250 1076 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:23:41.0250 1076 \Device\Harddisk0\DR0:
19:23:41.0250 1076 MBR used
19:23:41.0250 1076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xBA395BB
19:23:41.0296 1076 Initialize success
19:23:41.0296 1076 ============================================================
19:24:02.0015 6088 ============================================================
19:24:02.0015 6088 Scan started
19:24:02.0015 6088 Mode: Manual; SigCheck; TDLFS;
19:24:02.0015 6088 ============================================================
19:24:03.0265 6088 Abiosdsk - ok
19:24:03.0328 6088 abp480n5 - ok
19:24:03.0437 6088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\Drivers\acpi.sys
19:24:04.0625 6088 ACPI ( UnsignedFile.Multi.Generic ) - warning
19:24:04.0625 6088 ACPI - detected UnsignedFile.Multi.Generic (1)
19:24:04.0875 6088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:24:04.0906 6088 ACPIEC ( UnsignedFile.Multi.Generic ) - warning
19:24:04.0906 6088 ACPIEC - detected UnsignedFile.Multi.Generic (1)
19:24:04.0984 6088 adpu160m - ok
19:24:05.0125 6088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:24:05.0171 6088 aec ( UnsignedFile.Multi.Generic ) - warning
19:24:05.0171 6088 aec - detected UnsignedFile.Multi.Generic (1)
19:24:05.0265 6088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:24:05.0281 6088 AFD ( UnsignedFile.Multi.Generic ) - warning
19:24:05.0281 6088 AFD - detected UnsignedFile.Multi.Generic (1)
19:24:05.0312 6088 Aha154x - ok
19:24:05.0406 6088 aic78u2 - ok
19:24:05.0515 6088 aic78xx - ok
19:24:05.0750 6088 AliIde - ok
19:24:05.0781 6088 amsint - ok
19:24:05.0828 6088 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
19:24:05.0828 6088 ApfiltrService ( UnsignedFile.Multi.Generic ) - warning
19:24:05.0828 6088 ApfiltrService - detected UnsignedFile.Multi.Generic (1)
19:24:05.0843 6088 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
19:24:05.0859 6088 APPDRV ( UnsignedFile.Multi.Generic ) - warning
19:24:05.0859 6088 APPDRV - detected UnsignedFile.Multi.Generic (1)
19:24:05.0937 6088 asc - ok
19:24:05.0968 6088 asc3350p - ok
19:24:06.0000 6088 asc3550 - ok
19:24:06.0093 6088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:24:06.0109 6088 AsyncMac ( UnsignedFile.Multi.Generic ) - warning
19:24:06.0109 6088 AsyncMac - detected UnsignedFile.Multi.Generic (1)
19:24:06.0140 6088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\Drivers\atapi.sys
19:24:06.0156 6088 atapi ( UnsignedFile.Multi.Generic ) - warning
19:24:06.0156 6088 atapi - detected UnsignedFile.Multi.Generic (1)
19:24:06.0171 6088 Atdisk - ok
19:24:06.0218 6088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:24:06.0250 6088 Atmarpc ( UnsignedFile.Multi.Generic ) - warning
19:24:06.0250 6088 Atmarpc - detected UnsignedFile.Multi.Generic (1)
19:24:06.0281 6088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:24:06.0312 6088 audstub ( UnsignedFile.Multi.Generic ) - warning
19:24:06.0312 6088 audstub - detected UnsignedFile.Multi.Generic (1)
19:24:06.0328 6088 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:24:06.0359 6088 b57w2k ( UnsignedFile.Multi.Generic ) - warning
19:24:06.0359 6088 b57w2k - detected UnsignedFile.Multi.Generic (1)
19:24:06.0406 6088 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:24:06.0453 6088 BCM43XX ( UnsignedFile.Multi.Generic ) - warning
19:24:06.0453 6088 BCM43XX - detected UnsignedFile.Multi.Generic (1)
19:24:06.0546 6088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:24:06.0578 6088 Beep ( UnsignedFile.Multi.Generic ) - warning
19:24:06.0578 6088 Beep - detected UnsignedFile.Multi.Generic (1)
19:24:06.0796 6088 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:24:06.0828 6088 BthEnum ( UnsignedFile.Multi.Generic ) - warning
19:24:06.0828 6088 BthEnum - detected UnsignedFile.Multi.Generic (1)
19:24:06.0906 6088 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
19:24:06.0937 6088 BTHMODEM ( UnsignedFile.Multi.Generic ) - warning
19:24:06.0937 6088 BTHMODEM - detected UnsignedFile.Multi.Generic (1)
19:24:07.0000 6088 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:24:07.0000 6088 BthPan ( UnsignedFile.Multi.Generic ) - warning
19:24:07.0000 6088 BthPan - detected UnsignedFile.Multi.Generic (1)
19:24:07.0125 6088 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
19:24:07.0140 6088 BTHPORT ( UnsignedFile.Multi.Generic ) - warning
19:24:07.0140 6088 BTHPORT - detected UnsignedFile.Multi.Generic (1)
19:24:07.0265 6088 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
19:24:07.0281 6088 BTHUSB ( UnsignedFile.Multi.Generic ) - warning
19:24:07.0281 6088 BTHUSB - detected UnsignedFile.Multi.Generic (1)
19:24:07.0390 6088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:24:07.0453 6088 cbidf2k ( UnsignedFile.Multi.Generic ) - warning
19:24:07.0453 6088 cbidf2k - detected UnsignedFile.Multi.Generic (1)
19:24:07.0593 6088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:24:07.0656 6088 CCDECODE ( UnsignedFile.Multi.Generic ) - warning
19:24:07.0656 6088 CCDECODE - detected UnsignedFile.Multi.Generic (1)
19:24:07.0718 6088 cd20xrnt - ok
19:24:07.0765 6088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:24:07.0796 6088 Cdaudio ( UnsignedFile.Multi.Generic ) - warning
19:24:07.0796 6088 Cdaudio - detected UnsignedFile.Multi.Generic (1)
19:24:07.0843 6088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:24:07.0875 6088 Cdfs ( UnsignedFile.Multi.Generic ) - warning
19:24:07.0875 6088 Cdfs - detected UnsignedFile.Multi.Generic (1)
19:24:07.0937 6088 CdRom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:24:07.0953 6088 CdRom ( UnsignedFile.Multi.Generic ) - warning
19:24:07.0953 6088 CdRom - detected UnsignedFile.Multi.Generic (1)
19:24:08.0046 6088 Changer - ok
19:24:08.0156 6088 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:24:08.0171 6088 CmBatt ( UnsignedFile.Multi.Generic ) - warning
19:24:08.0171 6088 CmBatt - detected UnsignedFile.Multi.Generic (1)
19:24:08.0312 6088 CmdIde - ok
19:24:08.0406 6088 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:24:08.0437 6088 Compbatt ( UnsignedFile.Multi.Generic ) - warning
19:24:08.0437 6088 Compbatt - detected UnsignedFile.Multi.Generic (1)
19:24:08.0500 6088 Cpqarray - ok
19:24:08.0593 6088 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
19:24:08.0609 6088 CVirtA ( UnsignedFile.Multi.Generic ) - warning
19:24:08.0609 6088 CVirtA - detected UnsignedFile.Multi.Generic (1)
19:24:08.0687 6088 CVPNDRVA (4a2a552c4d1dec844a165b90ce4ac7aa) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
19:24:08.0734 6088 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
19:24:08.0734 6088 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
19:24:08.0828 6088 dac2w2k - ok
19:24:08.0875 6088 dac960nt - ok
19:24:08.0953 6088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\Drivers\disk.sys
19:24:08.0984 6088 Disk ( UnsignedFile.Multi.Generic ) - warning
19:24:08.0984 6088 Disk - detected UnsignedFile.Multi.Generic (1)
19:24:09.0109 6088 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
19:24:09.0156 6088 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
19:24:09.0156 6088 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
19:24:09.0218 6088 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
19:24:09.0250 6088 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
19:24:09.0250 6088 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
19:24:09.0312 6088 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
19:24:09.0312 6088 DLADResN ( UnsignedFile.Multi.Generic ) - warning
19:24:09.0312 6088 DLADResN - detected UnsignedFile.Multi.Generic (1)
19:24:09.0359 6088 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
19:24:09.0390 6088 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
19:24:09.0390 6088 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
19:24:09.0421 6088 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
19:24:09.0453 6088 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
19:24:09.0453 6088 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
19:24:09.0484 6088 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
19:24:09.0515 6088 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
19:24:09.0515 6088 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
19:24:09.0562 6088 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
19:24:09.0578 6088 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
19:24:09.0578 6088 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
19:24:09.0687 6088 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
19:24:09.0703 6088 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
19:24:09.0703 6088 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
19:24:09.0750 6088 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
19:24:09.0781 6088 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
19:24:09.0781 6088 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
19:24:09.0984 6088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:24:10.0078 6088 dmboot ( UnsignedFile.Multi.Generic ) - warning
19:24:10.0078 6088 dmboot - detected UnsignedFile.Multi.Generic (1)
19:24:10.0234 6088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:24:10.0281 6088 dmio ( UnsignedFile.Multi.Generic ) - warning
19:24:10.0281 6088 dmio - detected UnsignedFile.Multi.Generic (1)
19:24:10.0390 6088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:24:10.0421 6088 dmload ( UnsignedFile.Multi.Generic ) - warning
19:24:10.0421 6088 dmload - detected UnsignedFile.Multi.Generic (1)
19:24:10.0593 6088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:24:10.0593 6088 DMusic ( UnsignedFile.Multi.Generic ) - warning
19:24:10.0593 6088 DMusic - detected UnsignedFile.Multi.Generic (1)
19:24:10.0703 6088 DNE (e471c1722f3a9e86d691a3e738318b6b) C:\WINDOWS\system32\DRIVERS\dne2000.sys
19:24:10.0703 6088 DNE ( UnsignedFile.Multi.Generic ) - warning
19:24:10.0703 6088 DNE - detected UnsignedFile.Multi.Generic (1)
19:24:10.0750 6088 dpti2o - ok
19:24:10.0890 6088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:24:10.0921 6088 drmkaud ( UnsignedFile.Multi.Generic ) - warning
19:24:10.0921 6088 drmkaud - detected UnsignedFile.Multi.Generic (1)
19:24:11.0031 6088 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
19:24:11.0062 6088 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
19:24:11.0062 6088 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
19:24:11.0187 6088 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
19:24:11.0203 6088 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
19:24:11.0203 6088 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
19:24:11.0281 6088 eamon (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
19:24:21.0390 6088 eamon - ok
19:24:21.0734 6088 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
19:24:21.0781 6088 ehdrv - ok
19:24:21.0828 6088 epfwtdir (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
19:24:21.0906 6088 epfwtdir - ok
19:24:22.0046 6088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:24:22.0078 6088 Fastfat ( UnsignedFile.Multi.Generic ) - warning
19:24:22.0078 6088 Fastfat - detected UnsignedFile.Multi.Generic (1)
19:24:22.0156 6088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:24:22.0171 6088 Fdc ( UnsignedFile.Multi.Generic ) - warning
19:24:22.0171 6088 Fdc - detected UnsignedFile.Multi.Generic (1)
19:24:22.0296 6088 FilterService (64795f5368272d034a108d34c0f4e44f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
19:24:22.0312 6088 FilterService - ok
19:24:22.0359 6088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:24:22.0390 6088 Fips ( UnsignedFile.Multi.Generic ) - warning
19:24:22.0390 6088 Fips - detected UnsignedFile.Multi.Generic (1)
19:24:22.0593 6088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:24:22.0640 6088 Flpydisk ( UnsignedFile.Multi.Generic ) - warning
19:24:22.0640 6088 Flpydisk - detected UnsignedFile.Multi.Generic (1)
19:24:22.0703 6088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:24:22.0750 6088 FltMgr ( UnsignedFile.Multi.Generic ) - warning
19:24:22.0750 6088 FltMgr - detected UnsignedFile.Multi.Generic (1)
19:24:22.0812 6088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:24:22.0859 6088 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
19:24:22.0859 6088 Fs_Rec - detected UnsignedFile.Multi.Generic (1)
19:24:22.0968 6088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:24:23.0000 6088 Ftdisk ( UnsignedFile.Multi.Generic ) - warning
19:24:23.0000 6088 Ftdisk - detected UnsignedFile.Multi.Generic (1)
19:24:23.0093 6088 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:24:23.0109 6088 GEARAspiWDM - ok
19:24:23.0234 6088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:24:23.0265 6088 Gpc ( UnsignedFile.Multi.Generic ) - warning
19:24:23.0265 6088 Gpc - detected UnsignedFile.Multi.Generic (1)
19:24:23.0500 6088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:24:23.0500 6088 HDAudBus ( UnsignedFile.Multi.Generic ) - warning
19:24:23.0500 6088 HDAudBus - detected UnsignedFile.Multi.Generic (1)
19:24:23.0593 6088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:24:23.0625 6088 HidUsb ( UnsignedFile.Multi.Generic ) - warning
19:24:23.0625 6088 HidUsb - detected UnsignedFile.Multi.Generic (1)
19:24:23.0703 6088 hpn - ok
19:24:23.0796 6088 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
19:24:23.0843 6088 HSF_DPV ( UnsignedFile.Multi.Generic ) - warning
19:24:23.0843 6088 HSF_DPV - detected UnsignedFile.Multi.Generic (1)
19:24:23.0921 6088 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
19:24:23.0953 6088 HSXHWAZL ( UnsignedFile.Multi.Generic ) - warning
19:24:23.0953 6088 HSXHWAZL - detected UnsignedFile.Multi.Generic (1)
19:24:24.0203 6088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:24:24.0218 6088 HTTP ( UnsignedFile.Multi.Generic ) - warning
19:24:24.0218 6088 HTTP - detected UnsignedFile.Multi.Generic (1)
19:24:24.0250 6088 i2omgmt - ok
19:24:24.0296 6088 i2omp - ok
19:24:24.0468 6088 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\Drivers\i8042prt.sys
19:24:24.0531 6088 i8042prt ( UnsignedFile.Multi.Generic ) - warning
19:24:24.0531 6088 i8042prt - detected UnsignedFile.Multi.Generic (1)
19:24:24.0640 6088 IAB_KW (b00918a69ebb099e234bd00f651d8c6c) C:\IONOPTIX\CURRENT\IAB_KW.SYS
19:24:24.0671 6088 IAB_KW ( UnsignedFile.Multi.Generic ) - warning
19:24:24.0671 6088 IAB_KW - detected UnsignedFile.Multi.Generic (1)
19:24:24.0953 6088 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:24:25.0156 6088 ialm ( UnsignedFile.Multi.Generic ) - warning
19:24:25.0156 6088 ialm - detected UnsignedFile.Multi.Generic (1)
19:24:25.0312 6088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:24:25.0359 6088 Imapi ( UnsignedFile.Multi.Generic ) - warning
19:24:25.0359 6088 Imapi - detected UnsignedFile.Multi.Generic (1)
19:24:25.0406 6088 ini910u - ok
19:24:25.0453 6088 IntelIde - ok
19:24:25.0562 6088 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:24:25.0562 6088 intelppm ( UnsignedFile.Multi.Generic ) - warning
19:24:25.0562 6088 intelppm - detected UnsignedFile.Multi.Generic (1)
19:24:25.0718 6088 IOAKD_KW (899d506830cc8ea362093d8682acabed) C:\IONOPTIX\CURRENT\IOAKD_KW.SYS
19:24:25.0781 6088 IOAKD_KW ( UnsignedFile.Multi.Generic ) - warning
19:24:25.0781 6088 IOAKD_KW - detected UnsignedFile.Multi.Generic (1)
19:24:25.0796 6088 IONAK_KW (39d0f23bdb500bcc4abdd9d0750c812e) C:\IONOPTIX\CURRENT\IONAK_KW.SYS
19:24:25.0796 6088 IONAK_KW ( UnsignedFile.Multi.Generic ) - warning
19:24:25.0796 6088 IONAK_KW - detected UnsignedFile.Multi.Generic (1)
19:24:26.0062 6088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:24:26.0109 6088 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
19:24:26.0109 6088 Ip6Fw - detected UnsignedFile.Multi.Generic (1)
19:24:26.0171 6088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:24:26.0218 6088 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
19:24:26.0218 6088 IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
19:24:26.0281 6088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:24:26.0312 6088 IpInIp ( UnsignedFile.Multi.Generic ) - warning
19:24:26.0312 6088 IpInIp - detected UnsignedFile.Multi.Generic (1)
19:24:26.0390 6088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:24:26.0390 6088 IpNat ( UnsignedFile.Multi.Generic ) - warning
19:24:26.0390 6088 IpNat - detected UnsignedFile.Multi.Generic (1)
19:24:26.0453 6088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:24:26.0500 6088 IPSec ( UnsignedFile.Multi.Generic ) - warning
19:24:26.0500 6088 IPSec - detected UnsignedFile.Multi.Generic (1)
19:24:26.0687 6088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:24:26.0734 6088 IRENUM ( UnsignedFile.Multi.Generic ) - warning
19:24:26.0734 6088 IRENUM - detected UnsignedFile.Multi.Generic (1)
19:24:26.0859 6088 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\Drivers\isapnp.sys
19:24:26.0906 6088 isapnp ( UnsignedFile.Multi.Generic ) - warning
19:24:26.0906 6088 isapnp - detected UnsignedFile.Multi.Generic (1)
19:24:27.0000 6088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:24:27.0046 6088 Kbdclass ( UnsignedFile.Multi.Generic ) - warning
19:24:27.0046 6088 Kbdclass - detected UnsignedFile.Multi.Generic (1)
19:24:27.0140 6088 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:24:27.0171 6088 kbdhid ( UnsignedFile.Multi.Generic ) - warning
19:24:27.0171 6088 kbdhid - detected UnsignedFile.Multi.Generic (1)
19:24:27.0218 6088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:24:27.0218 6088 kmixer ( UnsignedFile.Multi.Generic ) - warning
19:24:27.0218 6088 kmixer - detected UnsignedFile.Multi.Generic (1)
19:24:27.0312 6088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:24:27.0328 6088 KSecDD ( UnsignedFile.Multi.Generic ) - warning
19:24:27.0328 6088 KSecDD - detected UnsignedFile.Multi.Generic (1)
19:24:27.0531 6088 lbrtfdc - ok
19:24:27.0781 6088 LVcKap (2d0ab9d29e6b0c42cce955b5a8e0d62d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
19:24:28.0171 6088 LVcKap - ok
19:24:28.0359 6088 LVMVDrv (a3963e3d997c3646e1d3338eb88a48e9) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
19:24:28.0562 6088 LVMVDrv - ok
19:24:28.0906 6088 lvpopflt (2154ea3701f4f1f8f2ab7750b41f149b) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
19:24:29.0109 6088 lvpopflt - ok
19:24:29.0296 6088 LVPr2Mon (39c767bd6d99c23d28e71b6e0cba3129) C:\WINDOWS\system32\drivers\LVPr2Mon.sys
19:24:29.0312 6088 LVPr2Mon - ok
19:24:29.0421 6088 LVUSBSta (6ad3f5275f117f08c12eab2233a9e3fb) C:\WINDOWS\system32\drivers\lvusbsta.sys
19:24:29.0437 6088 LVUSBSta - ok
19:24:29.0718 6088 LVUVC (b48e599a8cf96876760c7ee62c1352ec) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
19:24:29.0921 6088 LVUVC - ok
19:24:30.0062 6088 LXETORKW (2e7896ba326236d49e1e3fbed6b4aec3) C:\IONOPTIX\CURRENT\LXETORKW.SYS
19:24:30.0093 6088 LXETORKW ( UnsignedFile.Multi.Generic ) - warning
19:24:30.0109 6088 LXETORKW - detected UnsignedFile.Multi.Generic (1)
19:24:30.0281 6088 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:24:30.0281 6088 mdmxsdk ( UnsignedFile.Multi.Generic ) - warning
19:24:30.0281 6088 mdmxsdk - detected UnsignedFile.Multi.Generic (1)
19:24:30.0421 6088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:24:30.0453 6088 mnmdd ( UnsignedFile.Multi.Generic ) - warning
19:24:30.0453 6088 mnmdd - detected UnsignedFile.Multi.Generic (1)
19:24:30.0625 6088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:24:30.0625 6088 Modem ( UnsignedFile.Multi.Generic ) - warning
19:24:30.0625 6088 Modem - detected UnsignedFile.Multi.Generic (1)
19:24:30.0859 6088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:24:30.0890 6088 Mouclass ( UnsignedFile.Multi.Generic ) - warning
19:24:30.0890 6088 Mouclass - detected UnsignedFile.Multi.Generic (1)
19:24:30.0984 6088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:24:31.0015 6088 mouhid ( UnsignedFile.Multi.Generic ) - warning
19:24:31.0015 6088 mouhid - detected UnsignedFile.Multi.Generic (1)
19:24:31.0109 6088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:24:31.0140 6088 MountMgr ( UnsignedFile.Multi.Generic ) - warning
19:24:31.0140 6088 MountMgr - detected UnsignedFile.Multi.Generic (1)
19:24:31.0218 6088 mraid35x - ok
19:24:31.0265 6088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:24:31.0328 6088 MRxDAV ( UnsignedFile.Multi.Generic ) - warning
19:24:31.0328 6088 MRxDAV - detected UnsignedFile.Multi.Generic (1)
19:24:31.0421 6088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:24:31.0437 6088 MRxSmb ( UnsignedFile.Multi.Generic ) - warning
19:24:31.0437 6088 MRxSmb - detected UnsignedFile.Multi.Generic (1)
19:24:31.0546 6088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:24:31.0578 6088 Msfs ( UnsignedFile.Multi.Generic ) - warning
19:24:31.0578 6088 Msfs - detected UnsignedFile.Multi.Generic (1)
19:24:31.0687 6088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:24:31.0734 6088 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
19:24:31.0734 6088 MSKSSRV - detected UnsignedFile.Multi.Generic (1)
19:24:31.0828 6088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:24:31.0875 6088 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
19:24:31.0875 6088 MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
19:24:31.0968 6088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:24:32.0000 6088 MSPQM ( UnsignedFile.Multi.Generic ) - warning
19:24:32.0000 6088 MSPQM - detected UnsignedFile.Multi.Generic (1)
19:24:32.0062 6088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:24:32.0062 6088 mssmbios ( UnsignedFile.Multi.Generic ) - warning
19:24:32.0062 6088 mssmbios - detected UnsignedFile.Multi.Generic (1)
19:24:32.0125 6088 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:24:32.0156 6088 MSTEE ( UnsignedFile.Multi.Generic ) - warning
19:24:32.0156 6088 MSTEE - detected UnsignedFile.Multi.Generic (1)
19:24:32.0296 6088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:24:32.0296 6088 Mup ( UnsignedFile.Multi.Generic ) - warning
19:24:32.0296 6088 Mup - detected UnsignedFile.Multi.Generic (1)
19:24:32.0437 6088 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:24:32.0453 6088 NABTSFEC ( UnsignedFile.Multi.Generic ) - warning
19:24:32.0453 6088 NABTSFEC - detected UnsignedFile.Multi.Generic (1)
19:24:32.0593 6088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:24:32.0609 6088 NDIS ( UnsignedFile.Multi.Generic ) - warning
19:24:32.0609 6088 NDIS - detected UnsignedFile.Multi.Generic (1)
19:24:32.0671 6088 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:24:32.0718 6088 NdisIP ( UnsignedFile.Multi.Generic ) - warning
19:24:32.0718 6088 NdisIP - detected UnsignedFile.Multi.Generic (1)
19:24:32.0843 6088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:24:32.0843 6088 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
19:24:32.0843 6088 NdisTapi - detected UnsignedFile.Multi.Generic (1)
19:24:32.0906 6088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:24:32.0921 6088 Ndisuio ( UnsignedFile.Multi.Generic ) - warning
19:24:32.0921 6088 Ndisuio - detected UnsignedFile.Multi.Generic (1)
19:24:32.0984 6088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:24:33.0015 6088 NdisWan ( UnsignedFile.Multi.Generic ) - warning
19:24:33.0015 6088 NdisWan - detected UnsignedFile.Multi.Generic (1)
19:24:33.0109 6088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:24:33.0109 6088 NDProxy ( UnsignedFile.Multi.Generic ) - warning
19:24:33.0109 6088 NDProxy - detected UnsignedFile.Multi.Generic (1)
19:24:33.0234 6088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:24:33.0265 6088 NetBIOS ( UnsignedFile.Multi.Generic ) - warning
19:24:33.0265 6088 NetBIOS - detected UnsignedFile.Multi.Generic (1)
19:24:33.0375 6088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:24:33.0406 6088 NetBT ( UnsignedFile.Multi.Generic ) - warning
19:24:33.0406 6088 NetBT - detected UnsignedFile.Multi.Generic (1)
19:24:33.0609 6088 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
19:24:33.0625 6088 NPF - ok
19:24:33.0703 6088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:24:33.0734 6088 Npfs ( UnsignedFile.Multi.Generic ) - warning
19:24:33.0734 6088 Npfs - detected UnsignedFile.Multi.Generic (1)
19:24:33.0812 6088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:24:33.0875 6088 Ntfs ( UnsignedFile.Multi.Generic ) - warning
19:24:33.0875 6088 Ntfs - detected UnsignedFile.Multi.Generic (1)
19:24:33.0968 6088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:24:34.0000 6088 Null ( UnsignedFile.Multi.Generic ) - warning
19:24:34.0000 6088 Null - detected UnsignedFile.Multi.Generic (1)
19:24:34.0343 6088 nv (5796a04ccc99542fdfb43f2accd803df) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:24:34.0718 6088 nv ( UnsignedFile.Multi.Generic ) - warning
19:24:34.0718 6088 nv - detected UnsignedFile.Multi.Generic (1)
19:24:34.0828 6088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:24:34.0875 6088 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
19:24:34.0875 6088 NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
19:24:34.0984 6088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:24:35.0000 6088 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
19:24:35.0000 6088 NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
19:24:35.0078 6088 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
19:24:35.0109 6088 OMCI ( UnsignedFile.Multi.Generic ) - warning
19:24:35.0109 6088 OMCI - detected UnsignedFile.Multi.Generic (1)
19:24:35.0203 6088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:24:35.0234 6088 Parport ( UnsignedFile.Multi.Generic ) - warning
19:24:35.0234 6088 Parport - detected UnsignedFile.Multi.Generic (1)
19:24:35.0281 6088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:24:35.0312 6088 PartMgr ( UnsignedFile.Multi.Generic ) - warning
19:24:35.0312 6088 PartMgr - detected UnsignedFile.Multi.Generic (1)
19:24:35.0484 6088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:24:35.0515 6088 ParVdm ( UnsignedFile.Multi.Generic ) - warning
19:24:35.0515 6088 ParVdm - detected UnsignedFile.Multi.Generic (1)
19:24:35.0562 6088 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\Drivers\pci.sys
19:24:35.0593 6088 PCI ( UnsignedFile.Multi.Generic ) - warning
19:24:35.0593 6088 PCI - detected UnsignedFile.Multi.Generic (1)
19:24:35.0656 6088 PCIDump - ok
19:24:35.0734 6088 pciide (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\Drivers\pciide.sys
19:24:35.0750 6088 pciide ( UnsignedFile.Multi.Generic ) - warning
19:24:35.0750 6088 pciide - detected UnsignedFile.Multi.Generic (1)
19:24:35.0859 6088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\Drivers\pcmcia.sys
19:24:35.0921 6088 Pcmcia ( UnsignedFile.Multi.Generic ) - warning
19:24:35.0921 6088 Pcmcia - detected UnsignedFile.Multi.Generic (1)
19:24:35.0984 6088 PDCOMP - ok
19:24:36.0031 6088 PDFRAME - ok
19:24:36.0078 6088 PDRELI - ok
19:24:36.0234 6088 PDRFRAME - ok
19:24:36.0281 6088 perc2 - ok
19:24:36.0328 6088 perc2hib - ok
19:24:36.0375 6088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:24:36.0406 6088 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
19:24:36.0406 6088 PptpMiniport - detected UnsignedFile.Multi.Generic (1)
19:24:36.0531 6088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:24:36.0562 6088 Ptilink ( UnsignedFile.Multi.Generic ) - warning
19:24:36.0562 6088 Ptilink - detected UnsignedFile.Multi.Generic (1)
19:24:36.0640 6088 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:24:36.0671 6088 PxHelp20 - ok
19:24:36.0781 6088 ql1080 - ok
19:24:36.0875 6088 Ql10wnt - ok
19:24:36.0906 6088 ql12160 - ok
19:24:36.0953 6088 ql1240 - ok
19:24:37.0000 6088 ql1280 - ok
19:24:37.0093 6088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:24:37.0140 6088 RasAcd ( UnsignedFile.Multi.Generic ) - warning
19:24:37.0140 6088 RasAcd - detected UnsignedFile.Multi.Generic (1)
19:24:37.0250 6088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:24:37.0296 6088 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
19:24:37.0296 6088 Rasl2tp - detected UnsignedFile.Multi.Generic (1)
19:24:37.0390 6088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:24:37.0437 6088 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
19:24:37.0437 6088 RasPppoe - detected UnsignedFile.Multi.Generic (1)
19:24:37.0484 6088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:24:37.0531 6088 Raspti ( UnsignedFile.Multi.Generic ) - warning
19:24:37.0531 6088 Raspti - detected UnsignedFile.Multi.Generic (1)
19:24:37.0625 6088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:24:37.0765 6088 Rdbss ( UnsignedFile.Multi.Generic ) - warning
19:24:37.0765 6088 Rdbss - detected UnsignedFile.Multi.Generic (1)
19:24:37.0828 6088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:24:37.0843 6088 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
19:24:37.0843 6088 RDPCDD - detected UnsignedFile.Multi.Generic (1)
19:24:37.0906 6088 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:24:37.0937 6088 rdpdr ( UnsignedFile.Multi.Generic ) - warning
19:24:37.0937 6088 rdpdr - detected UnsignedFile.Multi.Generic (1)
19:24:38.0031 6088 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:24:38.0031 6088 RDPWD ( UnsignedFile.Multi.Generic ) - warning
19:24:38.0031 6088 RDPWD - detected UnsignedFile.Multi.Generic (1)
19:24:38.0171 6088 redbook (4726c5e7248a897815726a5df985400c) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:24:38.0203 6088 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 4726c5e7248a897815726a5df985400c, Fake md5: f828dd7e1419b6653894a8f97a0094c5
19:24:38.0203 6088 redbook ( Virus.Win32.ZAccess.k ) - infected
19:24:38.0203 6088 redbook - detected Virus.Win32.ZAccess.k (0)
19:24:38.0312 6088 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:24:38.0343 6088 RFCOMM ( UnsignedFile.Multi.Generic ) - warning
19:24:38.0343 6088 RFCOMM - detected UnsignedFile.Multi.Generic (1)
19:24:38.0484 6088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:24:38.0531 6088 Secdrv ( UnsignedFile.Multi.Generic ) - warning
19:24:38.0531 6088 Secdrv - detected UnsignedFile.Multi.Generic (1)
19:24:38.0593 6088 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:24:38.0625 6088 serenum ( UnsignedFile.Multi.Generic ) - warning
19:24:38.0625 6088 serenum - detected UnsignedFile.Multi.Generic (1)
19:24:38.0687 6088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:24:38.0765 6088 Serial ( UnsignedFile.Multi.Generic ) - warning
19:24:38.0765 6088 Serial - detected UnsignedFile.Multi.Generic (1)
19:24:38.0921 6088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:24:38.0953 6088 Sfloppy ( UnsignedFile.Multi.Generic ) - warning
19:24:38.0953 6088 Sfloppy - detected UnsignedFile.Multi.Generic (1)
19:24:39.0046 6088 Simbad - ok
19:24:39.0125 6088 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:24:39.0156 6088 SLIP ( UnsignedFile.Multi.Generic ) - warning
19:24:39.0156 6088 SLIP - detected UnsignedFile.Multi.Generic (1)
19:24:39.0234 6088 Sparrow - ok
19:24:39.0328 6088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:24:39.0375 6088 splitter ( UnsignedFile.Multi.Generic ) - warning
19:24:39.0375 6088 splitter - detected UnsignedFile.Multi.Generic (1)
19:24:39.0437 6088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:24:39.0484 6088 sr ( UnsignedFile.Multi.Generic ) - warning
19:24:39.0484 6088 sr - detected UnsignedFile.Multi.Generic (1)
19:24:39.0656 6088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:24:39.0671 6088 Srv ( UnsignedFile.Multi.Generic ) - warning
19:24:39.0671 6088 Srv - detected UnsignedFile.Multi.Generic (1)
19:24:39.0890 6088 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
19:24:39.0921 6088 STHDA ( UnsignedFile.Multi.Generic ) - warning
19:24:39.0921 6088 STHDA - detected UnsignedFile.Multi.Generic (1)
19:24:40.0093 6088 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:24:40.0140 6088 streamip ( UnsignedFile.Multi.Generic ) - warning
19:24:40.0140 6088 streamip - detected UnsignedFile.Multi.Generic (1)
19:24:40.0203 6088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:24:40.0250 6088 swenum ( UnsignedFile.Multi.Generic ) - warning
19:24:40.0250 6088 swenum - detected UnsignedFile.Multi.Generic (1)
19:24:40.0375 6088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:24:40.0468 6088 swmidi ( UnsignedFile.Multi.Generic ) - warning
19:24:40.0468 6088 swmidi - detected UnsignedFile.Multi.Generic (1)
19:24:40.0546 6088 symc810 - ok
19:24:40.0671 6088 symc8xx - ok
19:24:40.0734 6088 sym_hi - ok
19:24:40.0781 6088 sym_u3 - ok
19:24:40.0828 6088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:24:40.0843 6088 sysaudio ( UnsignedFile.Multi.Generic ) - warning
19:24:40.0843 6088 sysaudio - detected UnsignedFile.Multi.Generic (1)
19:24:40.0921 6088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:24:40.0937 6088 Tcpip ( UnsignedFile.Multi.Generic ) - warning
19:24:40.0937 6088 Tcpip - detected UnsignedFile.Multi.Generic (1)
19:24:41.0046 6088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:24:41.0078 6088 TDPIPE ( UnsignedFile.Multi.Generic ) - warning
19:24:41.0078 6088 TDPIPE - detected UnsignedFile.Multi.Generic (1)
19:24:41.0203 6088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:24:41.0250 6088 TDTCP ( UnsignedFile.Multi.Generic ) - warning
19:24:41.0250 6088 TDTCP - detected UnsignedFile.Multi.Generic (1)
19:24:41.0390 6088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:24:41.0515 6088 TermDD ( UnsignedFile.Multi.Generic ) - warning
19:24:41.0515 6088 TermDD - detected UnsignedFile.Multi.Generic (1)
19:24:41.0593 6088 TosIde - ok
19:24:41.0750 6088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:24:41.0781 6088 Udfs ( UnsignedFile.Multi.Generic ) - warning
19:24:41.0781 6088 Udfs - detected UnsignedFile.Multi.Generic (1)
19:24:41.0828 6088 UIUSys - ok
19:24:41.0875 6088 ultra - ok
19:24:42.0046 6088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:24:42.0109 6088 Update ( UnsignedFile.Multi.Generic ) - warning
19:24:42.0109 6088 Update - detected UnsignedFile.Multi.Generic (1)
19:24:42.0250 6088 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:24:42.0281 6088 usbaudio ( UnsignedFile.Multi.Generic ) - warning
19:24:42.0281 6088 usbaudio - detected UnsignedFile.Multi.Generic (1)
19:24:42.0375 6088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:24:42.0406 6088 usbccgp ( UnsignedFile.Multi.Generic ) - warning
19:24:42.0406 6088 usbccgp - detected UnsignedFile.Multi.Generic (1)
19:24:42.0562 6088 USBCCID (ca16635aac61993a27ebeeb3f683fa8e) C:\WINDOWS\system32\DRIVERS\usbccid.sys
19:24:42.0625 6088 USBCCID ( UnsignedFile.Multi.Generic ) - warning
19:24:42.0625 6088 USBCCID - detected UnsignedFile.Multi.Generic (1)
19:24:42.0703 6088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\Drivers\usbehci.sys
19:24:42.0750 6088 usbehci ( UnsignedFile.Multi.Generic ) - warning
19:24:42.0750 6088 usbehci - detected UnsignedFile.Multi.Generic (1)
19:24:42.0906 6088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:24:42.0953 6088 usbhub ( UnsignedFile.Multi.Generic ) - warning
19:24:42.0953 6088 usbhub - detected UnsignedFile.Multi.Generic (1)
19:24:43.0015 6088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:24:43.0046 6088 USBSTOR ( UnsignedFile.Multi.Generic ) - warning
19:24:43.0046 6088 USBSTOR - detected UnsignedFile.Multi.Generic (1)
19:24:43.0093 6088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\Drivers\usbuhci.sys
19:24:43.0125 6088 usbuhci ( UnsignedFile.Multi.Generic ) - warning
19:24:43.0125 6088 usbuhci - detected UnsignedFile.Multi.Generic (1)
19:24:43.0281 6088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:24:43.0312 6088 VgaSave ( UnsignedFile.Multi.Generic ) - warning
19:24:43.0312 6088 VgaSave - detected UnsignedFile.Multi.Generic (1)
19:24:43.0343 6088 ViaIde - ok
19:24:43.0500 6088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:24:43.0531 6088 VolSnap ( UnsignedFile.Multi.Generic ) - warning
19:24:43.0531 6088 VolSnap - detected UnsignedFile.Multi.Generic (1)
19:24:43.0609 6088 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
19:24:43.0765 6088 vsdatant - ok
19:24:43.0953 6088 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
19:24:44.0078 6088 w39n51 ( UnsignedFile.Multi.Generic ) - warning
19:24:44.0078 6088 w39n51 - detected UnsignedFile.Multi.Generic (1)
19:24:44.0171 6088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:24:44.0187 6088 Wanarp ( UnsignedFile.Multi.Generic ) - warning
19:24:44.0187 6088 Wanarp - detected UnsignedFile.Multi.Generic (1)
19:24:44.0234 6088 WDICA - ok
19:24:44.0281 6088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:24:44.0312 6088 wdmaud ( UnsignedFile.Multi.Generic ) - warning
19:24:44.0312 6088 wdmaud - detected UnsignedFile.Multi.Generic (1)
19:24:44.0406 6088 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
19:24:44.0453 6088 winachsf ( UnsignedFile.Multi.Generic ) - warning
19:24:44.0453 6088 winachsf - detected UnsignedFile.Multi.Generic (1)
19:24:44.0562 6088 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:24:44.0593 6088 WSTCODEC ( UnsignedFile.Multi.Generic ) - warning
19:24:44.0593 6088 WSTCODEC - detected UnsignedFile.Multi.Generic (1)
19:24:44.0703 6088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:24:44.0750 6088 WudfPf ( UnsignedFile.Multi.Generic ) - warning
19:24:44.0750 6088 WudfPf - detected UnsignedFile.Multi.Generic (1)
19:24:44.0875 6088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:24:44.0890 6088 WudfRd ( UnsignedFile.Multi.Generic ) - warning
19:24:44.0890 6088 WudfRd - detected UnsignedFile.Multi.Generic (1)
19:24:44.0921 6088 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:24:45.0312 6088 \Device\Harddisk0\DR0 - ok
19:24:45.0328 6088 Boot (0x1200) (c16067bc9713831a518bb9f67d368edb) \Device\Harddisk0\DR0\Partition0
19:24:45.0328 6088 \Device\Harddisk0\DR0\Partition0 - ok
19:24:45.0328 6088 ============================================================
19:24:45.0328 6088 Scan finished
19:24:45.0328 6088 ============================================================
19:24:45.0437 5416 Detected object count: 161
19:24:45.0437 5416 Actual detected object count: 161
19:25:38.0906 5416 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0906 5416 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0906 5416 ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0906 5416 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0921 5416 aec ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0921 5416 aec ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0921 5416 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0921 5416 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0921 5416 ApfiltrService ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0921 5416 ApfiltrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0921 5416 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0921 5416 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0921 5416 AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0921 5416 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0921 5416 atapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0921 5416 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0921 5416 Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0921 5416 Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0921 5416 audstub ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0921 5416 audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0921 5416 b57w2k ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0921 5416 b57w2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0921 5416 BCM43XX ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0921 5416 BCM43XX ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0921 5416 Beep ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0921 5416 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0921 5416 BthEnum ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0921 5416 BthEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0937 5416 BTHMODEM ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0937 5416 BTHMODEM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0937 5416 BthPan ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0937 5416 BthPan ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0937 5416 BTHPORT ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0937 5416 BTHPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0937 5416 BTHUSB ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0937 5416 BTHUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0937 5416 cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0937 5416 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0937 5416 CCDECODE ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0937 5416 CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0937 5416 Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0937 5416 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0937 5416 Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0937 5416 Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0937 5416 CdRom ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0937 5416 CdRom ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0937 5416 CmBatt ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0937 5416 CmBatt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0953 5416 Compbatt ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0953 5416 Compbatt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0953 5416 CVirtA ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0953 5416 CVirtA ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0953 5416 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0953 5416 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0953 5416 Disk ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0953 5416 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0953 5416 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0953 5416 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0953 5416 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0953 5416 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0953 5416 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0953 5416 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0953 5416 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0953 5416 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0953 5416 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0953 5416 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0968 5416 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0968 5416 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0968 5416 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0968 5416 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0968 5416 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0968 5416 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0968 5416 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0968 5416 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0968 5416 dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0968 5416 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0968 5416 dmio ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0968 5416 dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0984 5416 dmload ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0984 5416 dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0984 5416 DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0984 5416 DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0984 5416 DNE ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0984 5416 DNE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:38.0984 5416 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:38.0984 5416 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0000 5416 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0000 5416 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0000 5416 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0000 5416 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0000 5416 Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0000 5416 Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0000 5416 Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0000 5416 Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0000 5416 Fips ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0000 5416 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0015 5416 Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0015 5416 Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0015 5416 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0015 5416 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0015 5416 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0015 5416 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0015 5416 Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0015 5416 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0031 5416 Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0031 5416 Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0031 5416 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0031 5416 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0031 5416 HidUsb ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0031 5416 HidUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0031 5416 HSF_DPV ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0031 5416 HSF_DPV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0031 5416 HSXHWAZL ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0031 5416 HSXHWAZL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0046 5416 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0046 5416 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0046 5416 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0046 5416 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0046 5416 IAB_KW ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0046 5416 IAB_KW ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0046 5416 ialm ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0046 5416 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0046 5416 Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0046 5416 Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0062 5416 intelppm ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0062 5416 intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0062 5416 IOAKD_KW ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0062 5416 IOAKD_KW ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0062 5416 IONAK_KW ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0062 5416 IONAK_KW ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0062 5416 Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0062 5416 Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0078 5416 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0078 5416 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0078 5416 IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0078 5416 IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0078 5416 IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0078 5416 IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0078 5416 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0078 5416 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0078 5416 IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0078 5416 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0093 5416 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0093 5416 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0093 5416 Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0093 5416 Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0093 5416 kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0093 5416 kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0093 5416 kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0093 5416 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0093 5416 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0093 5416 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0109 5416 LXETORKW ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0109 5416 LXETORKW ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0109 5416 mdmxsdk ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0109 5416 mdmxsdk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0109 5416 mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0109 5416 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0109 5416 Modem ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0109 5416 Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0125 5416 Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0125 5416 Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0125 5416 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0125 5416 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0125 5416 MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0125 5416 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0125 5416 MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0125 5416 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0140 5416 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0140 5416 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0140 5416 Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0140 5416 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0140 5416 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0140 5416 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0140 5416 MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0140 5416 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0140 5416 MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0140 5416 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0140 5416 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0140 5416 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0156 5416 MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0156 5416 MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0156 5416 Mup ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0156 5416 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0156 5416 NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0156 5416 NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0156 5416 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0156 5416 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0171 5416 NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0171 5416 NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0171 5416 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0171 5416 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0171 5416 Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0171 5416 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0171 5416 NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0171 5416 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0171 5416 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0171 5416 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0171 5416 NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0171 5416 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0187 5416 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0187 5416 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0187 5416 Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0187 5416 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0187 5416 Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0187 5416 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0187 5416 Null ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0187 5416 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0187 5416 nv ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0187 5416 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0203 5416 NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0203 5416 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0203 5416 NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0203 5416 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0203 5416 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0203 5416 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0203 5416 Parport ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0203 5416 Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0218 5416 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0218 5416 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0218 5416 ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0218 5416 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0218 5416 PCI ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0218 5416 PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0218 5416 pciide ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0218 5416 pciide ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0218 5416 Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0218 5416 Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0234 5416 PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0234 5416 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0234 5416 Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0234 5416 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0234 5416 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0234 5416 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0234 5416 Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0234 5416 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0234 5416 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0234 5416 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0250 5416 Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0250 5416 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0250 5416 Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0250 5416 Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0250 5416 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0250 5416 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0250 5416 rdpdr ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0250 5416 rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0265 5416 RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:39.0265 5416 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:39.0484 5416 C:\WINDOWS\system32\DRIVERS\redbook.sys - copied to quarantine
19:25:41.0640 5416 Backup copy not found, trying to cure infected file..
19:25:41.0875 5416 Cure success, using it..
19:25:41.0875 5416 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot
19:25:45.0093 5416 redbook ( Virus.Win32.ZAccess.k ) - User select action: Cure
19:25:45.0093 5416 RFCOMM ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0093 5416 RFCOMM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0093 5416 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0093 5416 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0093 5416 serenum ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0093 5416 serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0093 5416 Serial ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0093 5416 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0093 5416 Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0093 5416 Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0109 5416 SLIP ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0109 5416 SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0109 5416 splitter ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0109 5416 splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0109 5416 sr ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0109 5416 sr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0109 5416 Srv ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0109 5416 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0109 5416 STHDA ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0109 5416 STHDA ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0125 5416 streamip ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0125 5416 streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0125 5416 swenum ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0125 5416 swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0125 5416 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0125 5416 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0125 5416 sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0125 5416 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0125 5416 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0125 5416 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0140 5416 TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0140 5416 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0140 5416 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0140 5416 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0140 5416 TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0140 5416 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0140 5416 Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0140 5416 Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0140 5416 Update ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0140 5416 Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0156 5416 usbaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0156 5416 usbaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0156 5416 usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0156 5416 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0156 5416 USBCCID ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0156 5416 USBCCID ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0156 5416 usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0156 5416 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0171 5416 usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0171 5416 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0171 5416 USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0171 5416 USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0171 5416 usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0171 5416 usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0171 5416 VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0171 5416 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0171 5416 VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0171 5416 VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0171 5416 w39n51 ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0171 5416 w39n51 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0187 5416 Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0187 5416 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0187 5416 wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0187 5416 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0187 5416 winachsf ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0187 5416 winachsf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0187 5416 WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0187 5416 WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0187 5416 WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0187 5416 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:25:45.0203 5416 WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
19:25:45.0203 5416 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:26:39.0984 5444 Deinitialize success

#4 babelsgp

babelsgp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 10 February 2012 - 07:36 PM

FSS:
Farbar Service Scanner Version: 10-02-2012
Ran by Administrator (administrator) on 10-02-2012 at 19:36:17
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(8) epfwtdir(9) Gpc(7) IPSec(5) NetBT(6) RFCOMM(3) Tcpip(4)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

#5 babelsgp

babelsgp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 10 February 2012 - 07:49 PM

4. OTL logfile created on: 2/10/2012 7:39:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.14% Memory free
3.85 Gb Paging File | 3.53 Gb Available in Paging File | 91.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.11 Gb Total Space | 50.10 Gb Free Space | 53.80% Space Free | Partition Type: NTFS

Computer Name: 0015C54172AB2K6 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/10 19:38:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/04 16:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/26 09:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005/08/12 16:37:50 | 001,504,256 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/09 03:44:57 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\komitaw.dll
MOD - [2012/02/07 18:57:00 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\NetworkService\Application Data\Adobe\sp.DLL
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2005/12/19 08:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (scsiaccess)
SRV - [2012/02/07 18:57:00 | 000,096,768 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\NetworkService\Application Data\Adobe\sp.DLL -- (SPService)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/11/04 16:18:10 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/11/04 16:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/04/13 19:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\oracle_load_balancer_60_client-forms6ip9.dll -- (wanminiportservice)
SRV - [2006/06/26 09:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 09:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/02/23 10:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2005/08/12 16:37:50 | 001,504,256 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2012/02/04 16:02:18 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/08/04 09:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/08/03 11:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/07/29 11:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/02/22 14:16:50 | 000,082,494 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\ionoptix\current\ionak_kw.sys -- (IONAK_KW)
DRV - [2010/02/22 14:15:00 | 000,266,302 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\ionoptix\current\ioakd_kw.sys -- (IOAKD_KW)
DRV - [2010/02/22 14:14:52 | 000,008,250 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\ionoptix\current\iab_kw.sys -- (IAB_KW)
DRV - [2010/02/22 10:24:20 | 000,245,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\ionoptix\current\lxetorkw.sys -- (LXETORKW)
DRV - [2006/06/26 09:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 09:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 09:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 14:29:48 | 000,961,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Pro(UVC)
DRV - [2006/06/22 14:29:48 | 000,038,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/22 14:29:48 | 000,020,272 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2006/06/22 14:29:42 | 001,413,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/03/20 18:10:22 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/12/05 02:55:29 | 001,428,096 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/16 14:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/10 09:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/11/02 12:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/28 19:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 16:35:56 | 000,305,739 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/01/26 04:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/10/27 12:32:02 | 000,146,888 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3610452931-2221402333-468267728-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3610452931-2221402333-468267728-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3610452931-2221402333-468267728-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3610452931-2221402333-468267728-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3610452931-2221402333-468267728-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3610452931-2221402333-468267728-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3610452931-2221402333-468267728-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Administrator\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2011/03/30 08:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/02/08 23:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rqcgypza.default\extensions
[2012/02/09 00:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/02 18:15:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RQCGYPZA.DEFAULT\EXTENSIONS\{473F9A20-CE5A-11DA-A94D-0800200C9A66}.XPI
[2011/07/02 18:15:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/08/18 09:19:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/02 18:15:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3610452931-2221402333-468267728-500\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3610452931-2221402333-468267728-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-3610452931-2221402333-468267728-500\..Trusted Domains: fahc.org ([cag] https in Trusted sites)
O15 - HKU\S-1-5-21-3610452931-2221402333-468267728-500\..Trusted Domains: fahc.org ([gateway] https in Trusted sites)
O15 - HKU\S-1-5-21-3610452931-2221402333-468267728-500\..Trusted Domains: fahc.org ([rsagateway] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148415051843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148415112937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 38.118.52.2 38.102.18.2 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9E86AA6-C7F3-48BD-942D-BDBC71D18A50}: DhcpNameServer = 38.118.52.2 38.102.18.2 4.2.2.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\komitaw: DllName - (C:\Documents and Settings\NetworkService\Local Settings\Application Data\komitaw.dll) - C:\Documents and Settings\NetworkService\Local Settings\Application Data\komitaw.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/23 14:22:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{38c60d82-4bf7-11dc-83b9-0016418a81c5}\Shell - "" = AutoRun
O33 - MountPoints2\{38c60d82-4bf7-11dc-83b9-0016418a81c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{38c60d82-4bf7-11dc-83b9-0016418a81c5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{4d8bbc32-88a9-11e0-8754-0015c54172ab}\Shell - "" = AutoRun
O33 - MountPoints2\{4d8bbc32-88a9-11e0-8754-0015c54172ab}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d8bbc32-88a9-11e0-8754-0015c54172ab}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
O33 - MountPoints2\{e7aa042c-fe53-11dc-846e-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{e7aa042c-fe53-11dc-846e-000000000000}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e7aa042c-fe53-11dc-846e-000000000000}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 19:38:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/10 19:25:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/10 19:23:00 | 002,059,824 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/02/09 01:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer
[2012/02/09 01:33:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/09 00:38:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 00:38:39 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/02/09 00:36:08 | 004,399,064 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/02/07 20:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/02/04 16:02:18 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/02/04 16:02:18 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/02/04 16:02:18 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/02/03 01:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2012/02/02 21:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/02/01 20:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/02/01 20:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/24 18:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/01/24 18:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/24 18:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/10 19:38:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/10 19:35:31 | 000,336,319 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FSS.exe
[2012/02/10 19:32:11 | 000,438,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/10 19:32:11 | 000,070,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/10 19:30:33 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{25F434A3-AA07-4D30-9FD6-42C294F60DBC}.job
[2012/02/10 19:28:07 | 000,143,339 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/02/10 19:28:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/10 19:27:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2012/02/10 19:27:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/10 19:25:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/10 19:23:11 | 002,059,824 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/02/10 17:59:53 | 000,143,339 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/02/10 02:39:21 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/09 15:54:49 | 000,250,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dental Medical History_Dec2011.pdf
[2012/02/09 15:54:36 | 000,837,790 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Med RegHis_12.30.11.pdf
[2012/02/09 01:40:26 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2012/02/09 01:34:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/09 01:33:10 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2012/02/09 00:53:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/02/09 00:36:08 | 004,399,064 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/02/04 16:02:18 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/02/04 16:02:18 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/02/04 16:02:18 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/01/22 23:25:09 | 000,140,737 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\labcorp.xps
[2012/01/22 22:59:13 | 000,127,007 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bib ER visit.xps
[2012/01/20 14:41:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/10 19:35:26 | 000,336,319 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FSS.exe
[2012/02/09 15:54:49 | 000,250,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dental Medical History_Dec2011.pdf
[2012/02/09 15:54:36 | 000,837,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Med RegHis_12.30.11.pdf
[2012/02/09 03:44:57 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\komitaw.dll
[2012/02/09 01:40:24 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2012/02/09 01:33:05 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2012/02/06 02:05:31 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/01/24 18:30:16 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/01/22 23:25:08 | 000,140,737 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\labcorp.xps
[2012/01/22 22:59:10 | 000,127,007 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bib ER visit.xps
[2011/07/08 23:49:06 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/08 23:49:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/04/14 12:08:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/04/14 12:08:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/04/14 11:08:31 | 000,000,037 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\obmlf5
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/07/21 20:33:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/03/02 03:53:43 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/05 14:48:44 | 000,000,145 | ---- | C] () -- C:\WINDOWS\SCNIMAGE.INI
[2006/11/03 16:56:19 | 000,002,154 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SAS7_000.DAT
[2006/11/03 16:03:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2006/09/30 14:21:40 | 000,022,334 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/09/30 13:35:15 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2006/06/26 09:33:40 | 000,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/06/06 08:16:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/01 08:00:29 | 000,143,339 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2006/06/01 07:59:45 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 07:59:45 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 07:59:43 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 07:59:41 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 07:59:40 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/06/01 07:59:35 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/06/01 07:59:35 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/01 07:59:34 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/06/01 07:59:31 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/05/30 13:04:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/25 15:08:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/25 15:08:01 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/05/25 13:30:44 | 000,181,176 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/05/25 13:30:43 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/05/25 13:29:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/05/25 13:17:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/25 12:06:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\dm.ini
[2006/05/23 15:01:56 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/05/23 14:52:49 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/05/23 14:52:49 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/05/23 14:52:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/05/23 14:39:28 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/23 14:24:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/23 14:19:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/23 10:07:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/05/23 10:06:51 | 000,246,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/18 13:47:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/02 17:31:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/05/02 17:30:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/05/02 17:30:57 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/05/02 17:30:44 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/05/02 17:30:39 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/05/02 17:30:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/05/02 17:29:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/05/02 17:29:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/05/02 17:27:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/05/02 17:26:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/05/02 17:24:30 | 000,438,796 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/05/02 17:24:30 | 000,070,560 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/21 11:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >
4. part 2
OTL Extras logfile created on: 2/10/2012 7:39:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.14% Memory free
3.85 Gb Paging File | 3.53 Gb Available in Paging File | 91.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.11 Gb Total Space | 50.10 Gb Free Space | 53.80% Space Free | Partition Type: NTFS

Computer Name: 0015C54172AB2K6 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2967:UDP" = 2967:UDP:LocalSubNet,127.0.0.1/255.255.255.255,132.198.0.0/255.255.0.0:Enabled:Symantec RTVScan
"38293:UDP" = 38293:UDP:LocalSubNet,127.0.0.1/255.255.255.255,132.198.0.0/255.255.0.0:Enabled:Intel PDS (Symantec AV)
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2967:UDP" = 2967:UDP:LocalSubNet,127.0.0.1/255.255.255.255,132.198.0.0/255.255.0.0:Enabled:Symantec RTVScan
"38293:UDP" = 38293:UDP:LocalSubNet,127.0.0.1/255.255.255.255,132.198.0.0/255.255.0.0:Enabled:Intel PDS (Symantec AV)
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BlogMatrix Sparks!\Sparks.exe" = C:\Program Files\BlogMatrix Sparks!\Sparks.exe:*:Enabled:Sparks -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\IBM\SPSS\Statistics\19\stats.com" = C:\Program Files\IBM\SPSS\Statistics\19\stats.com:*:Disabled:Statistics19:com -- (SPSS Inc.)
"C:\Program Files\IBM\SPSS\Statistics\19\stats.exe" = C:\Program Files\IBM\SPSS\Statistics\19\stats.exe:*:Disabled:Statistics19:exe -- (SPSS Inc.)
"C:\Program Files\IBM\SPSS\Statistics\19\WinWrapIDE.exe" = C:\Program Files\IBM\SPSS\Statistics\19\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Program Files\Wolfram Research\Mathematica\8.0\Mathematica.exe" = C:\Program Files\Wolfram Research\Mathematica\8.0\Mathematica.exe:*:Enabled:Wolfram Mathematica 8 -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\8.0\MathKernel.exe" = C:\Program Files\Wolfram Research\Mathematica\8.0\MathKernel.exe:*:Enabled:Wolfram Mathematica 8 Kernel -- (Wolfram Research, Inc.)
"C:\Program Files\Wolfram Research\Mathematica\8.0\math.exe" = C:\Program Files\Wolfram Research\Mathematica\8.0\math.exe:*:Enabled:math.exe -- (Wolfram Research, Inc.)
"C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\javaw.exe" = C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (IBM)
"C:\Program Files\Applied Biosystems\SDS 2.1\SDS2.1.exe" = C:\Program Files\Applied Biosystems\SDS 2.1\SDS2.1.exe:*:Enabled:SDS2.1 -- (Applied Biosystems)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\TEMP\dsagsw\setup.exe" = C:\WINDOWS\TEMP\dsagsw\setup.exe:*:Enabled:setup -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0F0122E0-5665-4B91-9C71-85F98E20DCF2}" = Scion Image 4.0.3.2
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA016C7-9AC2-4BA7-AD31-3EBA29BC21B1}" = Oracle Calendar
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{640BE6CD-9B4E-4FA4-98BC-E6975A30DC4F}" = ESET NOD32 Antivirus
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{94CD45D0-58D3-11D5-B35E-00E02934C09B}" = MapSend Topo US
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"A-WIN-Extras 8.0.1 2063897_is1" = Mathematica Extras 8.0 (2063897)
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"M-WIN-L 8.0.1 2063990_is1" = Wolfram Mathematica 8 (M-WIN-L 8.0.1 2063990)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"QcDrv" = Logitech® Camera Driver
"RealPlayer 12.0" = RealPlayer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SDS 2.1.1" = SDS 2.1.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3610452931-2221402333-468267728-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DataAssist v2.0" = DataAssist v2.0
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2012 6:59:43 PM | Computer Name = 0015C54172AB2K6 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/10/2012 6:59:43 PM | Computer Name = 0015C54172AB2K6 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/10/2012 6:59:43 PM | Computer Name = 0015C54172AB2K6 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/10/2012 8:23:25 PM | Computer Name = 0015C54172AB2K6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 2/10/2012 8:23:32 PM | Computer Name = 0015C54172AB2K6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/10/2012 8:27:49 PM | Computer Name = 0015C54172AB2K6 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/10/2012 8:27:49 PM | Computer Name = 0015C54172AB2K6 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/10/2012 8:27:49 PM | Computer Name = 0015C54172AB2K6 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/10/2012 8:27:49 PM | Computer Name = 0015C54172AB2K6 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/10/2012 8:39:31 PM | Computer Name = 0015C54172AB2K6 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/10/2012 3:39:50 AM | Computer Name = 0015C54172AB2K6 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/10/2012 3:39:50 AM | Computer Name = 0015C54172AB2K6 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/10/2012 3:39:50 AM | Computer Name = 0015C54172AB2K6 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/10/2012 3:40:03 AM | Computer Name = 0015C54172AB2K6 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/10/2012 3:42:21 AM | Computer Name = 0015C54172AB2K6 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/10/2012 4:27:52 PM | Computer Name = 0015C54172AB2K6 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/10/2012 4:27:52 PM | Computer Name = 0015C54172AB2K6 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/10/2012 4:27:54 PM | Computer Name = 0015C54172AB2K6 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/10/2012 4:27:55 PM | Computer Name = 0015C54172AB2K6 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/10/2012 4:31:08 PM | Computer Name = 0015C54172AB2K6 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

5. e-mails are still annoying, ie moves cursor. I only use the machine for the internet, not anything personal nor any data etc. So I am not sure how it runs with real programs, ie excel, mathmatica, etc. Seems slow and slow to respond.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:47 AM

Posted 11 February 2012 - 03:13 AM

Hi!

Thanks for providing me with all of those logs, I know it was a lot of scans to run, but it provided me with a better picture of what's going on with your system.

I'm going to ask that you download and run another tool and post the log file that it produces for me.

Be sure to let me know how things are running in your next reply.


Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 babelsgp

babelsgp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 11 February 2012 - 02:00 PM

I ran combofix, it is now in a restart loop, in other words windows is unable to load but keeps attempting to do so. Safe-mode does not run either, I can, however, go into the windows recovery console.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:47 AM

Posted 12 February 2012 - 03:03 AM

Hi!

Sorry to hear that you experienced issues with running ComboFix.

Please try booting up into Last Known Good Configuration.

Last Known Good Configuration

Start the computer by using the last known good configuration. To start the computer by using the last known good configuration, follow these steps:

  • Restart your computer.
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll to Last Known Good Configuration
  • Then press the Enter Key on your Keyboard
  • Go into your usual account

Lets see if that allows you to boot back up into Normal Mode.

If not, we'll try something else.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 babelsgp

babelsgp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 13 February 2012 - 11:07 PM

Still isn't booting

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:47 AM

Posted 14 February 2012 - 09:47 AM

Hi!

Sorry to hear that you weren't able to boot up using Last Known Good Configuration.

Do you happen to have access to a USB flash drive that we could utilize?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 babelsgp

babelsgp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 14 February 2012 - 11:14 AM

Yes I do

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:47 AM

Posted 14 February 2012 - 12:07 PM

We need to do some work in the Recovery Console. This should have been installed by ComboFix when you first ran it. I'll also include instructions for using your Windows XP CD to access the Recovery Console, if it's not already present.

NOTE:

If you have any questions while being in the Recovery Console please STOP and ask me for clarification before you continue.

Accessing the Recovery Console on-board:
  • Restart your computer.
  • Before Windows loads, you will be prompted to choose which Operating System to start.
  • Use the up and down arrow key to select Microsoft Windows Recovery Console
  • You must enter which Windows installation to log onto. Type 1 and press 'Enter'.

The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.

You will need to enter the administrator password. If a password was not set then leave the password field blank and press Enter.

Actual instructions to perform in the Recovery Console:

  • At the C:\Windows prompt, type the following bolded entries, and press 'Enter' (note the spaces):

set allowallpaths = true
chdir c:\
copy C:\ComboFix.txt E:\
copy C:\ComboFix.txt F:\

Note:

In the first line there is a space after chdir
In the second line there is a space after copy and one before E:\
In the third line there is a space after copy and one before F:\

What you should see:

After hitting Enter for the first line you will see that the cursor will go to a new prompt if successful (you should see that it says: c:\> if it is not successfully you will see a message similar to this: "The system cannot find the path specified."
After hitting Enter for the second line you will see that it says something to the effect of: "The system cannot find the path specified." if the file can't be moved onto your flash drive or it'll say: 1 file(s) copied. If the file is able to be copied to your flash drive successfully.

Please see if the ComboFix.txt log file is placed on the flash drive, and if so, please post it in your next reply for me to review.

SIDE NOTE:

To exit the recovery console and reboot your computer type: exit


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 babelsgp

babelsgp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 16 February 2012 - 10:51 PM

combofix.txt isn't in the c directory... cannot find file specified" do you think it saved to the desktop?

#14 babelsgp

babelsgp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 16 February 2012 - 10:56 PM

I just looked and only found combofix.exe

found it in it's directory, trying now

#15 babelsgp

babelsgp
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 16 February 2012 - 11:05 PM

as of right now I don't know which letter is used to describe the usb port, neither e nor f worked




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users