Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very slow desktop and weird activity


  • This topic is locked This topic is locked
66 replies to this topic

#1 whatisavailable

whatisavailable

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:01:47 PM

Posted 20 October 2012 - 11:05 AM

Hi
I'm trying to set up a computer that has given me trouble in the past.
It runs VERY slow and acts weird at times.
I attempted to run GMER but it errored out every time.
I hope the files that I have attached help.
Yesterday I noticed that there was an Internet proxy going somewhere. I disabled the Ethernet interface and deleted it.
Thanks for the help!
Jim

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 7.0.5730.11
Run by jim at 19:58:37 on 2012-10-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.106 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Airlink101\AWLL3028\RtWLan.exe
C:\Documents and Settings\jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - <orphaned>
BHO: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {FBF2401B-7447-4727-BE5D-C19B2075CA84} - <orphaned>
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - c:\program files\airlink101\awll3028\RtWLan.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://lp.soe.com/static/plugin/SOEWebInstaller.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1350445811140
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350424775519
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350424485424
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1845EEB8-81A8-497F-9E81-130398D9AA52} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8910937B-9CAC-434A-A8C5-A42768628D94} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxsrvc.dll
Notify: PFW - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .js: JSFile=c:\windows\system32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-27 11:43:11 389120 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 20:08:01.34 ===============

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:47 PM

Posted 21 October 2012 - 08:54 AM

Hello and welcome to BleepingComputer! :)



I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce.


As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us.

If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature).
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.



Please generate another DDS log (download it from http://download.bleepingcomputer.com/sUBs/dds.com'>here if you haven't already) and post it in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.



Thank you very much for your patience.




Regards,

Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:01:47 PM

Posted 21 October 2012 - 06:05 PM

Hi Elle
I was finally able to run gmer. I wasn't sure where I got the original gmer so I've run it again via the link you provided and upload that log file when it is done. I think Windows had an update that was installed but I haven't installed anything else after I downloaded the latest version of S&D and will make sure I don't unless you say to do so.
Thanks for the help!
Jim

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 7.0.5730.11
Run by jim at 17:41:38 on 2012-10-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.347 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - <orphaned>
BHO: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {FBF2401B-7447-4727-BE5D-C19B2075CA84} - <orphaned>
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>
uRunOnce: [SpybotDeletingF6791] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
mRunOnce: [SpybotDeletingE5073] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - c:\program files\airlink101\awll3028\RtWLan.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://lp.soe.com/static/plugin/SOEWebInstaller.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1350445811140
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350424775519
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350424485424
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1845EEB8-81A8-497F-9E81-130398D9AA52} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8910937B-9CAC-434A-A8C5-A42768628D94} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: AutorunsDisabled - <Clsid value has no data>
Handler: AutorunsDisabled - <Clsid value has no data>
Notify: igfxcui - igfxsrvc.dll
Notify: PFW - <no file>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-5-26 38144]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-16 399432]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-10-20 1074720]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-10-20 1358360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-16 22856]
R4 PORTMON;PORTMON;\??\c:\documents and settings\jim\my documents\downloads\sysinternalssuite\portmsys.sys --> c:\documents and settings\jim\my documents\downloads\sysinternalssuite\PORTMSYS.SYS [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\jim\locals~1\temp\superantispyware\sasdifsv.sys --> c:\docume~1\jim\locals~1\temp\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\jim\locals~1\temp\superantispyware\saskutil.sys --> c:\docume~1\jim\locals~1\temp\superantispyware\SASKUTIL.SYS [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-16 676936]
S3 MBWK;MBWK;c:\docume~1\jim\locals~1\temp\mbwk.exe --> c:\docume~1\jim\locals~1\temp\MBWK.exe [?]
S3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\rtl8187B.sys [2010-5-24 238208]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-16 250808]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=c:\windows\system32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2012-10-21 19:34:13 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{067ac47e-076c-411f-825b-277af7facaab}\mpengine.dll
2012-10-20 22:47:37 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-10-20 22:47:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-10-20 19:36:37 6918632 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-17 21:52:30 -------- d-----w- C:\535483824d4f758aab86e777
2012-10-17 21:50:22 -------- d-----w- c:\documents and settings\jim\local settings\application data\SCE
2012-10-17 17:53:55 3072 ------w- c:\windows\system32\iacenc.dll
2012-10-17 17:53:55 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-10-17 03:15:02 -------- d-----w- c:\documents and settings\jim\application data\Malwarebytes
2012-10-17 03:14:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-17 03:14:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-17 03:14:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-17 02:55:07 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-17 02:55:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 22:45:33 -------- d-----w- c:\program files\Sony Online Entertainment
2012-10-16 22:45:20 -------- d-----w- c:\documents and settings\jim\application data\Sony Online Entertainment
2012-10-16 22:01:47 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-10-16 21:22:38 -------- d-----w- c:\program files\Microsoft Security Client
.
==================== Find3M ====================
.
2012-10-20 19:07:18 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-27 11:43:11 389120 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 17:43:48.21 ===============

#4 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:01:47 PM

Posted 23 October 2012 - 09:52 PM

Hi
I was finally able to re-run gmer. Had to boot into safemode to get able to actually upload the file.
Thanks
Jim

#5 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:47 PM

Posted 24 October 2012 - 04:10 PM

Hi there,


Thank you very much for providing the logs. We will analyze them and come up with a reply ASAP.


Regards,


Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#6 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:47 PM

Posted 25 October 2012 - 08:04 AM

Hi there,




Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

===============================================================================================


Have you set a list of domains for work, for example?





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#7 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:01:47 PM

Posted 25 October 2012 - 02:36 PM

Hi
I have not set up any domains on this computer for work or otherwise.
Log is below and attached. There was an option to "Fix" but I did not select that. I was quite surprised to see this. I got a BSOD during the first scan which is why I ran it again.
Thanks
Jim

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-25 11:22:15
-----------------------------
11:22:15.031 OS Version: Windows 5.1.2600 Service Pack 3
11:22:15.031 Number of processors: 1 586 0x209
11:22:15.062 ComputerName: MOM UserName: jim
11:22:22.156 Initialize success
11:26:12.500 The log file has been saved successfully to "C:\Documents and Settings\jim\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-25 12:45:47
-----------------------------
12:45:47.796 OS Version: Windows 5.1.2600 Service Pack 3
12:45:47.796 Number of processors: 1 586 0x209
12:45:47.828 ComputerName: MOM UserName: jim
12:46:08.828 Initialize success
12:47:12.625 AVAST engine defs: 12102501
12:47:16.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:47:16.718 Disk 0 Vendor: ST340014A 3.16 Size: 38146MB BusType: 3
12:47:16.750 Disk 0 MBR read successfully
12:47:16.765 Disk 0 MBR scan
12:47:16.843 Disk 0 Windows XP default MBR code
12:47:16.875 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
12:47:16.890 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38107 MB offset 64260
12:47:16.921 Disk 0 scanning sectors +78108030
12:47:17.093 Disk 0 scanning C:\WINDOWS\system32\drivers
12:47:34.906 File: C:\WINDOWS\system32\drivers\ibrsqlxl.sys **INFECTED** Win32:DrvPatch
12:47:44.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jim\Desktop\MBR.dat"
12:47:45.062 The log file has been saved successfully to "C:\Documents and Settings\jim\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-25 12:45:47
-----------------------------
12:45:47.796 OS Version: Windows 5.1.2600 Service Pack 3
12:45:47.796 Number of processors: 1 586 0x209
12:45:47.828 ComputerName: MOM UserName: jim
12:46:08.828 Initialize success
12:47:12.625 AVAST engine defs: 12102501
12:47:16.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:47:16.718 Disk 0 Vendor: ST340014A 3.16 Size: 38146MB BusType: 3
12:47:16.750 Disk 0 MBR read successfully
12:47:16.765 Disk 0 MBR scan
12:47:16.843 Disk 0 Windows XP default MBR code
12:47:16.875 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
12:47:16.890 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38107 MB offset 64260
12:47:16.921 Disk 0 scanning sectors +78108030
12:47:17.093 Disk 0 scanning C:\WINDOWS\system32\drivers
12:47:34.906 File: C:\WINDOWS\system32\drivers\ibrsqlxl.sys **INFECTED** Win32:DrvPatch
12:47:44.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jim\Desktop\MBR.dat"
12:47:45.062 The log file has been saved successfully to "C:\Documents and Settings\jim\Desktop\aswMBR.txt"
12:48:00.562 Disk 0 trace - called modules:
12:48:01.671 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
12:48:01.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x837cdab8]
12:48:01.765 3 CLASSPNP.SYS[f8b26fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x837ddd98]
12:48:03.578 AVAST engine scan C:\WINDOWS
12:48:27.796 AVAST engine scan C:\WINDOWS\system32
13:03:04.625 AVAST engine scan C:\WINDOWS\system32\drivers
13:03:23.484 File: C:\WINDOWS\system32\drivers\ibrsqlxl.sys **INFECTED** Win32:DrvPatch
13:03:52.843 AVAST engine scan C:\Documents and Settings\jim
13:07:07.140 AVAST engine scan C:\Documents and Settings\All Users
13:08:52.937 Scan finished successfully
14:32:17.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jim\Desktop\MBR.dat"
14:32:17.640 The log file has been saved successfully to "C:\Documents and Settings\jim\Desktop\aswMBR.txt"

#8 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:47 PM

Posted 27 October 2012 - 09:54 AM

Hi there,


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#9 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:01:47 PM

Posted 27 October 2012 - 01:34 PM

Hi
MS Essentials was turned off by the system when this was running. There was also a "windows had an error" prompt but I let it run until it was done.

I did not have a "Cure" option. All of them defaulted to "skip" and I tried to see if cure was available but it was not so I put it back to skip and continued.

Log file is below.
Thanks!
Jim

Edit: BTW, I was not able to use the system when booted normally. I am in safe mode uploading this data.

12:54:24.0015 0564 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
12:54:26.0046 0564 ============================================================
12:54:26.0046 0564 Current date / time: 2012/10/27 12:54:26.0046
12:54:26.0046 0564 SystemInfo:
12:54:26.0046 0564
12:54:26.0046 0564 OS Version: 5.1.2600 ServicePack: 3.0
12:54:26.0046 0564 Product type: Workstation
12:54:26.0046 0564 ComputerName: MOM
12:54:26.0515 0564 UserName: jim
12:54:26.0515 0564 Windows directory: C:\WINDOWS
12:54:26.0515 0564 System windows directory: C:\WINDOWS
12:54:26.0515 0564 Processor architecture: Intel x86
12:54:26.0531 0564 Number of processors: 1
12:54:26.0531 0564 Page size: 0x1000
12:54:26.0531 0564 Boot type: Normal boot
12:54:26.0531 0564 ============================================================
12:54:48.0109 0564 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:54:49.0390 0564 ============================================================
12:54:49.0390 0564 \Device\Harddisk0\DR0:
12:54:49.0484 0564 MBR partitions:
12:54:49.0484 0564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4A6DA7A
12:54:49.0484 0564 ============================================================
12:54:50.0453 0564 C: <-> \Device\Harddisk0\DR0\Partition1
12:54:52.0468 0564 ============================================================
12:54:52.0500 0564 Initialize success
12:54:52.0500 0564 ============================================================
12:55:17.0062 2464 ============================================================
12:55:17.0062 2464 Scan started
12:55:17.0062 2464 Mode: Manual; SigCheck; TDLFS;
12:55:17.0062 2464 ============================================================
12:55:28.0533 2464 ================ Scan system memory ========================
12:55:28.0533 2464 System memory - ok
12:55:28.0549 2464 ================ Scan services =============================
12:55:29.0533 2464 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
12:55:54.0408 2464 61883 - ok
12:55:54.0502 2464 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
12:55:56.0565 2464 6to4 - ok
12:55:56.0596 2464 Abiosdsk - ok
12:55:56.0658 2464 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
12:56:04.0533 2464 abp480n5 - ok
12:56:04.0627 2464 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:56:10.0393 2464 ACPI - ok
12:56:10.0487 2464 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:56:11.0721 2464 ACPIEC - ok
12:56:12.0283 2464 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:56:12.0674 2464 AdobeFlashPlayerUpdateSvc - ok
12:56:12.0955 2464 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
12:56:14.0002 2464 adpu160m - ok
12:56:14.0096 2464 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
12:56:14.0377 2464 aeaudio - ok
12:56:14.0471 2464 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:56:15.0018 2464 aec - ok
12:56:15.0080 2464 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:56:15.0346 2464 AegisP ( UnsignedFile.Multi.Generic ) - warning
12:56:15.0346 2464 AegisP - detected UnsignedFile.Multi.Generic (1)
12:56:15.0565 2464 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:56:15.0987 2464 AFD - ok
12:56:16.0112 2464 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\System32\DRIVERS\agp440.sys
12:56:17.0065 2464 agp440 - ok
12:56:17.0127 2464 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
12:56:17.0627 2464 agpCPQ - ok
12:56:17.0737 2464 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\System32\DRIVERS\aha154x.sys
12:56:18.0174 2464 Aha154x - ok
12:56:18.0268 2464 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] Ahat_mubnkv C:\WINDOWS\System32\drivers\AMDK7.SYS
12:56:18.0690 2464 Ahat_mubnkv - ok
12:56:18.0783 2464 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
12:56:19.0237 2464 aic78u2 - ok
12:56:19.0315 2464 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
12:56:19.0799 2464 aic78xx - ok
12:56:19.0908 2464 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:56:20.0346 2464 Alerter - ok
12:56:20.0424 2464 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:56:21.0955 2464 ALG - ok
12:56:22.0049 2464 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\System32\DRIVERS\aliide.sys
12:56:22.0658 2464 AliIde - ok
12:56:22.0721 2464 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\System32\DRIVERS\alim1541.sys
12:56:23.0190 2464 alim1541 - ok
12:56:23.0252 2464 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\System32\DRIVERS\amdagp.sys
12:56:23.0971 2464 amdagp - ok
12:56:24.0018 2464 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\System32\DRIVERS\amsint.sys
12:56:24.0518 2464 amsint - ok
12:56:24.0815 2464 [ 367592EFCA7FF8B4CE11AB6B0744E1E2 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
12:56:24.0987 2464 Apple Mobile Device - ok
12:56:25.0002 2464 AppMgmt - ok
12:56:25.0127 2464 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:56:26.0565 2464 Arp1394 - ok
12:56:26.0705 2464 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\System32\DRIVERS\asc.sys
12:56:27.0362 2464 asc - ok
12:56:27.0424 2464 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\System32\DRIVERS\asc3350p.sys
12:56:27.0955 2464 asc3350p - ok
12:56:27.0987 2464 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\System32\DRIVERS\asc3550.sys
12:56:28.0502 2464 asc3550 - ok
12:56:28.0815 2464 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:56:29.0174 2464 aspnet_state - ok
12:56:29.0252 2464 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:56:30.0830 2464 AsyncMac - ok
12:56:30.0877 2464 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:56:33.0065 2464 atapi - ok
12:56:33.0080 2464 Atdisk - ok
12:56:33.0190 2464 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:56:41.0283 2464 Atmarpc - ok
12:56:41.0393 2464 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:56:41.0940 2464 AudioSrv - ok
12:56:42.0112 2464 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:56:42.0721 2464 audstub - ok
12:56:43.0018 2464 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
12:56:43.0721 2464 Avc - ok
12:56:43.0846 2464 [ 068523D2CD260069B19AD68ADEA0D739 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
12:56:44.0096 2464 bcm4sbxp - ok
12:56:44.0893 2464 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
12:56:45.0721 2464 BCMModem - ok
12:56:45.0862 2464 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:56:46.0362 2464 Beep - ok
12:56:49.0174 2464 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:56:50.0299 2464 BITS - ok
12:56:50.0424 2464 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:56:50.0830 2464 Browser - ok
12:56:51.0174 2464 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
12:56:51.0580 2464 cbidf - ok
12:56:51.0658 2464 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:56:52.0096 2464 cbidf2k - ok
12:56:52.0190 2464 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:56:52.0737 2464 CCDECODE - ok
12:56:52.0908 2464 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
12:56:53.0190 2464 cd20xrnt - ok
12:56:53.0252 2464 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:56:53.0752 2464 Cdaudio - ok
12:56:53.0799 2464 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:56:54.0424 2464 Cdfs - ok
12:56:55.0596 2464 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:56:56.0237 2464 Cdrom - ok
12:56:56.0283 2464 Changer - ok
12:56:56.0549 2464 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:56:59.0002 2464 CiSvc - ok
12:56:59.0096 2464 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:57:00.0502 2464 ClipSrv - ok
12:57:00.0643 2464 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:57:01.0221 2464 clr_optimization_v2.0.50727_32 - ok
12:57:01.0283 2464 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\System32\DRIVERS\cmdide.sys
12:57:01.0690 2464 CmdIde - ok
12:57:01.0705 2464 COMSysApp - ok
12:57:01.0783 2464 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\System32\DRIVERS\cpqarray.sys
12:57:02.0190 2464 Cpqarray - ok
12:57:02.0283 2464 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:57:02.0674 2464 CryptSvc - ok
12:57:02.0737 2464 [ 310C5EC0B4278211089F0A5E915D025F ] cvintdrv C:\WINDOWS\system32\drivers\cvintdrv.sys
12:57:02.0768 2464 cvintdrv ( UnsignedFile.Multi.Generic ) - warning
12:57:02.0768 2464 cvintdrv - detected UnsignedFile.Multi.Generic (1)
12:57:02.0893 2464 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
12:57:03.0299 2464 dac2w2k - ok
12:57:03.0362 2464 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\System32\DRIVERS\dac960nt.sys
12:57:03.0705 2464 dac960nt - ok
12:57:03.0893 2464 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:57:04.0205 2464 DcomLaunch - ok
12:57:04.0315 2464 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:57:04.0674 2464 Dhcp - ok
12:57:04.0737 2464 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:57:05.0190 2464 Disk - ok
12:57:05.0221 2464 dmadmin - ok
12:57:05.0533 2464 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:57:06.0221 2464 dmboot - ok
12:57:06.0330 2464 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:57:06.0705 2464 dmio - ok
12:57:06.0737 2464 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:57:07.0143 2464 dmload - ok
12:57:07.0877 2464 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:57:08.0299 2464 dmserver - ok
12:57:08.0362 2464 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:57:08.0783 2464 DMusic - ok
12:57:08.0862 2464 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:57:09.0237 2464 Dnscache - ok
12:57:09.0362 2464 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:57:09.0783 2464 Dot3svc - ok
12:57:09.0830 2464 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
12:57:10.0190 2464 dpti2o - ok
12:57:10.0268 2464 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:57:10.0846 2464 drmkaud - ok
12:57:11.0143 2464 [ 7F056A52BCBA3102D2D37A4A2646C807 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
12:57:11.0346 2464 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
12:57:11.0346 2464 drvmcdb - detected UnsignedFile.Multi.Generic (1)
12:57:11.0440 2464 [ D3C1E501ED42E77574B3095309DD4075 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
12:57:11.0518 2464 drvnddm ( UnsignedFile.Multi.Generic ) - warning
12:57:11.0518 2464 drvnddm - detected UnsignedFile.Multi.Generic (1)
12:57:11.0690 2464 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:57:12.0705 2464 EapHost - ok
12:57:12.0846 2464 [ D82414EC520453EFE2EBA936F6A9115A ] EAPPkt C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
12:57:12.0955 2464 EAPPkt ( UnsignedFile.Multi.Generic ) - warning
12:57:12.0955 2464 EAPPkt - detected UnsignedFile.Multi.Generic (1)
12:57:13.0096 2464 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
12:57:13.0737 2464 EL90XBC - ok
12:57:13.0846 2464 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:57:14.0580 2464 ERSvc - ok
12:57:14.0721 2464 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:57:15.0252 2464 Eventlog - ok
12:57:15.0424 2464 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
12:57:16.0049 2464 EventSystem - ok
12:57:16.0205 2464 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:57:16.0580 2464 Fastfat - ok
12:57:16.0721 2464 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:57:17.0221 2464 FastUserSwitchingCompatibility - ok
12:57:17.0283 2464 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:57:17.0690 2464 Fdc - ok
12:57:17.0752 2464 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:57:18.0237 2464 Fips - ok
12:57:18.0502 2464 [ D63B6B8DB31AB629FD57991D799289BF ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
12:57:19.0549 2464 FlipShare Service - ok
12:57:19.0596 2464 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:57:20.0096 2464 Flpydisk - ok
12:57:20.0221 2464 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:57:20.0690 2464 FltMgr - ok
12:57:21.0002 2464 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:57:21.0502 2464 FontCache3.0.0.0 - ok
12:57:21.0549 2464 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:57:22.0002 2464 Fs_Rec - ok
12:57:22.0096 2464 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:57:22.0455 2464 Ftdisk - ok
12:57:22.0518 2464 [ 2FB04DB459C71F416EE8B05448CA4AC3 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:57:22.0533 2464 GEARAspiWDM - ok
12:57:22.0627 2464 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
12:57:22.0971 2464 getPlusHelper - ok
12:57:23.0033 2464 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:57:23.0940 2464 Gpc - ok
12:57:24.0174 2464 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:57:24.0658 2464 helpsvc - ok
12:57:24.0768 2464 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:57:25.0830 2464 HidServ - ok
12:57:25.0893 2464 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:57:26.0315 2464 HidUsb - ok
12:57:26.0393 2464 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:57:26.0846 2464 hkmsvc - ok
12:57:26.0893 2464 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\System32\DRIVERS\hpn.sys
12:57:27.0565 2464 hpn - ok
12:57:27.0690 2464 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:57:27.0908 2464 HTTP - ok
12:57:27.0971 2464 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:57:28.0346 2464 HTTPFilter - ok
12:57:28.0393 2464 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
12:57:29.0221 2464 i2omgmt - ok
12:57:29.0268 2464 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\System32\DRIVERS\i2omp.sys
12:57:29.0783 2464 i2omp - ok
12:57:29.0830 2464 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:57:30.0518 2464 i8042prt - ok
12:57:31.0190 2464 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
12:57:32.0096 2464 i81x - ok
12:57:32.0455 2464 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
12:57:33.0033 2464 iAimFP0 - ok
12:57:33.0315 2464 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
12:57:34.0002 2464 iAimFP1 - ok
12:57:34.0096 2464 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
12:57:35.0143 2464 iAimFP2 - ok
12:57:36.0080 2464 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
12:57:36.0502 2464 iAimFP3 - ok
12:57:38.0127 2464 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
12:57:39.0190 2464 iAimFP4 - ok
12:57:39.0612 2464 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
12:57:40.0252 2464 iAimTV0 - ok
12:57:40.0502 2464 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
12:57:41.0627 2464 iAimTV1 - ok
12:57:41.0643 2464 iAimTV2 - ok
12:57:41.0768 2464 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
12:57:42.0518 2464 iAimTV3 - ok
12:57:42.0580 2464 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
12:57:43.0815 2464 iAimTV4 - ok
12:57:44.0658 2464 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:57:46.0127 2464 ialm - ok
12:57:47.0158 2464 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:57:48.0393 2464 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:57:48.0393 2464 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:57:50.0112 2464 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:57:51.0393 2464 idsvc - ok
12:57:51.0487 2464 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:57:52.0533 2464 Imapi - ok
12:57:52.0987 2464 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:57:53.0705 2464 ImapiService - ok
12:57:54.0580 2464 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\System32\DRIVERS\ini910u.sys
12:57:55.0752 2464 ini910u - ok
12:57:55.0846 2464 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\System32\DRIVERS\intelide.sys
12:57:56.0424 2464 IntelIde - ok
12:57:56.0924 2464 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:57:57.0971 2464 intelppm - ok
12:57:58.0174 2464 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:57:58.0768 2464 ip6fw - ok
12:57:58.0924 2464 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:57:59.0627 2464 IpFilterDriver - ok
12:57:59.0955 2464 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:58:00.0377 2464 IpInIp - ok
12:58:00.0643 2464 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:58:01.0096 2464 IpNat - ok
12:58:01.0221 2464 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:58:01.0674 2464 IPSec - ok
12:58:02.0112 2464 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:58:03.0127 2464 IRENUM - ok
12:58:03.0362 2464 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:58:03.0830 2464 isapnp - ok
12:58:03.0877 2464 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:58:04.0377 2464 Kbdclass - ok
12:58:04.0518 2464 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:58:05.0424 2464 kbdhid - ok
12:58:06.0237 2464 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:58:07.0315 2464 kmixer - ok
12:58:07.0612 2464 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:58:08.0174 2464 KSecDD - ok
12:58:08.0408 2464 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:58:09.0283 2464 lanmanserver - ok
12:58:09.0658 2464 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:58:10.0455 2464 lanmanworkstation - ok
12:58:10.0502 2464 lbrtfdc - ok
12:58:11.0205 2464 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:58:12.0893 2464 LmHosts - ok
12:58:13.0627 2464 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\System32\tcpsvcs.exe
12:58:15.0002 2464 LPDSVC - ok
12:58:15.0643 2464 [ 7029AFD96C4A0C9BE264BCB51F03EAB7 ] lusbaudio C:\WINDOWS\system32\drivers\lvsound2.sys
12:58:16.0533 2464 lusbaudio - ok
12:58:16.0596 2464 [ 085A2EEACB0DACB77B9B1ED65A4AB910 ] LVBulk C:\WINDOWS\system32\DRIVERS\LVBulk.sys
12:58:17.0221 2464 LVBulk - ok
12:58:18.0643 2464 [ 6ABBA82AC2D32CD793E78406B5BA239E ] LVVI500A C:\WINDOWS\system32\DRIVERS\lvvi500a.sys
12:58:19.0190 2464 LVVI500A - ok
12:58:19.0440 2464 [ 34F2249A8EEE91AD85FBDB7440C0DF96 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
12:58:22.0690 2464 mbamchameleon - ok
12:58:22.0815 2464 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:58:22.0924 2464 MBAMProtector - ok
12:58:23.0705 2464 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:58:24.0190 2464 MBAMScheduler - ok
12:58:24.0627 2464 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:58:25.0862 2464 MBAMService - ok
12:58:26.0658 2464 MBWK - ok
12:58:26.0737 2464 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:58:28.0299 2464 Messenger - ok
12:58:28.0549 2464 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:58:29.0315 2464 mnmdd - ok
12:58:31.0002 2464 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
12:58:31.0721 2464 mnmsrvc - ok
12:58:33.0190 2464 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:58:33.0955 2464 Modem - ok
12:58:34.0033 2464 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:58:34.0549 2464 MODEMCSA - ok
12:58:34.0658 2464 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:58:35.0237 2464 Mouclass - ok
12:58:35.0846 2464 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:58:36.0549 2464 mouhid - ok
12:58:36.0643 2464 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:58:37.0377 2464 MountMgr - ok
12:58:39.0424 2464 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:58:39.0471 2464 MpFilter - ok
12:58:48.0799 2464 [ A69630D039C38018689190234F866D77 ] MpKsl5aef375a c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2A169040-3CFD-4F57-9385-A163E4A2F2C8}\MpKsl5aef375a.sys
12:58:48.0877 2464 MpKsl5aef375a - ok
12:58:50.0424 2464 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\System32\DRIVERS\mraid35x.sys
12:58:51.0408 2464 mraid35x - ok
12:58:53.0315 2464 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:58:54.0455 2464 MRxDAV - ok
12:58:55.0596 2464 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:58:56.0752 2464 MRxSmb - ok
12:58:58.0252 2464 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
12:58:59.0424 2464 MSDTC - ok
12:58:59.0658 2464 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
12:59:00.0502 2464 MSDV - ok
12:59:00.0799 2464 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:59:01.0330 2464 Msfs - ok
12:59:01.0346 2464 MSIServer - ok
12:59:01.0393 2464 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:59:02.0096 2464 MSKSSRV - ok
12:59:02.0612 2464 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:59:02.0783 2464 MsMpSvc - ok
12:59:02.0877 2464 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:59:04.0096 2464 MSPCLOCK - ok
12:59:04.0471 2464 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:59:05.0518 2464 MSPQM - ok
12:59:05.0580 2464 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:59:06.0580 2464 mssmbios - ok
12:59:06.0674 2464 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:59:07.0955 2464 MSTEE - ok
12:59:08.0158 2464 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:59:08.0487 2464 Mup - ok
12:59:08.0596 2464 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:59:10.0002 2464 NABTSFEC - ok
12:59:10.0627 2464 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:59:12.0721 2464 napagent - ok
12:59:12.0877 2464 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:59:14.0846 2464 NDIS - ok
12:59:15.0049 2464 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:59:16.0674 2464 NdisIP - ok
12:59:18.0049 2464 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:59:18.0783 2464 NdisTapi - ok
12:59:19.0705 2464 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:59:20.0877 2464 Ndisuio - ok
12:59:21.0096 2464 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:59:22.0268 2464 NdisWan - ok
12:59:23.0065 2464 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:59:24.0158 2464 NDProxy - ok
12:59:24.0330 2464 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:59:25.0908 2464 NetBIOS - ok
12:59:26.0205 2464 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:59:26.0830 2464 NetBT - ok
12:59:27.0033 2464 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:59:28.0049 2464 NetDDE - ok
12:59:28.0158 2464 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:59:29.0815 2464 NetDDEdsdm - ok
12:59:29.0908 2464 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:59:31.0377 2464 Netlogon - ok
12:59:31.0721 2464 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:59:33.0612 2464 Netman - ok
12:59:33.0971 2464 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:59:34.0346 2464 NetTcpPortSharing - ok
12:59:34.0455 2464 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:59:36.0190 2464 NIC1394 - ok
12:59:36.0315 2464 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:59:37.0768 2464 Nla - ok
12:59:37.0908 2464 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:59:40.0799 2464 Npfs - ok
12:59:41.0877 2464 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:59:43.0580 2464 Ntfs - ok
12:59:43.0596 2464 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
12:59:44.0799 2464 NtLmSsp - ok
12:59:45.0049 2464 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:59:46.0830 2464 NtmsSvc - ok
12:59:46.0862 2464 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:59:47.0877 2464 Null - ok
12:59:48.0533 2464 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:59:50.0893 2464 nv - ok
12:59:50.0940 2464 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:59:51.0971 2464 NwlnkFlt - ok
12:59:52.0033 2464 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:59:53.0049 2464 NwlnkFwd - ok
12:59:53.0283 2464 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:59:54.0299 2464 ohci1394 - ok
12:59:54.0408 2464 [ 53D5F1278D9EDB21689BBBCECC09108D ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
12:59:54.0612 2464 omci ( UnsignedFile.Multi.Generic ) - warning
12:59:54.0612 2464 omci - detected UnsignedFile.Multi.Generic (1)
12:59:54.0815 2464 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:59:55.0737 2464 ose - ok
12:59:55.0877 2464 [ 937A02981F11B2CE96B1D493C95AED2B ] p2pgasvc C:\WINDOWS\system32\p2pgasvc.dll
12:59:56.0987 2464 p2pgasvc - ok
12:59:57.0330 2464 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] p2pimsvc C:\WINDOWS\system32\p2psvc.dll
12:59:58.0627 2464 p2pimsvc - ok
12:59:58.0987 2464 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
13:00:00.0893 2464 p2psvc - ok
13:00:00.0940 2464 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
13:00:01.0862 2464 P3 - ok
13:00:01.0955 2464 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:00:02.0971 2464 Parport - ok
13:00:03.0065 2464 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:00:04.0065 2464 PartMgr - ok
13:00:04.0174 2464 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:00:05.0096 2464 ParVdm - ok
13:00:05.0143 2464 PCASp50 - ok
13:00:05.0221 2464 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:00:06.0737 2464 PCI - ok
13:00:07.0033 2464 PCIDump - ok
13:00:07.0190 2464 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:00:09.0283 2464 PCIIde - ok
13:00:09.0440 2464 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:00:11.0768 2464 Pcmcia - ok
13:00:11.0862 2464 PDCOMP - ok
13:00:12.0018 2464 PDFRAME - ok
13:00:12.0190 2464 PDRELI - ok
13:00:12.0393 2464 PDRFRAME - ok
13:00:12.0549 2464 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\System32\DRIVERS\perc2.sys
13:00:14.0690 2464 perc2 - ok
13:00:14.0815 2464 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\System32\DRIVERS\perc2hib.sys
13:00:17.0502 2464 perc2hib - ok
13:00:17.0955 2464 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:00:20.0033 2464 PlugPlay - ok
13:00:20.0455 2464 [ 4A1035CB8F0D57BE41873B5183D96CF4 ] PNRPSvc C:\WINDOWS\system32\p2psvc.dll
13:00:22.0830 2464 PNRPSvc - ok
13:00:22.0908 2464 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:00:24.0862 2464 PolicyAgent - ok
13:00:25.0065 2464 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:00:27.0205 2464 PptpMiniport - ok
13:00:27.0330 2464 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:00:29.0940 2464 Processor - ok
13:00:30.0080 2464 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:00:30.0487 2464 ProtectedStorage - ok
13:00:30.0549 2464 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:00:30.0955 2464 PSched - ok
13:00:31.0065 2464 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
13:00:31.0158 2464 PSI - ok
13:00:31.0268 2464 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:00:31.0674 2464 Ptilink - ok
13:00:31.0737 2464 [ F7BB4E7A7C02AB4A2672937E124E306E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
13:00:31.0815 2464 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
13:00:31.0815 2464 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
13:00:31.0955 2464 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\System32\DRIVERS\ql1080.sys
13:00:32.0252 2464 ql1080 - ok
13:00:32.0283 2464 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
13:00:32.0799 2464 Ql10wnt - ok
13:00:32.0877 2464 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\System32\DRIVERS\ql12160.sys
13:00:33.0158 2464 ql12160 - ok
13:00:33.0190 2464 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\System32\DRIVERS\ql1240.sys
13:00:33.0502 2464 ql1240 - ok
13:00:33.0533 2464 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\System32\DRIVERS\ql1280.sys
13:00:33.0940 2464 ql1280 - ok
13:00:34.0002 2464 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:00:34.0299 2464 RasAcd - ok
13:00:34.0393 2464 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:00:34.0940 2464 RasAuto - ok
13:00:34.0987 2464 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:00:35.0393 2464 Rasl2tp - ok
13:00:35.0502 2464 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:00:35.0830 2464 RasMan - ok
13:00:35.0877 2464 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:00:36.0174 2464 RasPppoe - ok
13:00:36.0205 2464 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:00:36.0518 2464 Raspti - ok
13:00:36.0612 2464 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:00:37.0112 2464 Rdbss - ok
13:00:37.0190 2464 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:00:37.0612 2464 RDPCDD - ok
13:00:37.0721 2464 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:00:38.0112 2464 rdpdr - ok
13:00:38.0221 2464 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:00:38.0440 2464 RDPWD - ok
13:00:38.0565 2464 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:00:39.0346 2464 RDSessMgr - ok
13:00:39.0408 2464 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:00:39.0752 2464 redbook - ok
13:00:39.0830 2464 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:00:40.0268 2464 RemoteAccess - ok
13:00:40.0346 2464 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
13:00:40.0643 2464 RpcLocator - ok
13:00:40.0893 2464 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:00:41.0549 2464 RpcSs - ok
13:00:41.0690 2464 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
13:00:42.0815 2464 RSVP - ok
13:00:43.0080 2464 [ D668006D3F4249D20729EF6DA27C916E ] RTL8187B C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
13:00:43.0424 2464 RTL8187B ( UnsignedFile.Multi.Generic ) - warning
13:00:43.0424 2464 RTL8187B - detected UnsignedFile.Multi.Generic (1)
13:00:43.0690 2464 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:00:44.0190 2464 SamSs - ok
13:00:44.0205 2464 SASDIFSV - ok
13:00:44.0237 2464 SASKUTIL - ok
13:00:44.0377 2464 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:00:44.0893 2464 SCardSvr - ok
13:00:45.0721 2464 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:00:46.0393 2464 Schedule - ok
13:00:52.0830 2464 [ D98E936BDD4A6CFE39535F3696D0EC6F ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
13:00:56.0362 2464 SDScannerService - ok
13:01:03.0737 2464 [ 2D5088524613D1ED55D20195AF42DDC7 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
13:01:06.0393 2464 SDUpdateService - ok
13:01:06.0627 2464 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:01:09.0643 2464 Secdrv - ok
13:01:09.0690 2464 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:01:10.0096 2464 seclogon - ok
13:01:18.0612 2464 [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
13:01:26.0737 2464 Secunia PSI Agent - ok
13:01:27.0330 2464 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:01:27.0846 2464 SENS - ok
13:01:29.0440 2464 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:01:29.0877 2464 serenum - ok
13:01:30.0580 2464 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:01:31.0018 2464 Serial - ok
13:01:31.0362 2464 [ 1F16931C722C69E4A7866244796C66A0 ] sermouse C:\WINDOWS\system32\DRIVERS\sermouse.sys
13:01:31.0815 2464 sermouse - ok
13:01:31.0908 2464 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:01:32.0408 2464 Sfloppy - ok
13:01:33.0518 2464 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:01:35.0065 2464 SharedAccess - ok
13:01:37.0565 2464 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:01:38.0143 2464 ShellHWDetection - ok
13:01:38.0158 2464 Simbad - ok
13:01:38.0221 2464 [ 32933B07FC16D9F778BEE12545FA1B1A ] SimpTcp C:\WINDOWS\System32\tcpsvcs.exe
13:01:39.0127 2464 SimpTcp - ok
13:01:40.0315 2464 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\System32\DRIVERS\sisagp.sys
13:01:40.0690 2464 sisagp - ok
13:01:40.0768 2464 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:01:41.0424 2464 SLIP - ok
13:01:43.0987 2464 [ 31FD0707C7DBE715234F2823B27214FE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
13:01:44.0877 2464 smwdm - ok
13:01:46.0049 2464 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\System32\DRIVERS\sparrow.sys
13:01:46.0549 2464 Sparrow - ok
13:01:46.0658 2464 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:01:47.0408 2464 splitter - ok
13:01:47.0580 2464 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:01:47.0846 2464 Spooler - ok
13:01:47.0908 2464 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:01:48.0362 2464 sr - ok
13:01:49.0143 2464 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
13:01:49.0752 2464 srservice - ok
13:01:50.0143 2464 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:01:50.0768 2464 Srv - ok
13:01:52.0346 2464 [ 328E8BB94EC58480F60458FB4B8437A7 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
13:01:52.0471 2464 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
13:01:52.0471 2464 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
13:01:52.0658 2464 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:01:53.0065 2464 SSDPSRV - ok
13:01:53.0596 2464 [ 7EC8B427CEE5C0CDAC066320B93F1355 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
13:01:53.0893 2464 ssrtln ( UnsignedFile.Multi.Generic ) - warning
13:01:53.0893 2464 ssrtln - detected UnsignedFile.Multi.Generic (1)
13:01:53.0955 2464 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
13:01:54.0596 2464 StillCam - ok
13:01:56.0158 2464 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:01:57.0330 2464 stisvc - ok
13:01:59.0049 2464 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:01:59.0487 2464 streamip - ok
13:01:59.0518 2464 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:02:00.0080 2464 swenum - ok
13:02:00.0877 2464 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:02:01.0612 2464 swmidi - ok
13:02:01.0627 2464 SwPrv - ok
13:02:01.0737 2464 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
13:02:02.0112 2464 symc810 - ok
13:02:02.0518 2464 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
13:02:03.0080 2464 symc8xx - ok
13:02:03.0127 2464 SymIM - ok
13:02:03.0190 2464 SymIMMP - ok
13:02:03.0237 2464 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
13:02:03.0565 2464 sym_hi - ok
13:02:03.0690 2464 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
13:02:04.0158 2464 sym_u3 - ok
13:02:04.0643 2464 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:02:05.0487 2464 sysaudio - ok
13:02:06.0002 2464 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:02:06.0705 2464 SysmonLog - ok
13:02:08.0127 2464 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:02:08.0940 2464 TapiSrv - ok
13:02:10.0471 2464 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:02:11.0830 2464 Tcpip - ok
13:02:12.0096 2464 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
13:02:12.0549 2464 Tcpip6 - ok
13:02:12.0768 2464 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:02:13.0283 2464 TDPIPE - ok
13:02:13.0330 2464 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:02:13.0721 2464 TDTCP - ok
13:02:14.0002 2464 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:02:14.0455 2464 TermDD - ok
13:02:14.0955 2464 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:02:16.0330 2464 TermService - ok
13:02:16.0737 2464 [ C229BF90443BE8D3BD2B65D7F3AC0F35 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
13:02:17.0080 2464 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
13:02:17.0080 2464 tfsnboio - detected UnsignedFile.Multi.Generic (1)
13:02:17.0143 2464 [ 79EE9FCD7728E54AB8FBC30962F0416F ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
13:02:17.0283 2464 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
13:02:17.0283 2464 tfsncofs - detected UnsignedFile.Multi.Generic (1)
13:02:17.0362 2464 [ 9EFB37E7DE17D783A059B653F7E8AFAD ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
13:02:17.0565 2464 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
13:02:17.0565 2464 tfsndrct - detected UnsignedFile.Multi.Generic (1)
13:02:17.0612 2464 [ 130254995EBEDCB34D62E8D78EC9DBD0 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
13:02:17.0737 2464 tfsndres ( UnsignedFile.Multi.Generic ) - warning
13:02:17.0737 2464 tfsndres - detected UnsignedFile.Multi.Generic (1)
13:02:17.0815 2464 [ 9B40E1E4AEED849812A2E43A388A7E77 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
13:02:18.0471 2464 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
13:02:18.0471 2464 tfsnifs - detected UnsignedFile.Multi.Generic (1)
13:02:18.0533 2464 [ 818047AD850B312705AA17CA96B9427D ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
13:02:18.0690 2464 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
13:02:18.0690 2464 tfsnopio - detected UnsignedFile.Multi.Generic (1)
13:02:18.0893 2464 [ 4603E813BCC6DD465CD8D2AFD37FA90D ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
13:02:19.0393 2464 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
13:02:19.0393 2464 tfsnpool - detected UnsignedFile.Multi.Generic (1)
13:02:19.0471 2464 [ 6FC2CD904A9A55ACFDFC780A611A75ED ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
13:02:19.0721 2464 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
13:02:19.0721 2464 tfsnudf - detected UnsignedFile.Multi.Generic (1)
13:02:20.0627 2464 [ D4AFA4D00F8DB3FD1C15B3FE49C3A96C ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
13:02:21.0127 2464 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
13:02:21.0127 2464 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
13:02:22.0721 2464 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:02:24.0205 2464 Themes - ok
13:02:26.0362 2464 [ DF8444A8FA8FD38D8848BDD40A8403B3 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
13:02:26.0518 2464 tmcomm - ok
13:02:28.0158 2464 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\System32\DRIVERS\toside.sys
13:02:28.0924 2464 TosIde - ok
13:02:29.0862 2464 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:02:33.0096 2464 TrkWks - ok
13:02:33.0174 2464 TSP - ok
13:02:33.0237 2464 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
13:02:34.0471 2464 tunmp - ok
13:02:34.0830 2464 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:02:35.0627 2464 Udfs - ok
13:02:36.0033 2464 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\System32\DRIVERS\ultra.sys
13:02:36.0533 2464 ultra - ok
13:02:37.0955 2464 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:02:39.0440 2464 Update - ok
13:02:40.0908 2464 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:02:41.0908 2464 upnphost - ok
13:02:43.0080 2464 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:02:43.0533 2464 UPS - ok
13:02:44.0752 2464 [ 026F7F224F088EE11E383BCA448FFF81 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:02:45.0143 2464 USBAAPL - ok
13:02:45.0940 2464 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
13:02:46.0471 2464 usbaudio - ok
13:02:47.0487 2464 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:02:47.0924 2464 usbccgp - ok
13:02:47.0971 2464 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:02:48.0737 2464 usbehci - ok
13:02:49.0190 2464 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:02:49.0815 2464 usbhub - ok
13:02:50.0221 2464 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:02:50.0674 2464 usbprint - ok
13:02:50.0893 2464 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:02:51.0283 2464 usbscan - ok
13:02:51.0377 2464 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:02:51.0799 2464 USBSTOR - ok
13:02:52.0737 2464 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:02:53.0283 2464 usbuhci - ok
13:02:53.0658 2464 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
13:02:54.0487 2464 usbvideo - ok
13:02:54.0596 2464 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:02:55.0440 2464 VgaSave - ok
13:02:55.0815 2464 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\System32\DRIVERS\viaagp.sys
13:02:56.0424 2464 viaagp - ok
13:02:56.0533 2464 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
13:02:57.0299 2464 ViaIde - ok
13:02:57.0862 2464 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:03:01.0377 2464 VolSnap - ok
13:03:02.0018 2464 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:03:03.0799 2464 VSS - ok
13:03:05.0424 2464 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
13:03:06.0268 2464 w32time - ok
13:03:07.0471 2464 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:03:08.0174 2464 Wanarp - ok
13:03:08.0205 2464 wanatw - ok
13:03:09.0565 2464 [ DC7F91B2ED24A738C807EA07F298928C ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
13:03:10.0377 2464 wceusbsh - ok
13:03:10.0408 2464 WDICA - ok
13:03:10.0502 2464 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:03:11.0252 2464 wdmaud - ok
13:03:11.0705 2464 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:03:12.0362 2464 WebClient - ok
13:03:23.0424 2464 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:03:24.0627 2464 winmgmt - ok
13:03:27.0862 2464 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
13:03:28.0783 2464 WmdmPmSN - ok
13:03:29.0346 2464 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:03:30.0658 2464 WmiApSrv - ok
13:03:32.0487 2464 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:03:32.0908 2464 WS2IFSL - ok
13:03:33.0268 2464 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:03:33.0908 2464 wscsvc - ok
13:03:34.0080 2464 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:03:34.0752 2464 WSTCODEC - ok
13:03:35.0346 2464 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:03:35.0924 2464 wuauserv - ok
13:03:37.0862 2464 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:03:38.0127 2464 WudfPf - ok
13:03:39.0174 2464 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:03:39.0580 2464 WudfRd - ok
13:03:40.0080 2464 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:03:40.0674 2464 WudfSvc - ok
13:03:45.0440 2464 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:05:01.0518 2464 WZCSVC - ok
13:05:02.0127 2464 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:05:03.0549 2464 xmlprov - ok
13:05:03.0768 2464 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
13:05:35.0908 2464 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:05:37.0971 2464 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
13:05:38.0815 2464 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:05:38.0815 2464 ================ Scan global ===============================
13:05:43.0737 2464 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:05:47.0127 2464 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:09:56.0768 2464 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:11:05.0002 2464 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:11:05.0533 2464 [Global] - ok
13:11:05.0533 2464 ================ Scan MBR ==================================
13:11:05.0627 2464 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:13:33.0737 2464 \Device\Harddisk0\DR0 - ok
13:13:33.0768 2464 ================ Scan VBR ==================================
13:13:33.0815 2464 [ 7311E6FCF22CC2C1F5BF5497E60BE33C ] \Device\Harddisk0\DR0\Partition1
13:13:34.0737 2464 \Device\Harddisk0\DR0\Partition1 - ok
13:13:34.0783 2464 ============================================================
13:13:34.0783 2464 Scan finished
13:13:34.0783 2464 ============================================================
13:13:42.0143 2460 Detected object count: 20
13:13:42.0143 2460 Actual detected object count: 20
13:15:07.0502 2460 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0502 2460 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0502 2460 cvintdrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0502 2460 cvintdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0502 2460 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0502 2460 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0518 2460 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0518 2460 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0518 2460 EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0518 2460 EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0533 2460 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0533 2460 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0533 2460 omci ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0533 2460 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0549 2460 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0549 2460 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0549 2460 RTL8187B ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0549 2460 RTL8187B ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0565 2460 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0565 2460 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0565 2460 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0580 2460 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0580 2460 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0580 2460 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0596 2460 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0596 2460 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0596 2460 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0596 2460 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0612 2460 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0612 2460 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0612 2460 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0612 2460 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0643 2460 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0643 2460 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0674 2460 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0674 2460 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0674 2460 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0674 2460 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:07.0690 2460 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:07.0690 2460 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:56.0362 1872 Deinitialize success

Edited by whatisavailable, 27 October 2012 - 01:35 PM.


#10 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:47 PM

Posted 29 October 2012 - 08:19 AM

Hi there,


Please download ComboFix from one of these locations:
  • Bleepingcomputer
    ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.







Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#11 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:01:47 PM

Posted 29 October 2012 - 10:07 AM

Hi
I hope you had a great weekend.

Below is the output of the log file from combofix.
FYI, got an error saying the program PEV.3XE ended and offered to send the report.

I'm still in safe mode since the computer would't let me run combofix or anything else. I won't reboot it until you say so.

Thanks!
Jim

ComboFix 12-10-29.02 - Administrator 10/29/2012 9:27.5.1 - x86 NETWORK
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\8DA0EB21.TMP
c:\documents and settings\terri\WINDOWS
c:\program files\KAV
c:\program files\KAV\personalpro5.0\english\0007F632.key
c:\program files\KAV\personalpro5.0\english\0x0409.ini
c:\program files\KAV\personalpro5.0\english\409\setup.bmp
c:\program files\KAV\personalpro5.0\english\Common\Kaspersky Lab\Data\e2s_subscription.xml
c:\program files\KAV\personalpro5.0\english\Common\Kaspersky Lab\Settings\SS_PRODINFO.xml
c:\program files\KAV\personalpro5.0\english\Common\Kaspersky Lab\Settings\SS_RUNTIME.xml
c:\program files\KAV\personalpro5.0\english\Common\Kaspersky Lab\Settings\SS_SETTINGS.xml
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\avcmhk3.dll
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\avp.klb
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\avp.set
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\avp.vnd
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\avp0409.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\backdoor.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\black.lst
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\ca.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\daily.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\eicar.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\engine.cfg
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\engine.dt
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\extr-cab.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\extract.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\fa.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\generic.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\kavset.xml
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\kernel.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\krndos.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\krnengn.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\krnexe.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\krnjava.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\krnmacro.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\krnunp.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\macro.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\mail.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\malware.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\newexe.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\newexeg.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\ocr.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\script.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\smart.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\trojan.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\unpack.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\up040924.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\up041001.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\up041008.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\up041015.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\Bases\worm.avc
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\master.xml
c:\program files\KAV\personalpro5.0\english\CommonAppData\Kaspersky Lab\KAV Personal Pro\5.0\updcfg.xml
c:\program files\KAV\personalpro5.0\english\instmsia.exe
c:\program files\KAV\personalpro5.0\english\instmsiw.exe
c:\program files\KAV\personalpro5.0\english\isscript.msi
c:\program files\KAV\personalpro5.0\english\Kaspersky Anti-Virus Personal Pro.msi
c:\program files\KAV\personalpro5.0\english\personalpro.kpd
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\appinfo.kli
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\appldiff.exe
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Arj.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\ArjPack.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\avlib.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\AVP_IO.vxd
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Avp_io32.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Avp_iont.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Avp1.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\avpgs.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\AvpMgr.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\btdisk.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\buffer.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\CAB.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\dbghelp.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\deflate.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\DMAP.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\dtreg.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\English\context.chm
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\English\KAVBloc.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\English\KAVCLoc.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\English\KAVMLoc.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\English\KAVPLoc.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\English\kl.url
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\English\mcouloc.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\English\userguide.chm
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Explode.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\FSSync.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\gSOAP License.txt
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\HashCont.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\HASHMD5.PPL
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\HCCMP.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\ichk2.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\ichstrms.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Inflate.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\KLOnAccI.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\KLOnDemI.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\L_llio.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\MailMsg.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\mcou.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\mdb.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\MDMAP.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\MemModSc.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\MemScan.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\minizip.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\msoe.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\nfio.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\NTFSstrm.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\OffGuard.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\passdmap.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\pr_client.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\pr_server.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\PrKernel.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\prloader.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\prseqio.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\PrString.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\PrUtil.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\rar.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Readme.txt
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\report.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\scr_ch_pg.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\SFDB.PPL
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\startups.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\StdComp.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\stored.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\StrtSLoc.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\SuperIO.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\TempFile.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\UnArj.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\UniArc.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\UnLZX.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Unreduce.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\UNSHRINK.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\UnStored.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WDiskIO.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\avs.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\CheckTool.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\KAV.exe
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\KAVAsync.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\kavbl.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\kavblp.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\kavmm.exe
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\KAVShellEx.exe
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\KAVSync.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\KCAStub.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\klcsa.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\klcsc.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\klsecur.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\kltrace.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\lickav.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\mailapplayer.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\Mchk.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\MchkBL.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\mcoup.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\mcproxy.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\OffGuardAgent.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\OnAccess.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\OnDemand.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\pr_remote.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\QBackup.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\qbstorage.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\scrch_ag.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\ShellEx.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\SubjPlugin.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\Up2Date.exe
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\upd_core.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\Win9X\upd_kca.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\avs.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\CheckTool.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\KAV.exe
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\KAVAsync.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\kavbl.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\kavblp.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\kavmm.exe
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\KAVShellEx.exe
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\KAVSync.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\KCAStub.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\klcsa.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\klcsc.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\klsecur.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\kltrace.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\lickav.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\mailapplayer.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\Mchk.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\MchkBL.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\mcoup.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\mcproxy.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\OffGuardAgent.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\OnAccess.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\OnDemand.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\pr_remote.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\QBackup.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\qbstorage.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\scrch_ag.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\ShellEx.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\SubjPlugin.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\Up2Date.exe
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\upd_core.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinNT\upd_kca.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\WinReg.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\xmlparse.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\xmltok.dll
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\xorio.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\xorio_ex.ppl
c:\program files\KAV\personalpro5.0\english\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\zcompare.ppl
c:\program files\KAV\personalpro5.0\english\readme.txt
c:\program files\KAV\personalpro5.0\english\setup.exe
c:\program files\KAV\personalpro5.0\english\Setup.ini
c:\program files\KAV\personalpro5.0\english\setup.iss
c:\program files\KAV\personalpro5.0\english\ss_install.xml
c:\program files\KAV\personalpro5.0\english\System32\Drivers\klif.sys
c:\program files\KAV\personalpro5.0\english\System32\Drivers\Klmc.sys
c:\program files\KAV\personalpro5.0\english\System32\klif.vxd
c:\program files\KAV\personalpro5.0\english\System32\klmc.vxd
c:\program files\KAV\personalpro5.0\english\System32\msvcp61.dll
c:\program files\KAV\personalpro5.0\english\System32\Redist\MS\System\asycfilt.dll
c:\program files\KAV\personalpro5.0\english\System32\Redist\MS\System\comcat.dll
c:\program files\KAV\personalpro5.0\english\System32\Redist\MS\System\mfc42.dll
c:\program files\KAV\personalpro5.0\english\System32\Redist\MS\System\msvcp60.dll
c:\program files\KAV\personalpro5.0\english\System32\Redist\MS\System\msvcrt.dll
c:\program files\KAV\personalpro5.0\english\System32\Redist\MS\System\oleaut32.dll
c:\program files\KAV\personalpro5.0\english\System32\Redist\MS\System\olepro32.dll
c:\program files\KAV\personalpro5.0\english\System32\Redist\MS\System\stdole2.tlb
c:\windows\SET254.tmp
c:\windows\SET357.tmp
c:\windows\SET418.tmp
c:\windows\SET500.tmp
c:\windows\SET5784.tmp
c:\windows\SET5D3.tmp
c:\windows\SET642C.tmp
c:\windows\system32\SET117.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11A.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET120.tmp
c:\windows\system32\SET121.tmp
c:\windows\system32\SET122.tmp
c:\windows\system32\SET123.tmp
c:\windows\system32\SET124.tmp
c:\windows\system32\SET125.tmp
c:\windows\system32\SET126.tmp
c:\windows\system32\SET127.tmp
c:\windows\system32\SET128.tmp
c:\windows\system32\SET129.tmp
c:\windows\system32\SET12A.tmp
c:\windows\system32\SET12B.tmp
c:\windows\system32\SET12C.tmp
c:\windows\system32\SET12D.tmp
c:\windows\system32\SET12E.tmp
c:\windows\system32\SET12F.tmp
c:\windows\system32\SET130.tmp
c:\windows\system32\SET131.tmp
c:\windows\system32\SET132.tmp
c:\windows\system32\SET133.tmp
c:\windows\system32\SET134.tmp
c:\windows\system32\SET135.tmp
c:\windows\system32\SET136.tmp
c:\windows\system32\SET137.tmp
c:\windows\system32\SET138.tmp
c:\windows\system32\SET139.tmp
c:\windows\system32\SET13A.tmp
c:\windows\system32\SET13B.tmp
c:\windows\system32\SET13C.tmp
c:\windows\system32\SET13D.tmp
c:\windows\system32\SET13E.tmp
c:\windows\system32\SET13F.tmp
c:\windows\system32\SET140.tmp
c:\windows\system32\SET141.tmp
c:\windows\system32\SET142.tmp
c:\windows\system32\SET143.tmp
c:\windows\system32\SET144.tmp
c:\windows\system32\SET145.tmp
c:\windows\system32\SET146.tmp
c:\windows\system32\SET147.tmp
c:\windows\system32\SET148.tmp
c:\windows\system32\SET149.tmp
c:\windows\system32\SET14A.tmp
c:\windows\system32\SET14B.tmp
c:\windows\system32\SET14C.tmp
c:\windows\system32\SET14D.tmp
c:\windows\system32\SET14E.tmp
c:\windows\system32\SET14F.tmp
c:\windows\system32\SET150.tmp
c:\windows\system32\SET151.tmp
c:\windows\system32\SET152.tmp
c:\windows\system32\SET153.tmp
c:\windows\system32\SET154.tmp
c:\windows\system32\SET155.tmp
c:\windows\system32\SET156.tmp
c:\windows\system32\SET157.tmp
c:\windows\system32\SET158.tmp
c:\windows\system32\SET159.tmp
c:\windows\system32\SET15A.tmp
c:\windows\system32\SET15B.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET15F.tmp
c:\windows\system32\SET160.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET162.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\SET164.tmp
c:\windows\system32\SET165.tmp
c:\windows\system32\SET166.tmp
c:\windows\system32\SET167.tmp
c:\windows\system32\SET168.tmp
c:\windows\system32\SET169.tmp
c:\windows\system32\SET16A.tmp
c:\windows\system32\SET16B.tmp
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET16F.tmp
c:\windows\system32\SET170.tmp
c:\windows\system32\SET171.tmp
c:\windows\system32\SET172.tmp
c:\windows\system32\SET173.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET175.tmp
c:\windows\system32\SET176.tmp
c:\windows\system32\SET177.tmp
c:\windows\system32\SET178.tmp
c:\windows\system32\SET179.tmp
c:\windows\system32\SET17A.tmp
c:\windows\system32\SET17B.tmp
c:\windows\system32\SET17C.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET17E.tmp
c:\windows\system32\SET17F.tmp
c:\windows\system32\SET180.tmp
c:\windows\system32\SET181.tmp
c:\windows\system32\SET182.tmp
c:\windows\system32\SET183.tmp
c:\windows\system32\SET184.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET188.tmp
c:\windows\system32\SET189.tmp
c:\windows\system32\SET18A.tmp
c:\windows\system32\SET18B.tmp
c:\windows\system32\SET18C.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET190.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET192.tmp
c:\windows\system32\SET193.tmp
c:\windows\system32\SET194.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET196.tmp
c:\windows\system32\SET197.tmp
c:\windows\system32\SET198.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET19A.tmp
c:\windows\system32\SET19B.tmp
c:\windows\system32\SET19C.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET19E.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1A0.tmp
c:\windows\system32\SET1A1.tmp
c:\windows\system32\SET1A2.tmp
c:\windows\system32\SET1A3.tmp
c:\windows\system32\SET1A4.tmp
c:\windows\system32\SET1A5.tmp
c:\windows\system32\SET1A6.tmp
c:\windows\system32\SET1A7.tmp
c:\windows\system32\SET1A8.tmp
c:\windows\system32\SET1A9.tmp
c:\windows\system32\SET1AA.tmp
c:\windows\system32\SET1AB.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1AE.tmp
c:\windows\system32\SET1AF.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B1.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B3.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1B5.tmp
c:\windows\system32\SET1B6.tmp
c:\windows\system32\SET1B7.tmp
c:\windows\system32\SET1B8.tmp
c:\windows\system32\SET1B9.tmp
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BB.tmp
c:\windows\system32\SET1BC.tmp
c:\windows\system32\SET1BD.tmp
c:\windows\system32\SET1BE.tmp
c:\windows\system32\SET1BF.tmp
c:\windows\system32\SET1C0.tmp
c:\windows\system32\SET1C1.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C3.tmp
c:\windows\system32\SET1C4.tmp
c:\windows\system32\SET1C5.tmp
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1C7.tmp
c:\windows\system32\SET1C8.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET1CA.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1D0.tmp
c:\windows\system32\SET1D1.tmp
c:\windows\system32\SET1D2.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D4.tmp
c:\windows\system32\SET1D5.tmp
c:\windows\system32\SET1D6.tmp
c:\windows\system32\SET1D7.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET1DB.tmp
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1DE.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E0.tmp
c:\windows\system32\SET1E1.tmp
c:\windows\system32\SET1E2.tmp
c:\windows\system32\SET1E3.tmp
c:\windows\system32\SET1E4.tmp
c:\windows\system32\SET1E5.tmp
c:\windows\system32\SET1E6.tmp
c:\windows\system32\SET1E7.tmp
c:\windows\system32\SET1E8.tmp
c:\windows\system32\SET1E9.tmp
c:\windows\system32\SET1EA.tmp
c:\windows\system32\SET1EB.tmp
c:\windows\system32\SET1EC.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1EE.tmp
c:\windows\system32\SET1EF.tmp
c:\windows\system32\SET1F0.tmp
c:\windows\system32\SET1F1.tmp
c:\windows\system32\SET1F2.tmp
c:\windows\system32\SET1F3.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1F5.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET1F7.tmp
c:\windows\system32\SET1F8.tmp
c:\windows\system32\SET1F9.tmp
c:\windows\system32\SET1FA.tmp
c:\windows\system32\SET1FB.tmp
c:\windows\system32\SET1FC.tmp
c:\windows\system32\SET1FD.tmp
c:\windows\system32\SET1FE.tmp
c:\windows\system32\SET1FF.tmp
c:\windows\system32\SET200.tmp
c:\windows\system32\SET201.tmp
c:\windows\system32\SET202.tmp
c:\windows\system32\SET203.tmp
c:\windows\system32\SET204.tmp
c:\windows\system32\SET205.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET207.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET20A.tmp
c:\windows\system32\SET20B.tmp
c:\windows\system32\SET20C.tmp
c:\windows\system32\SET20D.tmp
c:\windows\system32\SET20E.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET211.tmp
c:\windows\system32\SET212.tmp
c:\windows\system32\SET213.tmp
c:\windows\system32\SET214.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET216.tmp
c:\windows\system32\SET217.tmp
c:\windows\system32\SET218.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21A.tmp
c:\windows\system32\SET21B.tmp
c:\windows\system32\SET21C.tmp
c:\windows\system32\SET21D.tmp
c:\windows\system32\SET21E.tmp
c:\windows\system32\SET21F.tmp
c:\windows\system32\SET220.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET222.tmp
c:\windows\system32\SET223.tmp
c:\windows\system32\SET224.tmp
c:\windows\system32\SET225.tmp
c:\windows\system32\SET226.tmp
c:\windows\system32\SET227.tmp
c:\windows\system32\SET228.tmp
c:\windows\system32\SET229.tmp
c:\windows\system32\SET22A.tmp
c:\windows\system32\SET22B.tmp
c:\windows\system32\SET22C.tmp
c:\windows\system32\SET22D.tmp
c:\windows\system32\SET22E.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET230.tmp
c:\windows\system32\SET231.tmp
c:\windows\system32\SET232.tmp
c:\windows\system32\SET233.tmp
c:\windows\system32\SET234.tmp
c:\windows\system32\SET235.tmp
c:\windows\system32\SET236.tmp
c:\windows\system32\SET237.tmp
c:\windows\system32\SET238.tmp
c:\windows\system32\SET239.tmp
c:\windows\system32\SET23A.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET23D.tmp
c:\windows\system32\SET23E.tmp
c:\windows\system32\SET23F.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET241.tmp
c:\windows\system32\SET242.tmp
c:\windows\system32\SET243.tmp
c:\windows\system32\SET244.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\SET246.tmp
c:\windows\system32\SET247.tmp
c:\windows\system32\SET248.tmp
c:\windows\system32\SET249.tmp
c:\windows\system32\SET24A.tmp
c:\windows\system32\SET24B.tmp
c:\windows\system32\SET24C.tmp
c:\windows\system32\SET24D.tmp
c:\windows\system32\SET24E.tmp
c:\windows\system32\SET24F.tmp
c:\windows\system32\SET250.tmp
c:\windows\system32\SET251.tmp
c:\windows\system32\SET252.tmp
c:\windows\system32\SET253.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET255.tmp
c:\windows\system32\SET256.tmp
c:\windows\system32\SET257.tmp
c:\windows\system32\SET258.tmp
c:\windows\system32\SET259.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET25B.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET25D.tmp
c:\windows\system32\SET25E.tmp
c:\windows\system32\SET25F.tmp
c:\windows\system32\SET260.tmp
c:\windows\system32\SET261.tmp
c:\windows\system32\SET262.tmp
c:\windows\system32\SET263.tmp
c:\windows\system32\SET264.tmp
c:\windows\system32\SET265.tmp
c:\windows\system32\SET266.tmp
c:\windows\system32\SET267.tmp
c:\windows\system32\SET268.tmp
c:\windows\system32\SET269.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26B.tmp
c:\windows\system32\SET26C.tmp
c:\windows\system32\SET26D.tmp
c:\windows\system32\SET26E.tmp
c:\windows\system32\SET26F.tmp
c:\windows\system32\SET270.tmp
c:\windows\system32\SET271.tmp
c:\windows\system32\SET272.tmp
c:\windows\system32\SET273.tmp
c:\windows\system32\SET274.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET276.tmp
c:\windows\system32\SET277.tmp
c:\windows\system32\SET278.tmp
c:\windows\system32\SET279.tmp
c:\windows\system32\SET27A.tmp
c:\windows\system32\SET27B.tmp
c:\windows\system32\SET27C.tmp
c:\windows\system32\SET27D.tmp
c:\windows\system32\SET27E.tmp
c:\windows\system32\SET27F.tmp
c:\windows\system32\SET280.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET282.tmp
c:\windows\system32\SET283.tmp
c:\windows\system32\SET284.tmp
c:\windows\system32\SET285.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET288.tmp
c:\windows\system32\SET289.tmp
c:\windows\system32\SET28A.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28C.tmp
c:\windows\system32\SET28D.tmp
c:\windows\system32\SET28E.tmp
c:\windows\system32\SET28F.tmp
c:\windows\system32\SET290.tmp
c:\windows\system32\SET291.tmp
c:\windows\system32\SET292.tmp
c:\windows\system32\SET293.tmp
c:\windows\system32\SET294.tmp
c:\windows\system32\SET295.tmp
c:\windows\system32\SET296.tmp
c:\windows\system32\SET297.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET299.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29B.tmp
c:\windows\system32\SET29C.tmp
c:\windows\system32\SET29D.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET29F.tmp
c:\windows\system32\SET2A0.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A3.tmp
c:\windows\system32\SET2A4.tmp
c:\windows\system32\SET2A5.tmp
c:\windows\system32\SET2A6.tmp
c:\windows\system32\SET2A7.tmp
c:\windows\system32\SET2A8.tmp
c:\windows\system32\SET2A9.tmp
c:\windows\system32\SET2AA.tmp
c:\windows\system32\SET2AB.tmp
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2AD.tmp
c:\windows\system32\SET2AE.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B1.tmp
c:\windows\system32\SET2B2.tmp
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2B9.tmp
c:\windows\system32\SET2BA.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2BE.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2C1.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C6.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2C8.tmp
c:\windows\system32\SET2C9.tmp
c:\windows\system32\SET2CA.tmp
c:\windows\system32\SET2CB.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2CE.tmp
c:\windows\system32\SET2CF.tmp
c:\windows\system32\SET2D0.tmp
c:\windows\system32\SET2D1.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2D4.tmp
c:\windows\system32\SET2D5.tmp
c:\windows\system32\SET2D6.tmp
c:\windows\system32\SET2D7.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DA.tmp
c:\windows\system32\SET2DB.tmp
c:\windows\system32\SET2DC.tmp
c:\windows\system32\SET2DD.tmp
c:\windows\system32\SET2DE.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E1.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-29 01:43 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F884BD21-79DA-47B1-AB5A-05D298D1B09F}\mpengine.dll
2012-10-28 07:04 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-26 14:43 . 2012-10-26 14:43 -------- d-----w- c:\documents and settings\jim\Local Settings\Application Data\Secunia PSI
2012-10-26 14:43 . 2012-10-26 14:43 -------- d-----w- c:\program files\Secunia
2012-10-25 21:30 . 2012-10-25 21:30 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-10-24 02:34 . 2012-10-24 02:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2012-10-24 00:01 . 2012-10-24 00:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-10-20 22:47 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-10-20 22:47 . 2012-10-21 00:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-10-17 21:52 . 2012-10-17 21:52 -------- d-----w- C:\535483824d4f758aab86e777
2012-10-17 21:50 . 2012-10-17 21:50 -------- d-----w- c:\documents and settings\jim\Local Settings\Application Data\SCE
2012-10-17 17:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-10-17 17:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-10-17 03:15 . 2012-10-17 03:15 -------- d-----w- c:\documents and settings\jim\Application Data\Malwarebytes
2012-10-17 03:14 . 2012-10-17 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-17 03:14 . 2012-10-21 05:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-17 03:14 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-17 02:55 . 2012-10-17 03:38 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-17 02:55 . 2012-10-17 03:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 22:45 . 2012-10-16 22:45 -------- d-----w- c:\program files\Sony Online Entertainment
2012-10-16 22:45 . 2012-10-16 22:45 -------- d-----w- c:\documents and settings\jim\Application Data\Sony Online Entertainment
2012-10-16 22:01 . 2012-06-02 20:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-10-16 21:22 . 2012-10-16 21:25 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-20 19:07 . 2010-09-01 01:02 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2012-08-31 03:03 . 2012-08-31 03:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 19:12 . 2004-02-06 23:05 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2002-08-29 11:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2009-06-24 01:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2002-08-29 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-27 11:43 . 2004-08-15 22:58 389120 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2002-08-29 11:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2009-04-27 06:53 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2009-04-27 06:53 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-08-30 3904536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56047558.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]
2003-05-09 01:15 98304 ----a-w- c:\windows\SYSTEM32\BacsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-01 01:39 136176 ----atw- c:\documents and settings\jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinSock Extention Manager"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Sonic RecordNow!"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 2005\pccguide.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"KAV50"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"dla"=c:\windows\system32\dla\tfswctrl.exe
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 SASDIFSV;SASDIFSV;c:\docume~1\jim\LOCALS~1\Temp\SuperAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\docume~1\jim\LOCALS~1\Temp\SuperAntiSpyware\SASKUTIL.SYS [x]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBWK;MBWK;c:\docume~1\jim\LOCALS~1\Temp\MBWK.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-10-20 19:11]
.
2012-10-29 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
2012-10-20 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-10-20 19:10]
.
2012-10-20 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-10-20 19:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Notify-PFW - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SpybotSnD - c:\program files\Spybot - Search & Destroy\SpybotSD.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-29 09:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\System32\l3codeca.acm
c:\windows\system32\mobilev.acm
.
Completion time: 2012-10-29 09:59:31
ComboFix-quarantined-files.txt 2012-10-29 14:59
ComboFix2.txt 2009-02-15 18:01
.
Pre-Run: 4,513,116,160 bytes free
Post-Run: 4,610,531,328 bytes free
.
- - End Of File - - 47693D1EF6334946482AD3548D84F141

#12 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:01:47 PM

Posted 29 October 2012 - 12:54 PM

Hi
I re-ran combofix and it didn't error out like before.
Here is the log from that scan.
Thanks!
Jim
ComboFix 12-10-29.04 - Administrator 10/29/2012 12:27:09.6.1 - x86 NETWORK
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\windows\help\wmplayer.bak
c:\windows\patch.exe
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E3.tmp
c:\windows\system32\SET2E4.tmp
c:\windows\system32\SET2E5.tmp
c:\windows\system32\SET2E6.tmp
c:\windows\system32\SET2E7.tmp
c:\windows\system32\SET2E8.tmp
c:\windows\system32\SET2E9.tmp
c:\windows\system32\SET2EA.tmp
c:\windows\system32\SET2EB.tmp
c:\windows\system32\SET2EC.tmp
c:\windows\system32\SET2ED.tmp
c:\windows\system32\SET2EE.tmp
c:\windows\system32\SET2EF.tmp
c:\windows\system32\SET2F0.tmp
c:\windows\system32\SET2F1.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2F4.tmp
c:\windows\system32\SET2F5.tmp
c:\windows\system32\SET2F6.tmp
c:\windows\system32\SET2F7.tmp
c:\windows\system32\SET2F8.tmp
c:\windows\system32\SET2F9.tmp
c:\windows\system32\SET2FA.tmp
c:\windows\system32\SET2FB.tmp
c:\windows\system32\SET2FC.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET2FE.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET300.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET303.tmp
c:\windows\system32\SET304.tmp
c:\windows\system32\SET305.tmp
c:\windows\system32\SET306.tmp
c:\windows\system32\SET307.tmp
c:\windows\system32\SET308.tmp
c:\windows\system32\SET309.tmp
c:\windows\system32\SET30A.tmp
c:\windows\system32\SET30B.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET30D.tmp
c:\windows\system32\SET30E.tmp
c:\windows\system32\SET30F.tmp
c:\windows\system32\SET310.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET312.tmp
c:\windows\system32\SET313.tmp
c:\windows\system32\SET314.tmp
c:\windows\system32\SET315.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET317.tmp
c:\windows\system32\SET318.tmp
c:\windows\system32\SET319.tmp
c:\windows\system32\SET31A.tmp
c:\windows\system32\SET31B.tmp
c:\windows\system32\SET31C.tmp
c:\windows\system32\SET31D.tmp
c:\windows\system32\SET31E.tmp
c:\windows\system32\SET31F.tmp
c:\windows\system32\SET320.tmp
c:\windows\system32\SET321.tmp
c:\windows\system32\SET322.tmp
c:\windows\system32\SET323.tmp
c:\windows\system32\SET324.tmp
c:\windows\system32\SET325.tmp
c:\windows\system32\SET326.tmp
c:\windows\system32\SET327.tmp
c:\windows\system32\SET328.tmp
c:\windows\system32\SET329.tmp
c:\windows\system32\SET32A.tmp
c:\windows\system32\SET32B.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET32D.tmp
c:\windows\system32\SET32E.tmp
c:\windows\system32\SET32F.tmp
c:\windows\system32\SET330.tmp
c:\windows\system32\SET331.tmp
c:\windows\system32\SET332.tmp
c:\windows\system32\SET333.tmp
c:\windows\system32\SET334.tmp
c:\windows\system32\SET335.tmp
c:\windows\system32\SET336.tmp
c:\windows\system32\SET337.tmp
c:\windows\system32\SET338.tmp
c:\windows\system32\SET339.tmp
c:\windows\system32\SET33A.tmp
c:\windows\system32\SET33B.tmp
c:\windows\system32\SET33C.tmp
c:\windows\system32\SET33D.tmp
c:\windows\system32\SET33E.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET340.tmp
c:\windows\system32\SET341.tmp
c:\windows\system32\SET342.tmp
c:\windows\system32\SET343.tmp
c:\windows\system32\SET344.tmp
c:\windows\system32\SET345.tmp
c:\windows\system32\SET346.tmp
c:\windows\system32\SET347.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET349.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET34B.tmp
c:\windows\system32\SET34C.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34E.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\SET350.tmp
c:\windows\system32\SET351.tmp
c:\windows\system32\SET352.tmp
c:\windows\system32\SET353.tmp
c:\windows\system32\SET354.tmp
c:\windows\system32\SET355.tmp
c:\windows\system32\SET356.tmp
c:\windows\system32\SET357.tmp
c:\windows\system32\SET358.tmp
c:\windows\system32\SET359.tmp
c:\windows\system32\SET35A.tmp
c:\windows\system32\SET35B.tmp
c:\windows\system32\SET35C.tmp
c:\windows\system32\SET35D.tmp
c:\windows\system32\SET35E.tmp
c:\windows\system32\SET35F.tmp
c:\windows\system32\SET360.tmp
c:\windows\system32\SET361.tmp
c:\windows\system32\SET362.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET364.tmp
c:\windows\system32\SET365.tmp
c:\windows\system32\SET366.tmp
c:\windows\system32\SET367.tmp
c:\windows\system32\SET368.tmp
c:\windows\system32\SET369.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET36B.tmp
c:\windows\system32\SET36C.tmp
c:\windows\system32\SET36D.tmp
c:\windows\system32\SET36E.tmp
c:\windows\system32\SET36F.tmp
c:\windows\system32\SET370.tmp
c:\windows\system32\SET371.tmp
c:\windows\system32\SET372.tmp
c:\windows\system32\SET373.tmp
c:\windows\system32\SET374.tmp
c:\windows\system32\SET375.tmp
c:\windows\system32\SET376.tmp
c:\windows\system32\SET377.tmp
c:\windows\system32\SET378.tmp
c:\windows\system32\SET379.tmp
c:\windows\system32\SET37A.tmp
c:\windows\system32\SET37B.tmp
c:\windows\system32\SET37C.tmp
c:\windows\system32\SET37D.tmp
c:\windows\system32\SET37E.tmp
c:\windows\system32\SET37F.tmp
c:\windows\system32\SET380.tmp
c:\windows\system32\SET381.tmp
c:\windows\system32\SET382.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET388.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET38A.tmp
c:\windows\system32\SET38B.tmp
c:\windows\system32\SET38C.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET38E.tmp
c:\windows\system32\SET38F.tmp
c:\windows\system32\SET390.tmp
c:\windows\system32\SET391.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET394.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET397.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET39A.tmp
c:\windows\system32\SET39B.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET39D.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A0.tmp
c:\windows\system32\SET3A1.tmp
c:\windows\system32\SET3A2.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3A4.tmp
c:\windows\system32\SET3A5.tmp
c:\windows\system32\SET3A6.tmp
c:\windows\system32\SET3A7.tmp
c:\windows\system32\SET3A8.tmp
c:\windows\system32\SET3A9.tmp
c:\windows\system32\SET3AA.tmp
c:\windows\system32\SET3AB.tmp
c:\windows\system32\SET3AC.tmp
c:\windows\system32\SET3AD.tmp
c:\windows\system32\SET3AE.tmp
c:\windows\system32\SET3AF.tmp
c:\windows\system32\SET3B0.tmp
c:\windows\system32\SET3B1.tmp
c:\windows\system32\SET3B2.tmp
c:\windows\system32\SET3B3.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B5.tmp
c:\windows\system32\SET3B6.tmp
c:\windows\system32\SET3B7.tmp
c:\windows\system32\SET3B8.tmp
c:\windows\system32\SET3B9.tmp
c:\windows\system32\SET3BA.tmp
c:\windows\system32\SET3BB.tmp
c:\windows\system32\SET3BC.tmp
c:\windows\system32\SET3BD.tmp
c:\windows\system32\SET3BE.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3C0.tmp
c:\windows\system32\SET3C1.tmp
c:\windows\system32\SET3C2.tmp
c:\windows\system32\SET3C3.tmp
c:\windows\system32\SET3C4.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET3C6.tmp
c:\windows\system32\SET3C7.tmp
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3C9.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET3CB.tmp
c:\windows\system32\SET3CC.tmp
c:\windows\system32\SET3CD.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3CF.tmp
c:\windows\system32\SET3D0.tmp
c:\windows\system32\SET3D1.tmp
c:\windows\system32\SET3D2.tmp
c:\windows\system32\SET3D3.tmp
c:\windows\system32\SET3D4.tmp
c:\windows\system32\SET3D5.tmp
c:\windows\system32\SET3D6.tmp
c:\windows\system32\SET3D7.tmp
c:\windows\system32\SET3D8.tmp
c:\windows\system32\SET3D9.tmp
c:\windows\system32\SET3DA.tmp
c:\windows\system32\SET3DB.tmp
c:\windows\system32\SET3DC.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3DF.tmp
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3E1.tmp
c:\windows\system32\SET3E2.tmp
c:\windows\system32\SET3E3.tmp
c:\windows\system32\SET3E4.tmp
c:\windows\system32\SET3E5.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3E7.tmp
c:\windows\system32\SET3E8.tmp
c:\windows\system32\SET3E9.tmp
c:\windows\system32\SET3EA.tmp
c:\windows\system32\SET3EB.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\SET3ED.tmp
c:\windows\system32\SET3EE.tmp
c:\windows\system32\SET3EF.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F2.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET3F4.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3F6.tmp
c:\windows\system32\SET3F7.tmp
c:\windows\system32\SET3F8.tmp
c:\windows\system32\SET3F9.tmp
c:\windows\system32\SET3FA.tmp
c:\windows\system32\SET3FB.tmp
c:\windows\system32\SET3FC.tmp
c:\windows\system32\SET3FD.tmp
c:\windows\system32\SET3FE.tmp
c:\windows\system32\SET3FF.tmp
c:\windows\system32\SET400.tmp
c:\windows\system32\SET401.tmp
c:\windows\system32\SET402.tmp
c:\windows\system32\SET403.tmp
c:\windows\system32\SET404.tmp
c:\windows\system32\SET405.tmp
c:\windows\system32\SET406.tmp
c:\windows\system32\SET407.tmp
c:\windows\system32\SET408.tmp
c:\windows\system32\SET409.tmp
c:\windows\system32\SET40A.tmp
c:\windows\system32\SET40B.tmp
c:\windows\system32\SET40C.tmp
c:\windows\system32\SET40D.tmp
c:\windows\system32\SET40E.tmp
c:\windows\system32\SET40F.tmp
c:\windows\system32\SET410.tmp
c:\windows\system32\SET411.tmp
c:\windows\system32\SET412.tmp
c:\windows\system32\SET413.tmp
c:\windows\system32\SET414.tmp
c:\windows\system32\SET415.tmp
c:\windows\system32\SET416.tmp
c:\windows\system32\SET417.tmp
c:\windows\system32\SET418.tmp
c:\windows\system32\SET419.tmp
c:\windows\system32\SET41A.tmp
c:\windows\system32\SET41B.tmp
c:\windows\system32\SET41C.tmp
c:\windows\system32\SET41D.tmp
c:\windows\system32\SET41E.tmp
c:\windows\system32\SET41F.tmp
c:\windows\system32\SET420.tmp
c:\windows\system32\SET421.tmp
c:\windows\system32\SET422.tmp
c:\windows\system32\SET423.tmp
c:\windows\system32\SET424.tmp
c:\windows\system32\SET425.tmp
c:\windows\system32\SET426.tmp
c:\windows\system32\SET427.tmp
c:\windows\system32\SET428.tmp
c:\windows\system32\SET429.tmp
c:\windows\system32\SET42A.tmp
c:\windows\system32\SET42B.tmp
c:\windows\system32\SET42C.tmp
c:\windows\system32\SET42D.tmp
c:\windows\system32\SET42E.tmp
c:\windows\system32\SET42F.tmp
c:\windows\system32\SET430.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET432.tmp
c:\windows\system32\SET433.tmp
c:\windows\system32\SET434.tmp
c:\windows\system32\SET435.tmp
c:\windows\system32\SET436.tmp
c:\windows\system32\SET437.tmp
c:\windows\system32\SET438.tmp
c:\windows\system32\SET439.tmp
c:\windows\system32\SET43A.tmp
c:\windows\system32\SET43B.tmp
c:\windows\system32\SET43C.tmp
c:\windows\system32\SET43D.tmp
c:\windows\system32\SET43E.tmp
c:\windows\system32\SET43F.tmp
c:\windows\system32\SET440.tmp
c:\windows\system32\SET441.tmp
c:\windows\system32\SET442.tmp
c:\windows\system32\SET443.tmp
c:\windows\system32\SET444.tmp
c:\windows\system32\SET445.tmp
c:\windows\system32\SET446.tmp
c:\windows\system32\SET447.tmp
c:\windows\system32\SET448.tmp
c:\windows\system32\SET449.tmp
c:\windows\system32\SET44A.tmp
c:\windows\system32\SET44B.tmp
c:\windows\system32\SET44C.tmp
c:\windows\system32\SET44D.tmp
c:\windows\system32\SET44E.tmp
c:\windows\system32\SET44F.tmp
c:\windows\system32\SET450.tmp
c:\windows\system32\SET451.tmp
c:\windows\system32\SET452.tmp
c:\windows\system32\SET453.tmp
c:\windows\system32\SET454.tmp
c:\windows\system32\SET455.tmp
c:\windows\system32\SET456.tmp
c:\windows\system32\SET457.tmp
c:\windows\system32\SET458.tmp
c:\windows\system32\SET459.tmp
c:\windows\system32\SET45A.tmp
c:\windows\system32\SET45B.tmp
c:\windows\system32\SET45C.tmp
c:\windows\system32\SET45D.tmp
c:\windows\system32\SET45E.tmp
c:\windows\system32\SET45F.tmp
c:\windows\system32\SET460.tmp
c:\windows\system32\SET461.tmp
c:\windows\system32\SET462.tmp
c:\windows\system32\SET463.tmp
c:\windows\system32\SET464.tmp
c:\windows\system32\SET465.tmp
c:\windows\system32\SET466.tmp
c:\windows\system32\SET467.tmp
c:\windows\system32\SET468.tmp
c:\windows\system32\SET469.tmp
c:\windows\system32\SET46A.tmp
c:\windows\system32\SET46B.tmp
c:\windows\system32\SET46C.tmp
c:\windows\system32\SET46D.tmp
c:\windows\system32\SET46E.tmp
c:\windows\system32\SET46F.tmp
c:\windows\system32\SET470.tmp
c:\windows\system32\SET471.tmp
c:\windows\system32\SET472.tmp
c:\windows\system32\SET473.tmp
c:\windows\system32\SET474.tmp
c:\windows\system32\SET475.tmp
c:\windows\system32\SET476.tmp
c:\windows\system32\SET477.tmp
c:\windows\system32\SET478.tmp
c:\windows\system32\SET479.tmp
c:\windows\system32\SET47A.tmp
c:\windows\system32\SET47B.tmp
c:\windows\system32\SET47C.tmp
c:\windows\system32\SET47D.tmp
c:\windows\system32\SET47E.tmp
c:\windows\system32\SET47F.tmp
c:\windows\system32\SET480.tmp
c:\windows\system32\SET481.tmp
c:\windows\system32\SET482.tmp
c:\windows\system32\tmp.reg
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-29 01:43 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F884BD21-79DA-47B1-AB5A-05D298D1B09F}\mpengine.dll
2012-10-28 07:04 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-26 14:43 . 2012-10-26 14:43 -------- d-----w- c:\documents and settings\jim\Local Settings\Application Data\Secunia PSI
2012-10-26 14:43 . 2012-10-26 14:43 -------- d-----w- c:\program files\Secunia
2012-10-25 21:30 . 2012-10-25 21:30 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-10-24 02:34 . 2012-10-24 02:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2012-10-24 00:01 . 2012-10-24 00:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-10-20 22:47 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-10-20 22:47 . 2012-10-21 00:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-10-17 21:52 . 2012-10-17 21:52 -------- d-----w- C:\535483824d4f758aab86e777
2012-10-17 21:50 . 2012-10-17 21:50 -------- d-----w- c:\documents and settings\jim\Local Settings\Application Data\SCE
2012-10-17 17:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-10-17 17:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-10-17 03:15 . 2012-10-17 03:15 -------- d-----w- c:\documents and settings\jim\Application Data\Malwarebytes
2012-10-17 03:14 . 2012-10-17 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-17 03:14 . 2012-10-21 05:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-17 03:14 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-17 02:55 . 2012-10-17 03:38 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-17 02:55 . 2012-10-17 03:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 22:45 . 2012-10-16 22:45 -------- d-----w- c:\program files\Sony Online Entertainment
2012-10-16 22:45 . 2012-10-16 22:45 -------- d-----w- c:\documents and settings\jim\Application Data\Sony Online Entertainment
2012-10-16 22:01 . 2012-06-02 20:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-10-16 21:22 . 2012-10-16 21:25 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-20 19:07 . 2010-09-01 01:02 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2012-08-31 03:03 . 2012-08-31 03:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 19:12 . 2004-02-06 23:05 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2002-08-29 11:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2009-06-24 01:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2002-08-29 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-27 11:43 . 2004-08-15 22:58 389120 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2002-08-29 11:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2009-04-27 06:53 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2009-04-27 06:53 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-08-30 3904536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56047558.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]
2003-05-09 01:15 98304 ----a-w- c:\windows\SYSTEM32\BacsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-01 01:39 136176 ----atw- c:\documents and settings\jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinSock Extention Manager"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Sonic RecordNow!"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 2005\pccguide.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"KAV50"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"dla"=c:\windows\system32\dla\tfswctrl.exe
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 SASDIFSV;SASDIFSV;c:\docume~1\jim\LOCALS~1\Temp\SuperAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\docume~1\jim\LOCALS~1\Temp\SuperAntiSpyware\SASKUTIL.SYS [x]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBWK;MBWK;c:\docume~1\jim\LOCALS~1\Temp\MBWK.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-10-20 19:11]
.
2012-10-29 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
2012-10-20 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-10-20 19:10]
.
2012-10-20 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-10-20 19:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-29 12:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\System32\l3codeca.acm
c:\windows\system32\mobilev.acm
.
Completion time: 2012-10-29 12:50:21
ComboFix-quarantined-files.txt 2012-10-29 17:50
ComboFix2.txt 2012-10-29 14:59
ComboFix3.txt 2009-02-15 18:01
.
Pre-Run: 4,614,098,944 bytes free
Post-Run: 4,603,809,792 bytes free
.
- - End Of File - - E2716EC6AB77F3C0F4E9899669903E5B

#13 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:47 PM

Posted 30 October 2012 - 12:12 PM

How is your system behaving right now?




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#14 whatisavailable

whatisavailable
  • Topic Starter

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:01:47 PM

Posted 30 October 2012 - 07:00 PM

Hi
I booted normally and the system seems quite slow still. Wasn't sure what else to say so I re-ran dds and have that log below.

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 7.0.5730.11
Run by jim at 18:48:58 on 2012-10-30
#Option Extended Search is enabled.
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Airlink101\AWLL3028\RtWLan.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - <orphaned>
BHO: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2

\SDHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {FBF2401B-7447-4727-BE5D-C19B2075CA84} - <orphaned>
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search &

destroy 2\SDHelper.dll
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://lp.soe.com/static/plugin/SOEWebInstaller.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -

hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1350445811140
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350424775519
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350424485424
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1845EEB8-81A8-497F-9E81-130398D9AA52} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8910937B-9CAC-434A-A8C5-A42768628D94} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: AutorunsDisabled - <Clsid value has no data>
Handler: AutorunsDisabled - <Clsid value has no data>
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? mbamchameleon;mbamchameleon
R? MBWK;MBWK
R? PSI;PSI
R? RTL8187B;Airlink101 802.11g USB 2.0 Adapter
R? SASDIFSV;SASDIFSV
R? SASKUTIL;SASKUTIL
R? SDScannerService;Spybot-S&D 2 Scanner Service
R? Secunia PSI Agent;Secunia PSI Agent
S? EAPPkt;Realtek EAPPkt Protocol
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MpFilter;Microsoft Malware Protection Driver
S? SDUpdateService;Spybot-S&D 2 Updating Service
S? Secunia Update Agent;Secunia Update Agent
.
=============== Created Last 60 ================
.
2012-10-30 20:56:27 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{efd522b7-2fdf-4fcb-9827-5ff6c11897e1}\mpengine.dll
2012-10-29 14:23:06 98816 ----a-w- c:\windows\sed.exe
2012-10-29 14:23:06 256000 ----a-w- c:\windows\PEV.exe
2012-10-29 14:23:06 208896 ----a-w- c:\windows\MBR.exe
2012-10-29 01:43:22 6918632 ------w- c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\backup\mpengine.dll
2012-10-26 14:43:55 -------- d-----w- c:\documents and settings\jim\local settings\application data\Secunia

PSI
2012-10-26 14:43:12 -------- d-----w- c:\program files\Secunia
2012-10-25 21:30:36 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-10-20 22:47:37 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-10-20 22:47:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-10-17 21:52:30 -------- d-----w- C:\535483824d4f758aab86e777
2012-10-17 21:50:22 -------- d-----w- c:\documents and settings\jim\local settings\application data\SCE
2012-10-17 17:53:55 3072 ------w- c:\windows\system32\iacenc.dll
2012-10-17 17:53:55 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-10-17 03:15:02 -------- d-----w- c:\documents and settings\jim\application data\Malwarebytes
2012-10-17 03:14:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-17 03:14:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-17 03:14:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-17 02:55:07 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-17 02:55:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 22:45:33 -------- d-----w- c:\program files\Sony Online Entertainment
2012-10-16 22:45:20 -------- d-----w- c:\documents and settings\jim\application data\Sony Online

Entertainment
2012-10-16 22:01:47 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-10-16 21:22:38 -------- d-----w- c:\program files\Microsoft Security Client
.
==================== Find6M ====================
.
2012-10-20 19:07:18 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-27 11:43:11 389120 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-01 16:50:06 601088 ----a-w- c:\windows\system32\crypt32.dll
2012-05-14 09:22:41 345600 ----a-w- c:\windows\system32\localspl.dll
.
============= FINISH: 18:50:36.11 ===============

#15 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:47 PM

Posted 01 November 2012 - 12:59 PM

Hi there,



Can you please run another aswMBR scan? We would like to check something again. :)





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users