It is currently Sun Oct 22, 2017 9:20 am


AVG keeps getting trojans and hidden files

Is your PC infected? Is it running slow? Just can't figure out what's making it sluggish? Here is the place to get some help.

Moderators: liljim, Gecko

Re: AVG keeps getting trojans and hidden files

Postby jlec » Tue Aug 28, 2012 8:14 pm

Still about the same...bottom toolbar just changed to white in color and i still have a svchost.exe using over 649k of memory in running processes!..What can this possibly be?...actually is seems that after it changes color it seems to run better, but while it is blue it is slow..also my print spooler wont start because it cant find the file specified
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Thu Aug 30, 2012 12:58 am

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt but not the Extras.Txt unless I ask later. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

It's going to be big so don't worry!
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Thu Aug 30, 2012 2:41 am

OTL logfile created on: 8/29/2012 9:31:15 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 49.84% Memory free
3.71 Gb Paging File | 1.49 Gb Available in Paging File | 40.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.04 Gb Total Space | 59.96 Gb Free Space | 41.34% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 1.37 Gb Free Space | 34.31% Space Free | Partition Type: FAT32

Computer Name: JERRIEL_1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\01e360ed3a3cb2b0a3c47c7f3eb09e58\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll ()
MOD - C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll ()


========== Services (SafeList) ==========

SRV - (stllssvr) -- %systemroot%\system32\fshttps.dll File not found
SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe File not found
SRV - (s125obex) -- %systemroot%\system32\Alpham2.dll File not found
SRV - (oracle_load_balancer_60_client-forms6ip9) -- %systemroot%\system32\Anydlc.dll File not found
SRV - (NVXBAR) -- %systemroot%\system32\win32sl.dll File not found
SRV - (NETw5x32) -- %systemroot%\system32\omniusbl.dll File not found
SRV - (NETMDUSB) -- %systemroot%\system32\mqdmserd.dll File not found
SRV - (mi-raysat_3dsMax2008_32) -- %systemroot%\system32\aic78u2.dll File not found
SRV - (LC7981) -- %systemroot%\system32\infrastructure.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (CTMFLT) -- %systemroot%\system32\FVNETusb.dll File not found
SRV - (CnxtHdAudService) -- %systemroot%\system32\mi-raysat_3dsmax8.dll File not found
SRV - (backuplauncher) -- %systemroot%\system32\clr_optimization_v2.0.50215_32.dll File not found
SRV - (arrayssl_vpn_service3,0,1,9) -- %systemroot%\system32\sqlagent$sony_mediamgr.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MCSTRM) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (adesbaka) -- File not found
DRV - (MpKsl78d1b8db) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D286B327-8D5C-42EB-9705-6C80D9876DA4}\MpKsl78d1b8db.sys (Microsoft Corporation)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (pnetmdm) -- C:\WINDOWS\system32\drivers\pnetmdm.sys (June Fabrics Technology)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (lgatserd) -- C:\WINDOWS\system32\drivers\lgatserd.sys (MCCI)
DRV - (lgatmdm) -- C:\WINDOWS\system32\drivers\lgatmdm.sys (MCCI)
DRV - (lgatbus) -- C:\WINDOWS\system32\drivers\lgatbus.sys (MCCI)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (DCxxMJPG) -- C:\WINDOWS\system32\drivers\DCxxMJPG.sys (Pinnacle Systems)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wthr.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.avg.com/route/?d=4b3d2cf0 ... =chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{F2A6623E-AEEC-4A31-9A7D-79EDDAE05EDE}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002YYUS&apn_uid=CED4880F-E3EE-4915-8067-E2B8A6389438&apn_sauid=C21FD3F9-BC7A-46E4-89CE-49856074D8D6
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www.direcwaysupport.com;www.systemcontr ... *;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:87

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/24 13:48:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2012/02/12 09:43:25 | 000,000,000 | ---D | M]

[2009/01/21 12:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/01/21 12:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\home2@tomtom.com
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2012/08/27 14:36:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1225834419 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27B7BA5-F3A5-4CEA-B055-CCB841E8875E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3D7AC6C-2064-44B7-822C-8A7151DFAD80}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/28 15:26:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/08/27 14:04:10 | 004,738,846 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/08/13 11:18:30 | 001,266,056 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB927891-v3-x86-ENU.exe
[2012/08/13 11:17:17 | 006,216,032 | ---- | C] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe
[2012/08/13 08:58:14 | 000,000,000 | ---D | C] -- C:\865c0d15dc8d3c8ac33b721d4108a4
[2012/08/13 08:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/13 08:04:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/03/22 11:42:49 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\mscms.dll
[2009/09/06 12:56:11 | 000,210,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Administrator\uninstall_flash_player.exe
[2009/01/21 18:21:05 | 001,985,024 | ---- | C] (HaCkMuTaNt) -- C:\Program Files\Common Files\TomTom 7.xx Patcher.exe
[2009/01/21 18:21:05 | 001,873,811 | ---- | C] (Red Hat) -- C:\Program Files\Common Files\cygwin1.dll

========== Files - Modified Within 30 Days ==========

[2012/08/29 21:36:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5C8D195C-94E9-471B-876A-2AC1E22802ED}.job
[2012/08/29 21:30:28 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/08/29 20:55:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/29 20:54:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2761066226-257966438-1775155868-500UA.job
[2012/08/29 18:08:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/29 07:54:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2761066226-257966438-1775155868-500Core.job
[2012/08/29 01:16:08 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/08/28 08:53:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/28 07:23:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/28 07:23:23 | 1995,374,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/27 14:36:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/27 14:04:30 | 004,738,846 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/08/26 12:21:52 | 000,177,398 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cd changer.jpg
[2012/08/24 11:45:07 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\mcs.rma
[2012/08/20 22:29:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/20 22:29:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/20 20:45:25 | 000,030,613 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\5Gf5K15H13Gf3J73N5c8keb199a07a6451cad.jpg
[2012/08/18 18:51:21 | 000,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012/08/18 10:07:24 | 000,001,530 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Calculator.lnk
[2012/08/18 10:07:20 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
[2012/08/16 08:46:11 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/08/13 11:30:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/08/13 11:30:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/08/13 11:18:31 | 001,266,056 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB927891-v3-x86-ENU.exe
[2012/08/13 11:17:57 | 000,003,038 | ---- | M] () -- C:\fix_svchost.bat
[2012/08/13 11:17:39 | 006,216,032 | ---- | M] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe
[2012/08/13 08:11:54 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/13 08:11:06 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/12 22:55:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/12 22:00:00 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

========== Files Created - No Company Name ==========

[2012/08/26 12:23:19 | 000,177,398 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cd changer.jpg
[2012/08/20 20:46:49 | 000,030,613 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\5Gf5K15H13Gf3J73N5c8keb199a07a6451cad.jpg
[2012/08/17 07:33:33 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/08/13 11:43:41 | 1995,374,592 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/13 11:17:57 | 000,003,038 | ---- | C] () -- C:\fix_svchost.bat
[2012/08/13 08:11:22 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/12 22:10:10 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{21e7d9de-29c9-7dcb-1d79-eee628a78289}\L\00000004.@
[2012/06/05 08:32:25 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/20 07:50:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/20 07:50:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/20 07:50:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/20 07:50:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/20 07:50:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/14 17:08:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/25 18:30:35 | 002,260,588 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2761066226-257966438-1775155868-500-0.dat
[2012/01/25 18:30:33 | 000,305,262 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/20 16:38:04 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/14 19:47:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/25 10:30:43 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2011/09/25 10:30:27 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2011/09/22 23:19:53 | 000,121,281 | ---- | C] () -- C:\WINDOWS\hpoins15.dat.temp
[2011/09/22 23:19:53 | 000,001,037 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat.temp
[2011/09/22 22:52:24 | 000,123,024 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2011/09/22 22:52:24 | 000,001,037 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2011/09/22 17:13:14 | 000,137,543 | ---- | C] () -- C:\WINDOWS\HPHins15.dat.temp
[2011/09/22 17:13:14 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat.temp
[2011/09/22 16:53:52 | 000,137,490 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2011/09/22 16:53:52 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2011/07/14 03:24:48 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2011/01/10 14:15:56 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2011/01/10 14:15:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/12/23 23:06:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2010/12/23 23:06:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2010/12/08 23:18:23 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2010/10/06 13:11:40 | 000,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/09/17 16:53:19 | 000,064,468 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/18 09:56:40 | 000,180,289 | ---- | C] () -- C:\Program Files\Common Files\Patcher.exe
[2009/03/14 15:23:27 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mcs.rma
[2009/01/21 18:21:05 | 000,056,832 | R-S- | C] () -- C:\Program Files\Common Files\gzip.exe
[2009/01/21 18:21:05 | 000,047,616 | ---- | C] () -- C:\Program Files\Common Files\Extract.exe
[2009/01/21 18:21:05 | 000,001,024 | R-S- | C] () -- C:\Program Files\Common Files\---.bat
[2008/12/10 22:38:57 | 000,038,492 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR
[2008/12/10 19:21:18 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2008/12/01 10:47:26 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/11/30 12:53:02 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/30 12:14:16 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{21e7d9de-29c9-7dcb-1d79-eee628a78289}\@
[2008/11/30 12:14:16 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\{21e7d9de-29c9-7dcb-1d79-eee628a78289}\@
[2008/11/30 12:14:16 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{21e7d9de-29c9-7dcb-1d79-eee628a78289}\@

========== LOP Check ==========

[2009/12/13 02:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Base Close Media
[2008/12/04 15:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeepBurner
[2012/06/11 18:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2010/03/26 19:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2012/01/22 18:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2011/08/15 14:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Islands2
[2010/04/13 21:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2009/04/19 11:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mobipocket
[2011/01/09 17:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Rovio
[2008/11/30 11:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/12/08 23:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Template
[2008/12/11 17:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\The Labyrinth Plus! Edition
[2009/01/21 12:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TomTom
[2011/01/16 18:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/01/04 13:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/01/04 13:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/06/28 00:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\529C5348000435DB00212F19D151FC4E
[2012/04/23 14:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/17 13:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/17 13:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/12/01 09:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2009/12/11 11:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Long slow road itch
[2012/04/23 13:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/04/20 16:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2009/12/29 23:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/02/12 09:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/01/17 19:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/11/30 11:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/20 11:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/02 22:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/18 08:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2012/08/29 01:16:08 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/08/29 21:36:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5C8D195C-94E9-471B-876A-2AC1E22802ED}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت

< End of report >
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Thu Aug 30, 2012 3:12 pm

This looks like it could be the problem:
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت
But because of the naming it's going to be hard to get so lets try a good AV scanner to see if it can get rid of it.

Please do an online scan with ESET Online Scanner. You must use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Fri Aug 31, 2012 4:05 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-19 03:24:48
# local_time=2012-04-18 11:24:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=177363
# found=10
# cleaned=9
# scan_time=5270
C:\Documents and Settings\Administrator\My Documents\My Music\Country\Trace Adkins - Swing.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Administrator\My Documents\My Music\Pop (Dance)\Flowbots - No Handle Bars.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Administrator\My Documents\Pop (Dance)\Flowbots - No Handle Bars.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BGM0T0TS\fera-soft[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\41AGIBPU\post[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7O7K0R2J\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZTYM3V21\fera-soft[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-22 05:07:13
# local_time=2012-04-22 01:07:13 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 96 0 78163374 0 0
# compatibility_mode=5889 16768382 80 100 73679032 174924376 0 73778830
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=180329
# found=6
# cleaned=4
# scan_time=10828
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2P2H535X\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\THRRAAC8\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1287\A0255688.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1292\A0259426.exe probably a variant of Win32/Agent.CWORLZS trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.LP trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-31 01:22:07
# local_time=2012-08-30 09:22:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=198557
# found=13
# cleaned=12
# scan_time=14716
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7QA2M9X4\cat-riding-on-a-turtle[1].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\fpi[3].htm HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\if[4].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\if[5].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\ttj[8] HTML/Iframe.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IHV6LWHO\ttj[6] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QZNS8SID\ttj[6] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VP5DDP44\kittens-fighting-over-plastic-bag[1].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B73QO160\3market[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BitLord\BitLord\Downloads\100 android apps\100.Android.Apps.rar a variant of Android/PJApps.F trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BitLord\BitLord\Downloads\100 android apps\100.Android.Apps\100 Android Apps\Android.-.Cool.Texter.v1.9.apk a variant of Android/PJApps.F trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\eMule\Incoming\Alcohol_120%_v1.9.6.5429_Retail_incl_Keygen.rar probably a variant of Win32/Agent.CWORLZS trojan (deleted - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Fri Aug 31, 2012 12:44 pm

Your netbt.sys file seems to be infected and will need to be replaced

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.
FCopy::
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys

File::
c:\windows\system32\nwusbw32.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Now drag then drop the CFScript file onto ComboFix.exe
Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Fri Aug 31, 2012 7:45 pm

ComboFix 12-08-30.05 - Administrator 08/31/2012 7:58.9.1 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\windows\system32\nwusbw32.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\$NtServicePackUninstall$\netbt.sys --> c:\windows\system32\drivers\netbt.sys
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 12:26 . 2012-08-31 12:26 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D286B327-8D5C-42EB-9705-6C80D9876DA4}\offreg.dll
2012-08-29 05:22 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D286B327-8D5C-42EB-9705-6C80D9876DA4}\mpengine.dll
2012-08-14 20:16 . 2012-08-01 19:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-13 15:18 . 2012-08-13 15:18 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-08-13 15:17 . 2012-08-13 15:17 3038 ----a-w- C:\fix_svchost.bat
2012-08-13 15:17 . 2012-08-13 15:17 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-08-13 12:58 . 2012-08-13 12:58 -------- d-----w- C:\865c0d15dc8d3c8ac33b721d4108a4
2012-08-13 12:11 . 2012-08-13 12:11 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 02:29 . 2012-04-03 12:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 02:29 . 2011-05-24 11:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2009-12-11 14:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-18 13:56 . 2010-05-18 13:56 180289 ----a-w- c:\program files\Common Files\Patcher.exe
2008-11-26 15:36 . 2009-01-21 22:21 1985024 ----a-w- c:\program files\Common Files\TomTom 7.xx Patcher.exe
2008-11-20 17:10 . 2009-01-21 22:21 1024 --s---r- c:\program files\Common Files\---.bat
2007-11-17 18:28 . 2009-01-21 22:21 47616 ----a-w- c:\program files\Common Files\Extract.exe
2007-07-23 20:14 . 2009-01-21 22:21 56832 --s---r- c:\program files\Common Files\gzip.exe
2007-01-31 09:33 . 2009-01-21 22:21 1873811 -c--a-w- c:\program files\Common Files\cygwin1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-12_12.42.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-31 12:26 . 2012-08-31 12:26 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_9bc.dat
+ 2012-08-31 12:26 . 2012-08-31 12:26 16384 c:\windows\Temp\Perflib_Perfdata_488.dat
+ 2008-12-01 18:51 . 2007-03-08 19:20 16496 c:\windows\system32\drivers\HPZipr12.sys
- 2008-12-01 18:51 . 2009-08-27 03:41 16496 c:\windows\system32\drivers\HPZipr12.sys
- 2008-12-01 18:51 . 2009-08-27 03:41 49920 c:\windows\system32\drivers\HPZid412.sys
+ 2008-12-01 18:51 . 2007-03-08 19:20 49920 c:\windows\system32\drivers\HPZid412.sys
+ 2012-06-02 19:19 . 2012-06-02 19:19 97304 c:\windows\SoftwareDistribution\SelfUpdate\Default\cdm.dll
- 2009-12-11 03:53 . 2012-02-23 14:18 237072 c:\windows\system32\MpSigStub.exe
+ 2009-12-11 03:53 . 2012-05-31 16:25 237072 c:\windows\system32\MpSigStub.exe
+ 2012-08-21 02:29 . 2012-08-21 02:29 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-21 02:29 . 2012-08-21 02:29 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
+ 2012-04-03 12:07 . 2012-08-21 02:29 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-04-18 17:18 . 2011-04-18 17:18 165648 c:\windows\system32\drivers\MpFilter.sys
- 2012-03-21 00:44 . 2011-04-18 17:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2012-08-13 12:11 . 2012-08-13 12:11 785920 c:\windows\Installer\24aed.msi
+ 2012-08-13 12:11 . 2012-08-13 12:11 483840 c:\windows\Installer\24ae6.msi
+ 2012-08-13 12:11 . 2012-08-13 12:11 301056 c:\windows\Installer\24ae0.msi
- 2012-04-30 22:16 . 2012-04-30 22:16 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
+ 2012-04-30 22:16 . 2012-06-29 00:16 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
+ 2012-04-30 22:16 . 2012-06-29 00:16 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
- 2012-04-30 22:16 . 2012-04-30 22:16 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
- 2012-04-30 22:16 . 2012-04-30 22:16 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
+ 2012-04-30 22:16 . 2012-06-29 00:16 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
- 2012-04-30 22:16 . 2012-04-30 22:16 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
+ 2012-04-30 22:16 . 2012-06-29 00:16 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-11-13 5328504]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
backup=c:\windows\pss\PdaNet Desktop.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spb Backup Sync.lnk]
backup=c:\windows\pss\Spb Backup Sync.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-01-14 20:44 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-01-03 21:31 1391272 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2010-11-22 22:30 3432098 ----a-w- c:\program files\DAP\DAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-31 13:55 133104 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 18:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 01:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-06 19:07 188416 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 16:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HughesNetTools_McciTrayApp]
2007-11-20 21:36 1454592 ----a-w- c:\program files\HughesNetTools\1\McciTrayApp_SSR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2009-07-16 22:29 510416 ----a-w- c:\program files\Orb Networks\Orb\bin\OrbTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
2005-12-10 02:44 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-05 01:44 16120832 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-03-13 13:23 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2007-03-14 21:52 3770024 ----a-w- c:\program files\TomTom HOME\TomTomHOME.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/14/2009 4:39 PM 716272]
R1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;c:\windows\system32\drivers\DCxxMJPG.sys [4/22/2009 8:13 AM 132940]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/16/2009 5:26 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 5:26 PM 66632]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [12/26/2010 11:41 PM 9472]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 8:07 AM 250056]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [7/24/2006 10:01 PM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [7/24/2006 10:01 PM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [7/24/2006 10:01 PM 60816]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 5:27 PM 12872]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [11/30/2008 12:16 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETMDUSB
LC7981
mi-raysat_3dsMax2008_32
oracle_load_balancer_60_client-forms6ip9
s125obex
NVXBAR
NETw5x32
backuplauncher
stllssvr
arrayssl_vpn_service3,0,1,9
CnxtHdAudService
CTMFLT
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:29]
.
2012-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2761066226-257966438-1775155868-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-31 13:55]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2761066226-257966438-1775155868-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-31 13:55]
.
2012-08-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-08-13 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-11-30 20:31]
.
2012-08-31 c:\windows\Tasks\User_Feed_Synchronization-{5C8D195C-94E9-471B-876A-2AC1E22802ED}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wthr.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=192.168.0.1:87
uInternet Settings,ProxyOverride = www.direcwaysupport.com;www.systemcontr ... *;*.local;<local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-31 08:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600BB-22GUC0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1f
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89B512C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2761066226-257966438-1775155868-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,7d,60,f8,87,cd,57,49,80,ac,c8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,fa,b0,a1,aa,85,29,43,8f,af,26,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(484)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(544)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3976)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp1.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Adobe\Reader 8.0\Reader\AcroRd32.exe
.
**************************************************************************
.
Completion time: 2012-08-31 08:42:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-31 12:41
ComboFix2.txt 2012-08-27 18:51
ComboFix3.txt 2012-08-23 02:25
ComboFix4.txt 2012-08-21 13:06
ComboFix5.txt 2012-08-31 11:53
.
Pre-Run: 64,170,463,232 bytes free
Post-Run: 64,930,328,576 bytes free
.
- - End Of File - - 857D385370293DA568A9718A06AAE439
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Sat Sep 01, 2012 12:33 pm

So did that fix the svchost.exe usage problem?
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Sat Sep 01, 2012 12:43 pm

No....i just checked this morning and it was 1,105,560k ! I also ran another eset scan last night and here is the log...should i delete the files in quarantine after the scan is done?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-19 03:24:48
# local_time=2012-04-18 11:24:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=177363
# found=10
# cleaned=9
# scan_time=5270
C:\Documents and Settings\Administrator\My Documents\My Music\Country\Trace Adkins - Swing.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Administrator\My Documents\My Music\Pop (Dance)\Flowbots - No Handle Bars.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Administrator\My Documents\Pop (Dance)\Flowbots - No Handle Bars.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BGM0T0TS\fera-soft[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\41AGIBPU\post[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7O7K0R2J\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZTYM3V21\fera-soft[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-22 05:07:13
# local_time=2012-04-22 01:07:13 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 96 0 78163374 0 0
# compatibility_mode=5889 16768382 80 100 73679032 174924376 0 73778830
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=180329
# found=6
# cleaned=4
# scan_time=10828
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2P2H535X\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\THRRAAC8\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1287\A0255688.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP1292\A0259426.exe probably a variant of Win32/Agent.CWORLZS trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.LP trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-31 01:22:07
# local_time=2012-08-30 09:22:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=198557
# found=13
# cleaned=12
# scan_time=14716
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7QA2M9X4\cat-riding-on-a-turtle[1].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\fpi[3].htm HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\if[4].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\if[5].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\92S2MU1Y\ttj[8] HTML/Iframe.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IHV6LWHO\ttj[6] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QZNS8SID\ttj[6] HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VP5DDP44\kittens-fighting-over-plastic-bag[1].txt HTML/ScrInject.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\B73QO160\3market[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BitLord\BitLord\Downloads\100 android apps\100.Android.Apps.rar a variant of Android/PJApps.F trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BitLord\BitLord\Downloads\100 android apps\100.Android.Apps\100 Android Apps\Android.-.Cool.Texter.v1.9.apk a variant of Android/PJApps.F trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\eMule\Incoming\Alcohol_120%_v1.9.6.5429_Retail_incl_Keygen.rar probably a variant of Win32/Agent.CWORLZS trojan (deleted - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8b3b6132a3a2344faca258c1c6978d2e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-31 11:53:58
# local_time=2012-08-31 07:53:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=179421
# found=1
# cleaned=0
# scan_time=13722
${Memory} a variant of Win32/Olmarik.AYH trojan 00000000000000000000000000000000 I
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Sat Sep 01, 2012 8:29 pm

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.

If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure SKIP is selected, then click Continue.
Note: Do not choose Cure or Delete unless instructed.


A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Sun Sep 02, 2012 1:06 pm

07:59:53.0305 1300 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
07:59:54.0977 1300 ============================================================
07:59:54.0977 1300 Current date / time: 2012/09/02 07:59:54.0977
07:59:54.0977 1300 SystemInfo:
07:59:54.0977 1300
07:59:54.0977 1300 OS Version: 5.1.2600 ServicePack: 3.0
07:59:54.0977 1300 Product type: Workstation
07:59:54.0977 1300 ComputerName: JERRIEL_1
07:59:54.0977 1300 UserName: Administrator
07:59:54.0977 1300 Windows directory: C:\WINDOWS
07:59:54.0977 1300 System windows directory: C:\WINDOWS
07:59:54.0977 1300 Processor architecture: Intel x86
07:59:54.0977 1300 Number of processors: 1
07:59:54.0977 1300 Page size: 0x1000
07:59:54.0977 1300 Boot type: Normal boot
07:59:54.0977 1300 ============================================================
07:59:58.0930 1300 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:59:59.0118 1300 ============================================================
07:59:59.0118 1300 \Device\Harddisk0\DR0:
07:59:59.0118 1300 MBR partitions:
07:59:59.0118 1300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x80344B, BlocksNum 0x12215676
07:59:59.0118 1300 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x80340C
07:59:59.0118 1300 ============================================================
07:59:59.0196 1300 C: <-> \Device\Harddisk0\DR0\Partition1
07:59:59.0196 1300 D: <-> \Device\Harddisk0\DR0\Partition2
07:59:59.0212 1300 ============================================================
07:59:59.0212 1300 Initialize success
07:59:59.0212 1300 ============================================================
08:00:10.0509 1636 ============================================================
08:00:10.0524 1636 Scan started
08:00:10.0524 1636 Mode: Manual; SigCheck; TDLFS;
08:00:10.0524 1636 ============================================================
08:00:14.0243 1636 ================ Scan system memory ========================
08:00:14.0243 1636 System memory - ok
08:00:14.0259 1636 ================ Scan services =============================
08:00:15.0305 1636 Abiosdsk - ok
08:00:15.0352 1636 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
08:01:20.0212 1636 abp480n5 - ok
08:01:20.0274 1636 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:01:20.0665 1636 ACPI - ok
08:01:20.0712 1636 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:01:21.0180 1636 ACPIEC - ok
08:01:21.0602 1636 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
08:01:22.0009 1636 Ad-Aware Service - ok
08:01:22.0368 1636 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:01:22.0384 1636 AdobeFlashPlayerUpdateSvc - ok
08:01:22.0446 1636 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:01:22.0634 1636 adpu160m - ok
08:01:22.0680 1636 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:01:22.0884 1636 aec - ok
08:01:22.0977 1636 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:01:23.0024 1636 AFD - ok
08:01:23.0087 1636 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
08:01:23.0243 1636 agp440 - ok
08:01:23.0259 1636 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
08:01:23.0430 1636 agpCPQ - ok
08:01:23.0446 1636 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
08:01:23.0524 1636 Aha154x - ok
08:01:23.0540 1636 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:01:23.0696 1636 aic78u2 - ok
08:01:23.0743 1636 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:01:24.0009 1636 aic78xx - ok
08:01:24.0040 1636 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:01:24.0118 1636 ALG - ok
08:01:24.0134 1636 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
08:01:24.0290 1636 AliIde - ok
08:01:24.0305 1636 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
08:01:24.0477 1636 alim1541 - ok
08:01:24.0509 1636 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
08:01:24.0680 1636 amdagp - ok
08:01:24.0696 1636 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
08:01:24.0759 1636 amsint - ok
08:01:24.0805 1636 [ 64F24088DBB1D68EE9963F66F8EB68CF ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
08:01:25.0352 1636 AnyDVD - ok
08:01:25.0493 1636 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:01:25.0509 1636 Apple Mobile Device - ok
08:01:25.0555 1636 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:01:25.0665 1636 AppMgmt - ok
08:01:25.0665 1636 arrayssl_vpn_service3,0,1,9 - ok
08:01:25.0712 1636 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
08:01:25.0884 1636 asc - ok
08:01:25.0962 1636 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
08:01:26.0305 1636 asc3350p - ok
08:01:26.0352 1636 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
08:01:26.0712 1636 asc3550 - ok
08:01:26.0977 1636 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
08:01:27.0290 1636 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
08:01:27.0290 1636 ASCTRM - detected UnsignedFile.Multi.Generic (1)
08:01:27.0462 1636 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:01:27.0509 1636 aspnet_state - ok
08:01:27.0571 1636 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:01:27.0743 1636 AsyncMac - ok
08:01:27.0774 1636 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:01:27.0962 1636 atapi - ok
08:01:27.0977 1636 Atdisk - ok
08:01:28.0165 1636 [ 1D4EDB435C59BA0193683739A95E59A6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
08:01:28.0196 1636 Ati HotKey Poller - ok
08:01:28.0274 1636 [ 2DA0A78E4BB2EB8722FF696E580A0DB9 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
08:01:28.0290 1636 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
08:01:28.0290 1636 ATI Smart - detected UnsignedFile.Multi.Generic (1)
08:01:28.0618 1636 [ 1CABA9EA8ADC5E9A5EBA3882F6A90F9B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:01:28.0680 1636 ati2mtag - ok
08:01:28.0712 1636 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:01:28.0899 1636 Atmarpc - ok
08:01:28.0946 1636 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:01:29.0134 1636 AudioSrv - ok
08:01:29.0180 1636 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:01:29.0430 1636 audstub - ok
08:01:29.0446 1636 backuplauncher - ok
08:01:29.0493 1636 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:01:29.0665 1636 Beep - ok
08:01:29.0790 1636 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:01:30.0165 1636 BITS - ok
08:01:30.0321 1636 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:01:30.0384 1636 Bonjour Service - ok
08:01:30.0384 1636 catchme - ok
08:01:30.0430 1636 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
08:01:30.0634 1636 cbidf - ok
08:01:30.0649 1636 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:01:30.0805 1636 cbidf2k - ok
08:01:30.0868 1636 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:01:31.0087 1636 CCDECODE - ok
08:01:31.0134 1636 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
08:01:31.0196 1636 cd20xrnt - ok
08:01:31.0243 1636 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:01:31.0384 1636 Cdaudio - ok
08:01:31.0415 1636 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:01:31.0602 1636 Cdfs - ok
08:01:31.0634 1636 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:01:31.0915 1636 Cdrom - ok
08:01:31.0930 1636 Changer - ok
08:01:31.0977 1636 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:01:32.0149 1636 CiSvc - ok
08:01:32.0196 1636 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:01:32.0368 1636 ClipSrv - ok
08:01:32.0415 1636 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:01:32.0430 1636 clr_optimization_v2.0.50727_32 - ok
08:01:32.0524 1636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:01:32.0540 1636 clr_optimization_v4.0.30319_32 - ok
08:01:32.0587 1636 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
08:01:32.0790 1636 CmdIde - ok
08:01:32.0805 1636 CnxtHdAudService - ok
08:01:32.0821 1636 COMSysApp - ok
08:01:32.0852 1636 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
08:01:33.0040 1636 Cpqarray - ok
08:01:33.0087 1636 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:01:33.0259 1636 CryptSvc - ok
08:01:33.0274 1636 CTMFLT - ok
08:01:33.0290 1636 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
08:01:33.0462 1636 dac2w2k - ok
08:01:33.0477 1636 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
08:01:33.0649 1636 dac960nt - ok
08:01:33.0712 1636 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:01:33.0759 1636 DcomLaunch - ok
08:01:33.0805 1636 [ AC7B74A292ACF45CAA0FEC8917E06C02 ] DCxxMJPG C:\WINDOWS\system32\drivers\DCxxMJPG.sys
08:01:33.0821 1636 DCxxMJPG - ok
08:01:33.0884 1636 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:01:34.0055 1636 Dhcp - ok
08:01:34.0102 1636 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:01:34.0274 1636 Disk - ok
08:01:34.0290 1636 dmadmin - ok
08:01:34.0352 1636 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:01:34.0571 1636 dmboot - ok
08:01:34.0602 1636 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:01:34.0759 1636 dmio - ok
08:01:34.0805 1636 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:01:34.0977 1636 dmload - ok
08:01:35.0009 1636 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:01:35.0305 1636 dmserver - ok
08:01:35.0321 1636 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:01:35.0509 1636 DMusic - ok
08:01:35.0571 1636 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:01:35.0602 1636 Dnscache - ok
08:01:35.0649 1636 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:01:35.0805 1636 Dot3svc - ok
08:01:35.0852 1636 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:01:36.0102 1636 dpti2o - ok
08:01:36.0134 1636 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:01:36.0305 1636 drmkaud - ok
08:01:36.0352 1636 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:01:36.0540 1636 EapHost - ok
08:01:36.0649 1636 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
08:01:36.0665 1636 ehRecvr - ok
08:01:36.0727 1636 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
08:01:36.0759 1636 ehSched - ok
08:01:36.0821 1636 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
08:01:36.0837 1636 ElbyCDFL - ok
08:01:36.0884 1636 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
08:01:36.0899 1636 ElbyCDIO - ok
08:01:36.0946 1636 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:01:37.0102 1636 ERSvc - ok
08:01:37.0165 1636 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:01:37.0227 1636 Eventlog - ok
08:01:37.0290 1636 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:01:37.0337 1636 EventSystem - ok
08:01:37.0430 1636 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:01:41.0212 1636 Fastfat - ok
08:01:41.0259 1636 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:01:41.0618 1636 FastUserSwitchingCompatibility - ok
08:01:41.0634 1636 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:01:41.0930 1636 Fdc - ok
08:01:41.0946 1636 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:01:42.0118 1636 Fips - ok
08:01:42.0165 1636 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:01:42.0337 1636 Flpydisk - ok
08:01:42.0368 1636 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:01:42.0712 1636 FltMgr - ok
08:01:42.0805 1636 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:01:43.0071 1636 FontCache3.0.0.0 - ok
08:01:43.0102 1636 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:01:43.0493 1636 Fs_Rec - ok
08:01:43.0555 1636 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:01:43.0759 1636 Ftdisk - ok
08:01:43.0837 1636 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:01:43.0899 1636 GEARAspiWDM - ok
08:01:43.0946 1636 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:01:44.0134 1636 Gpc - ok
08:01:44.0196 1636 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:01:44.0352 1636 HDAudBus - ok
08:01:44.0415 1636 helpsvc - ok
08:01:44.0446 1636 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:01:44.0634 1636 HidServ - ok
08:01:44.0665 1636 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:01:44.0837 1636 HidUsb - ok
08:01:44.0884 1636 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:01:45.0071 1636 hkmsvc - ok
08:01:45.0118 1636 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
08:01:45.0290 1636 hpn - ok
08:01:45.0555 1636 [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
08:01:45.0571 1636 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
08:01:45.0571 1636 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
08:01:45.0634 1636 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
08:01:45.0649 1636 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
08:01:45.0649 1636 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
08:01:45.0727 1636 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:01:45.0790 1636 HPZid412 - ok
08:01:45.0821 1636 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:01:45.0852 1636 HPZipr12 - ok
08:01:45.0899 1636 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:01:45.0946 1636 HPZius12 - ok
08:01:46.0024 1636 [ B6B0721A86E51D141EC55C3CC1CA5686 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
08:01:46.0212 1636 HSFHWBS2 - ok
08:01:46.0305 1636 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
08:01:46.0462 1636 HSF_DPV - ok
08:01:46.0524 1636 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:01:46.0555 1636 HTTP - ok
08:01:46.0587 1636 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:01:46.0993 1636 HTTPFilter - ok
08:01:47.0024 1636 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
08:01:47.0337 1636 i2omgmt - ok
08:01:47.0368 1636 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
08:01:47.0540 1636 i2omp - ok
08:01:47.0571 1636 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:01:47.0743 1636 i8042prt - ok
08:01:47.0852 1636 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
08:01:48.0024 1636 iaStor ( UnsignedFile.Multi.Generic ) - warning
08:01:48.0024 1636 iaStor - detected UnsignedFile.Multi.Generic (1)
08:01:48.0274 1636 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:01:48.0509 1636 idsvc - ok
08:01:48.0540 1636 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:01:48.0712 1636 Imapi - ok
08:01:48.0759 1636 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:01:48.0977 1636 ImapiService - ok
08:01:49.0071 1636 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
08:01:49.0290 1636 ini910u - ok
08:01:49.0587 1636 [ 2389F12F0ED506176B7C29C8144CEA09 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:01:49.0790 1636 IntcAzAudAddService - ok
08:01:49.0821 1636 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
08:01:49.0977 1636 IntelIde - ok
08:01:50.0040 1636 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:01:50.0290 1636 intelppm - ok
08:01:50.0368 1636 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
08:01:50.0384 1636 IntuitUpdateService - ok
08:01:50.0462 1636 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
08:01:50.0493 1636 IntuitUpdateServiceV4 - ok
08:01:50.0540 1636 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:01:50.0696 1636 Ip6Fw - ok
08:01:50.0743 1636 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:01:50.0930 1636 IpFilterDriver - ok
08:01:50.0962 1636 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:01:51.0134 1636 IpInIp - ok
08:01:51.0180 1636 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:01:51.0399 1636 IpNat - ok
08:01:51.0493 1636 [ DCB3796E0169419618C72F0CE34C68ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:01:51.0571 1636 iPod Service - ok
08:01:51.0602 1636 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:01:51.0743 1636 IPSec - ok
08:01:51.0774 1636 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:01:51.0837 1636 IRENUM - ok
08:01:51.0884 1636 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:01:52.0055 1636 isapnp - ok
08:01:52.0149 1636 [ 0AE61463ADDA697A6291155CE6B08AAF ] ISODrive C:\Program Files\UltraISO\drivers\ISODrive.sys
08:01:52.0243 1636 ISODrive - ok
08:01:52.0384 1636 [ 39133291CB607BDD87CFC565A4A1E7A5 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
08:01:52.0399 1636 JavaQuickStarterService - ok
08:01:52.0430 1636 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:01:52.0618 1636 Kbdclass - ok
08:01:52.0649 1636 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:01:52.0805 1636 kmixer - ok
08:01:52.0868 1636 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:01:52.0930 1636 KSecDD - ok
08:01:52.0993 1636 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:01:53.0040 1636 lanmanserver - ok
08:01:53.0055 1636 lbrtfdc - ok
08:01:53.0071 1636 LC7981 - ok
08:01:53.0134 1636 [ ED8854A04430F17A4A237D14CA707CC0 ] lgatbus C:\WINDOWS\system32\DRIVERS\lgatbus.sys
08:01:53.0196 1636 lgatbus ( UnsignedFile.Multi.Generic ) - warning
08:01:53.0212 1636 lgatbus - detected UnsignedFile.Multi.Generic (1)
08:01:53.0243 1636 [ 0E869725086064FF6695A9CB71F27869 ] lgatmdm C:\WINDOWS\system32\DRIVERS\lgatmdm.sys
08:01:53.0321 1636 lgatmdm ( UnsignedFile.Multi.Generic ) - warning
08:01:53.0321 1636 lgatmdm - detected UnsignedFile.Multi.Generic (1)
08:01:53.0368 1636 [ DDFA2E84AF1A804AAA24D3D5B6291778 ] lgatserd C:\WINDOWS\system32\DRIVERS\lgatserd.sys
08:01:53.0493 1636 lgatserd ( UnsignedFile.Multi.Generic ) - warning
08:01:53.0493 1636 lgatserd - detected UnsignedFile.Multi.Generic (1)
08:01:53.0540 1636 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:01:53.0696 1636 LmHosts - ok
08:01:53.0774 1636 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
08:01:53.0790 1636 McciCMService ( UnsignedFile.Multi.Generic ) - warning
08:01:53.0790 1636 McciCMService - detected UnsignedFile.Multi.Generic (1)
08:01:53.0852 1636 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
08:01:53.0868 1636 McrdSvc - ok
08:01:53.0884 1636 MCSTRM - ok
08:01:53.0962 1636 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:01:53.0993 1636 mdmxsdk - ok
08:01:54.0040 1636 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:01:54.0243 1636 Messenger - ok
08:01:54.0290 1636 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
08:01:54.0352 1636 MHN ( UnsignedFile.Multi.Generic ) - warning
08:01:54.0352 1636 MHN - detected UnsignedFile.Multi.Generic (1)
08:01:54.0399 1636 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
08:01:54.0462 1636 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
08:01:54.0462 1636 MHNDRV - detected UnsignedFile.Multi.Generic (1)
08:01:54.0477 1636 mi-raysat_3dsMax2008_32 - ok
08:01:54.0634 1636 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:01:54.0665 1636 Microsoft Office Groove Audit Service - ok
08:01:54.0712 1636 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:01:54.0884 1636 mnmdd - ok
08:01:54.0946 1636 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:01:55.0212 1636 mnmsrvc - ok
08:01:55.0290 1636 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:01:55.0462 1636 Modem - ok
08:01:55.0477 1636 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:01:55.0649 1636 Mouclass - ok
08:01:55.0680 1636 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:01:55.0884 1636 MountMgr - ok
08:01:55.0930 1636 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:01:56.0009 1636 MpFilter - ok
08:01:56.0055 1636 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
08:01:56.0196 1636 mraid35x - ok
08:01:56.0227 1636 [ 80B2EC735495823AE5771A5F603E73BD ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
08:01:56.0321 1636 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
08:01:56.0321 1636 MREMP50 - detected UnsignedFile.Multi.Generic (1)
08:01:56.0337 1636 [ 37D7C22F7E26DA90E2D2D260E5D27846 ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
08:01:56.0399 1636 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
08:01:56.0399 1636 MRESP50 - detected UnsignedFile.Multi.Generic (1)
08:01:56.0446 1636 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:01:56.0634 1636 MRxDAV - ok
08:01:56.0680 1636 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:01:56.0852 1636 MSDTC - ok
08:01:56.0915 1636 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:01:57.0087 1636 Msfs - ok
08:01:57.0102 1636 MSIServer - ok
08:01:57.0149 1636 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:01:57.0321 1636 MSKSSRV - ok
08:01:57.0384 1636 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:01:57.0446 1636 MsMpSvc - ok
08:01:57.0493 1636 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:01:57.0665 1636 MSPCLOCK - ok
08:01:57.0680 1636 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:01:57.0821 1636 MSPQM - ok
08:01:57.0868 1636 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:01:58.0024 1636 mssmbios - ok
08:01:58.0071 1636 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
08:01:58.0212 1636 MSTEE - ok
08:01:58.0259 1636 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:01:58.0430 1636 Mup - ok
08:01:58.0493 1636 [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic C:\WINDOWS\system32\DRIVERS\mxnic.sys
08:01:58.0649 1636 mxnic - ok
08:01:58.0696 1636 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:01:58.0868 1636 NABTSFEC - ok
08:01:58.0915 1636 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:01:59.0071 1636 napagent - ok
08:01:59.0134 1636 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:01:59.0446 1636 NDIS - ok
08:01:59.0493 1636 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:01:59.0649 1636 NdisIP - ok
08:01:59.0712 1636 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:01:59.0727 1636 NdisTapi - ok
08:01:59.0790 1636 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:01:59.0946 1636 Ndisuio - ok
08:01:59.0977 1636 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:02:00.0165 1636 NdisWan - ok
08:02:00.0212 1636 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:02:00.0259 1636 NDProxy - ok
08:02:00.0352 1636 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
08:02:00.0368 1636 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:02:00.0368 1636 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:02:00.0415 1636 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\drivers\netbt.sys
08:02:00.0477 1636 NetBT ( UnsignedFile.Multi.Generic ) - warning
08:02:00.0477 1636 NetBT - detected UnsignedFile.Multi.Generic (1)
08:02:00.0524 1636 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:02:00.0946 1636 NetDDE - ok
08:02:00.0962 1636 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:02:01.0165 1636 NetDDEdsdm - ok
08:02:01.0227 1636 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:02:01.0415 1636 Netman - ok
08:02:01.0430 1636 NETMDUSB - ok
08:02:01.0477 1636 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:02:01.0493 1636 NetTcpPortSharing - ok
08:02:01.0509 1636 NETw5x32 - ok
08:02:01.0602 1636 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:02:01.0712 1636 Nla - ok
08:02:01.0774 1636 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:02:01.0946 1636 Npfs - ok
08:02:01.0993 1636 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:02:02.0212 1636 Ntfs - ok
08:02:02.0259 1636 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:02:02.0446 1636 NtmsSvc - ok
08:02:02.0509 1636 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:02:02.0665 1636 Null - ok
08:02:02.0774 1636 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:02:03.0055 1636 nv - ok
08:02:03.0071 1636 NVXBAR - ok
08:02:03.0102 1636 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:02:03.0274 1636 NwlnkFlt - ok
08:02:03.0321 1636 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:02:03.0524 1636 NwlnkFwd - ok
08:02:03.0712 1636 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:02:03.0759 1636 odserv - ok
08:02:03.0774 1636 oracle_load_balancer_60_client-forms6ip9 - ok
08:02:03.0821 1636 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:02:03.0837 1636 ose - ok
08:02:03.0899 1636 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
08:02:04.0087 1636 P3 - ok
08:02:04.0134 1636 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:02:04.0290 1636 Parport - ok
08:02:04.0321 1636 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:02:04.0493 1636 PartMgr - ok
08:02:04.0524 1636 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:02:04.0680 1636 ParVdm - ok
08:02:04.0727 1636 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:02:04.0884 1636 PCI - ok
08:02:04.0915 1636 PCIDump - ok
08:02:04.0930 1636 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:02:05.0087 1636 PCIIde - ok
08:02:05.0118 1636 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:02:05.0274 1636 Pcmcia - ok
08:02:05.0290 1636 PDCOMP - ok
08:02:05.0305 1636 PDFRAME - ok
08:02:05.0321 1636 PDRELI - ok
08:02:05.0337 1636 PDRFRAME - ok
08:02:05.0352 1636 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
08:02:05.0493 1636 perc2 - ok
08:02:05.0509 1636 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
08:02:05.0649 1636 perc2hib - ok
08:02:05.0727 1636 [ F2B3785D7282BAC66D4B644FC88749F0 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
08:02:05.0759 1636 pfc ( UnsignedFile.Multi.Generic ) - warning
08:02:05.0759 1636 pfc - detected UnsignedFile.Multi.Generic (1)
08:02:05.0790 1636 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:02:05.0805 1636 PlugPlay - ok
08:02:05.0868 1636 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
08:02:05.0930 1636 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:02:05.0930 1636 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:02:05.0993 1636 [ DA19E3401F39C10DF193BE029C7E7BBA ] pnetmdm C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
08:02:06.0009 1636 pnetmdm ( UnsignedFile.Multi.Generic ) - warning
08:02:06.0009 1636 pnetmdm - detected UnsignedFile.Multi.Generic (1)
08:02:06.0071 1636 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:02:06.0243 1636 PolicyAgent - ok
08:02:06.0290 1636 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:02:06.0477 1636 PptpMiniport - ok
08:02:06.0587 1636 [ 33D7285F12D934268A34206DFC4AD1B3 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
08:02:06.0618 1636 PrismXL ( UnsignedFile.Multi.Generic ) - warning
08:02:06.0618 1636 PrismXL - detected UnsignedFile.Multi.Generic (1)
08:02:06.0665 1636 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:02:06.0868 1636 ProtectedStorage - ok
08:02:06.0930 1636 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:02:07.0118 1636 PSched - ok
08:02:07.0165 1636 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:02:07.0337 1636 Ptilink - ok
08:02:07.0399 1636 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:02:07.0555 1636 PxHelp20 - ok
08:02:07.0602 1636 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
08:02:07.0868 1636 ql1080 - ok
08:02:07.0915 1636 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
08:02:08.0055 1636 Ql10wnt - ok
08:02:08.0071 1636 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
08:02:08.0243 1636 ql12160 - ok
08:02:08.0274 1636 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
08:02:08.0477 1636 ql1240 - ok
08:02:08.0493 1636 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
08:02:08.0665 1636 ql1280 - ok
08:02:08.0696 1636 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:02:08.0884 1636 RasAcd - ok
08:02:08.0915 1636 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:02:09.0118 1636 RasAuto - ok
08:02:09.0165 1636 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:02:09.0384 1636 Rasl2tp - ok
08:02:09.0524 1636 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:02:09.0743 1636 RasMan - ok
08:02:09.0759 1636 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:02:09.0930 1636 RasPppoe - ok
08:02:09.0962 1636 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:02:10.0134 1636 Raspti - ok
08:02:10.0165 1636 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:02:10.0290 1636 RDPCDD - ok
08:02:10.0321 1636 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:02:10.0477 1636 rdpdr - ok
08:02:10.0524 1636 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:02:10.0712 1636 RDPWD - ok
08:02:10.0743 1636 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\SYSTEM32\sessmgr.exe
08:02:10.0993 1636 RDSessMgr - ok
08:02:11.0055 1636 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:02:11.0212 1636 redbook - ok
08:02:11.0259 1636 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:02:11.0399 1636 RemoteAccess - ok
08:02:11.0446 1636 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:02:11.0618 1636 RemoteRegistry - ok
08:02:11.0649 1636 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
08:02:11.0790 1636 ROOTMODEM - ok
08:02:11.0837 1636 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
08:02:11.0946 1636 RpcSs - ok
08:02:11.0977 1636 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:02:12.0134 1636 RSVP - ok
08:02:12.0180 1636 [ 3529828EC571FB2F64F6B142F9109993 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
08:02:12.0243 1636 RTL8023xp - ok
08:02:12.0290 1636 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:02:12.0446 1636 rtl8139 - ok
08:02:12.0462 1636 s125obex - ok
08:02:12.0493 1636 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:02:12.0634 1636 SamSs - ok
08:02:12.0727 1636 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:02:12.0743 1636 SASDIFSV - ok
08:02:12.0805 1636 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
08:02:12.0837 1636 SASENUM - ok
08:02:12.0899 1636 [ 67D2688756DD304AF655349BAAD82BFF ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
08:02:12.0915 1636 SASKUTIL - ok
08:02:13.0415 1636 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
08:02:13.0602 1636 SBAMSvc - ok
08:02:13.0649 1636 [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] sbaphd C:\WINDOWS\system32\drivers\sbaphd.sys
08:02:13.0712 1636 sbaphd - ok
08:02:13.0743 1636 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs C:\WINDOWS\system32\drivers\sbapifs.sys
08:02:13.0915 1636 sbapifs - ok
08:02:13.0962 1636 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys
08:02:14.0227 1636 SBRE - ok
08:02:14.0259 1636 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:02:14.0415 1636 SCardSvr - ok
08:02:14.0509 1636 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:02:14.0946 1636 Schedule - ok
08:02:15.0009 1636 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:02:15.0087 1636 Secdrv - ok
08:02:15.0134 1636 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:02:15.0321 1636 seclogon - ok
08:02:15.0352 1636 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:02:15.0540 1636 SENS - ok
08:02:15.0587 1636 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:02:15.0743 1636 Serenum - ok
08:02:15.0774 1636 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:02:15.0946 1636 Serial - ok
08:02:16.0055 1636 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:02:16.0227 1636 Sfloppy - ok
08:02:16.0321 1636 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:02:16.0555 1636 SharedAccess - ok
08:02:16.0618 1636 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:02:16.0680 1636 ShellHWDetection - ok
08:02:16.0696 1636 Simbad - ok
08:02:16.0743 1636 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
08:02:16.0884 1636 sisagp - ok
08:02:16.0930 1636 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:02:17.0134 1636 SLIP - ok
08:02:17.0196 1636 [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5 C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
08:02:17.0243 1636 SMSIVZAM5 - ok
08:02:17.0305 1636 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
08:02:17.0384 1636 Sparrow - ok
08:02:17.0446 1636 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:02:17.0602 1636 splitter - ok
08:02:17.0618 1636 Spooler - ok
08:02:17.0696 1636 [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
08:02:17.0696 1636 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7F1B7C4D446CD3F926AF45B8C48BD593
08:02:17.0696 1636 sptd ( LockedFile.Multi.Generic ) - warning
08:02:17.0696 1636 sptd - detected LockedFile.Multi.Generic (1)
08:02:17.0712 1636 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:02:17.0821 1636 sr - ok
08:02:17.0884 1636 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:02:17.0993 1636 srservice - ok
08:02:18.0071 1636 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:02:18.0243 1636 Srv - ok
08:02:18.0305 1636 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:02:18.0430 1636 SSDPSRV - ok
08:02:18.0602 1636 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
08:02:18.0634 1636 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
08:02:18.0634 1636 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
08:02:18.0727 1636 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:02:18.0962 1636 stisvc - ok
08:02:18.0977 1636 stllssvr - ok
08:02:19.0055 1636 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:02:19.0274 1636 streamip - ok
08:02:19.0305 1636 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:02:19.0524 1636 swenum - ok
08:02:19.0571 1636 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:02:19.0790 1636 swmidi - ok
08:02:19.0805 1636 SwPrv - ok
08:02:19.0884 1636 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
08:02:20.0040 1636 symc810 - ok
08:02:20.0087 1636 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
08:02:20.0274 1636 symc8xx - ok
08:02:20.0290 1636 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
08:02:20.0477 1636 sym_hi - ok
08:02:20.0493 1636 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
08:02:20.0680 1636 sym_u3 - ok
08:02:20.0712 1636 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:02:20.0868 1636 sysaudio - ok
08:02:20.0915 1636 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:02:21.0087 1636 SysmonLog - ok
08:02:21.0118 1636 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:02:21.0321 1636 TapiSrv - ok
08:02:21.0384 1636 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:02:21.0415 1636 Tcpip - ok
08:02:21.0477 1636 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:02:21.0634 1636 TDPIPE - ok
08:02:21.0665 1636 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:02:21.0821 1636 TDTCP - ok
08:02:21.0852 1636 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:02:22.0024 1636 TermDD - ok
08:02:22.0087 1636 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:02:22.0227 1636 TermService - ok
08:02:22.0274 1636 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:02:22.0290 1636 Themes - ok
08:02:22.0337 1636 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:02:22.0399 1636 TlntSvr - ok
08:02:22.0446 1636 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
08:02:22.0587 1636 TosIde - ok
08:02:22.0649 1636 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:02:22.0805 1636 TrkWks - ok
08:02:22.0852 1636 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:02:22.0993 1636 Udfs - ok
08:02:23.0055 1636 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
08:02:23.0134 1636 ultra - ok
08:02:23.0212 1636 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:02:23.0368 1636 Update - ok
08:02:23.0399 1636 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:02:23.0509 1636 upnphost - ok
08:02:23.0540 1636 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:02:23.0680 1636 UPS - ok
08:02:23.0743 1636 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
08:02:23.0759 1636 USBAAPL - ok
08:02:23.0805 1636 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:02:23.0946 1636 usbaudio - ok
08:02:23.0977 1636 [ 9419FAAC6552A51542DBBA02971C841C ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
08:02:24.0040 1636 usbbus - ok
08:02:24.0087 1636 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:02:24.0227 1636 usbccgp - ok
08:02:24.0259 1636 [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
08:02:24.0274 1636 UsbDiag - ok
08:02:24.0321 1636 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:02:24.0462 1636 usbehci - ok
08:02:24.0509 1636 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:02:24.0649 1636 usbhub - ok
08:02:24.0680 1636 [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
08:02:24.0712 1636 USBModem - ok
08:02:24.0743 1636 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:02:24.0884 1636 usbohci - ok
08:02:24.0962 1636 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:02:25.0102 1636 usbprint - ok
08:02:25.0149 1636 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:02:25.0384 1636 usbscan - ok
08:02:25.0415 1636 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:02:25.0571 1636 usbstor - ok
08:02:25.0618 1636 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:02:25.0805 1636 usbuhci - ok
08:02:25.0837 1636 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
08:02:26.0040 1636 usbvideo - ok
08:02:26.0087 1636 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
08:02:26.0259 1636 usb_rndisx - ok
08:02:26.0337 1636 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:02:26.0555 1636 VgaSave - ok
08:02:26.0618 1636 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
08:02:26.0790 1636 viaagp - ok
08:02:26.0821 1636 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
08:02:26.0962 1636 ViaIde - ok
08:02:26.0977 1636 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:02:27.0134 1636 VolSnap - ok
08:02:27.0180 1636 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:02:27.0321 1636 VSS - ok
08:02:27.0384 1636 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
08:02:27.0540 1636 W32Time - ok
08:02:27.0618 1636 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:02:27.0759 1636 Wanarp - ok
08:02:27.0805 1636 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
08:02:27.0821 1636 wanatw - ok
08:02:27.0852 1636 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
08:02:27.0884 1636 wceusbsh - ok
08:02:27.0946 1636 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
08:02:27.0993 1636 Wdf01000 - ok
08:02:28.0009 1636 WDICA - ok
08:02:28.0055 1636 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:02:28.0196 1636 wdmaud - ok
08:02:28.0227 1636 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:02:28.0384 1636 WebClient - ok
08:02:28.0477 1636 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:02:28.0555 1636 winachsf - ok
08:02:28.0727 1636 [ 64898BEA32C12BADDA4218BE88DBD595 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:02:28.0837 1636 WinDefend - ok
08:02:29.0024 1636 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:02:29.0165 1636 winmgmt - ok
08:02:29.0227 1636 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
08:02:29.0243 1636 WinUSB - ok
08:02:29.0274 1636 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:02:29.0305 1636 WmdmPmSN - ok
08:02:29.0368 1636 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:02:29.0415 1636 Wmi - ok
08:02:29.0462 1636 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:02:29.0602 1636 WmiApSrv - ok
08:02:29.0727 1636 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
08:02:29.0868 1636 WMPNetworkSvc - ok
08:02:29.0915 1636 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
08:02:29.0930 1636 WpdUsb - ok
08:02:30.0102 1636 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:02:30.0134 1636 WPFFontCache_v0400 - ok
08:02:30.0180 1636 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:02:30.0321 1636 WS2IFSL - ok
08:02:30.0384 1636 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:02:30.0555 1636 wscsvc - ok
08:02:30.0571 1636 WSearch - ok
08:02:30.0602 1636 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:02:30.0743 1636 WSTCODEC - ok
08:02:30.0774 1636 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:02:30.0946 1636 wuauserv - ok
08:02:30.0993 1636 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:02:31.0009 1636 WudfPf - ok
08:02:31.0040 1636 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:02:31.0087 1636 WudfRd - ok
08:02:31.0134 1636 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:02:31.0149 1636 WudfSvc - ok
08:02:31.0290 1636 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:02:31.0462 1636 WZCSVC - ok
08:02:31.0493 1636 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:02:31.0649 1636 xmlprov - ok
08:02:31.0696 1636 ================ Scan global ===============================
08:02:31.0743 1636 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:02:31.0805 1636 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:02:31.0837 1636 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:02:31.0852 1636 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:02:31.0868 1636 [Global] - ok
08:02:31.0868 1636 ================ Scan MBR ==================================
08:02:31.0899 1636 [ FAEE7E40DFB0440AD2CFC39BEFA1F4C2 ] \Device\Harddisk0\DR0
08:02:31.0899 1636 Suspicious mbr (Forged): \Device\Harddisk0\DR0
08:02:31.0946 1636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
08:02:31.0946 1636 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
08:02:32.0009 1636 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:02:32.0009 1636 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:02:32.0024 1636 ================ Scan VBR ==================================
08:02:32.0024 1636 [ B4E4010A655FD933CD8E162D5824AE03 ] \Device\Harddisk0\DR0\Partition1
08:02:32.0024 1636 \Device\Harddisk0\DR0\Partition1 - ok
08:02:32.0040 1636 [ D6D6F50B4A8A08ADDB4416F84E0A2437 ] \Device\Harddisk0\DR0\Partition2
08:02:32.0040 1636 \Device\Harddisk0\DR0\Partition2 - ok
08:02:32.0040 1636 ============================================================
08:02:32.0040 1636 Scan finished
08:02:32.0040 1636 ============================================================
08:02:32.0196 1136 Detected object count: 23
08:02:32.0196 1136 Actual detected object count: 23
08:04:10.0212 1136 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0212 1136 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0212 1136 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0212 1136 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0227 1136 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0227 1136 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0227 1136 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0227 1136 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0227 1136 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0227 1136 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0227 1136 lgatbus ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0227 1136 lgatbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0227 1136 lgatmdm ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0227 1136 lgatmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0227 1136 lgatserd ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0227 1136 lgatserd ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0243 1136 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0243 1136 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0243 1136 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0243 1136 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0259 1136 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0259 1136 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0259 1136 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0259 1136 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0274 1136 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0274 1136 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0274 1136 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0274 1136 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0290 1136 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0290 1136 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0290 1136 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0290 1136 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0290 1136 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0290 1136 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0290 1136 pnetmdm ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0290 1136 pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0305 1136 PrismXL ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0305 1136 PrismXL ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0305 1136 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:04:10.0305 1136 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:04:10.0305 1136 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
08:04:10.0305 1136 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:04:10.0305 1136 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
08:04:10.0321 1136 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
08:04:10.0321 1136 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:04:10.0321 1136 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:04:20.0524 1516 Deinitialize success
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Sun Sep 02, 2012 3:55 pm

To check for and confirm the MBR (Master Boot Record) rootkit.

Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).

Now double-click on mbr.exe to run the tool.
The process is automatic...a black DOS window will open and quickly disappear. This is normal.
A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
Copy and paste the results of the mbr.log in your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Sun Sep 02, 2012 4:34 pm

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600BB-22GUC0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1f

device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89A412C6
user & kernel MBR OK
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

Re: AVG keeps getting trojans and hidden files

Postby Gecko » Mon Sep 03, 2012 4:38 pm

Run TDSSKiller again.
When you get to the following entry:

\Device\Harddisk0\DR0 ( TDSS File System )

Delete that entry and then attach the newly made log.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: AVG keeps getting trojans and hidden files

Postby jlec » Mon Sep 03, 2012 7:50 pm

14:45:30.0656 3744 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:45:31.0593 3744 ============================================================
14:45:31.0593 3744 Current date / time: 2012/09/03 14:45:31.0593
14:45:31.0593 3744 SystemInfo:
14:45:31.0593 3744
14:45:31.0593 3744 OS Version: 5.1.2600 ServicePack: 3.0
14:45:31.0593 3744 Product type: Workstation
14:45:31.0593 3744 ComputerName: JERRIEL_1
14:45:31.0593 3744 UserName: Administrator
14:45:31.0593 3744 Windows directory: C:\WINDOWS
14:45:31.0593 3744 System windows directory: C:\WINDOWS
14:45:31.0593 3744 Processor architecture: Intel x86
14:45:31.0593 3744 Number of processors: 1
14:45:31.0593 3744 Page size: 0x1000
14:45:31.0593 3744 Boot type: Normal boot
14:45:31.0593 3744 ============================================================
14:45:33.0875 3744 BG loaded
14:45:34.0218 3744 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:45:34.0343 3744 ============================================================
14:45:34.0343 3744 \Device\Harddisk0\DR0:
14:45:34.0343 3744 MBR partitions:
14:45:34.0343 3744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x80344B, BlocksNum 0x12215676
14:45:34.0343 3744 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x80340C
14:45:34.0343 3744 ============================================================
14:45:34.0390 3744 C: <-> \Device\Harddisk0\DR0\Partition1
14:45:34.0390 3744 D: <-> \Device\Harddisk0\DR0\Partition2
14:45:34.0390 3744 ============================================================
14:45:34.0390 3744 Initialize success
14:45:34.0390 3744 ============================================================
14:45:46.0531 0208 ============================================================
14:45:46.0531 0208 Scan started
14:45:46.0531 0208 Mode: Manual; SigCheck; TDLFS;
14:45:46.0531 0208 ============================================================
14:45:49.0250 0208 ================ Scan system memory ========================
14:45:49.0250 0208 System memory - ok
14:45:49.0250 0208 ================ Scan services =============================
14:45:50.0734 0208 Abiosdsk - ok
14:45:50.0812 0208 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:45:58.0187 0208 abp480n5 - ok
14:45:58.0734 0208 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:45:58.0890 0208 ACPI - ok
14:45:58.0921 0208 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:45:59.0078 0208 ACPIEC - ok
14:45:59.0328 0208 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
14:45:59.0390 0208 Ad-Aware Service - ok
14:45:59.0468 0208 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:45:59.0546 0208 AdobeFlashPlayerUpdateSvc - ok
14:45:59.0593 0208 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:45:59.0781 0208 adpu160m - ok
14:45:59.0828 0208 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:45:59.0984 0208 aec - ok
14:46:00.0078 0208 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:46:00.0171 0208 AFD - ok
14:46:00.0250 0208 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:46:00.0406 0208 agp440 - ok
14:46:00.0421 0208 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:46:00.0593 0208 agpCPQ - ok
14:46:00.0609 0208 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:46:00.0687 0208 Aha154x - ok
14:46:00.0703 0208 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:46:00.0875 0208 aic78u2 - ok
14:46:00.0890 0208 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:46:01.0031 0208 aic78xx - ok
14:46:01.0062 0208 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:46:01.0140 0208 ALG - ok
14:46:01.0156 0208 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
14:46:01.0296 0208 AliIde - ok
14:46:01.0328 0208 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:46:01.0500 0208 alim1541 - ok
14:46:01.0531 0208 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:46:01.0671 0208 amdagp - ok
14:46:01.0703 0208 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
14:46:01.0796 0208 amsint - ok
14:46:01.0843 0208 [ 64F24088DBB1D68EE9963F66F8EB68CF ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
14:46:01.0890 0208 AnyDVD - ok
14:46:02.0046 0208 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:46:02.0062 0208 Apple Mobile Device - ok
14:46:02.0109 0208 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:46:02.0187 0208 AppMgmt - ok
14:46:02.0203 0208 arrayssl_vpn_service3,0,1,9 - ok
14:46:02.0234 0208 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
14:46:02.0375 0208 asc - ok
14:46:02.0390 0208 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:46:02.0468 0208 asc3350p - ok
14:46:02.0484 0208 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:46:02.0640 0208 asc3550 - ok
14:46:02.0671 0208 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
14:46:02.0750 0208 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
14:46:02.0750 0208 ASCTRM - detected UnsignedFile.Multi.Generic (1)
14:46:02.0921 0208 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:46:02.0937 0208 aspnet_state - ok
14:46:02.0984 0208 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:46:03.0140 0208 AsyncMac - ok
14:46:03.0171 0208 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:46:03.0343 0208 atapi - ok
14:46:03.0359 0208 Atdisk - ok
14:46:03.0421 0208 [ 1D4EDB435C59BA0193683739A95E59A6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:46:03.0515 0208 Ati HotKey Poller - ok
14:46:03.0562 0208 [ 2DA0A78E4BB2EB8722FF696E580A0DB9 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
14:46:04.0296 0208 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
14:46:04.0312 0208 ATI Smart - detected UnsignedFile.Multi.Generic (1)
14:46:04.0406 0208 [ 1CABA9EA8ADC5E9A5EBA3882F6A90F9B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:46:04.0484 0208 ati2mtag - ok
14:46:04.0515 0208 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:46:04.0671 0208 Atmarpc - ok
14:46:04.0718 0208 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:46:04.0890 0208 AudioSrv - ok
14:46:04.0937 0208 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:46:05.0093 0208 audstub - ok
14:46:05.0093 0208 backuplauncher - ok
14:46:05.0125 0208 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:46:05.0921 0208 Beep - ok
14:46:06.0000 0208 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:46:06.0218 0208 BITS - ok
14:46:06.0296 0208 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:46:06.0312 0208 Bonjour Service - ok
14:46:06.0328 0208 catchme - ok
14:46:06.0375 0208 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:46:06.0515 0208 cbidf - ok
14:46:06.0531 0208 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:46:06.0671 0208 cbidf2k - ok
14:46:06.0718 0208 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:46:06.0875 0208 CCDECODE - ok
14:46:06.0890 0208 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:46:06.0968 0208 cd20xrnt - ok
14:46:07.0015 0208 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:46:07.0140 0208 Cdaudio - ok
14:46:07.0187 0208 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:46:07.0343 0208 Cdfs - ok
14:46:07.0375 0208 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:46:07.0531 0208 Cdrom - ok
14:46:07.0546 0208 Changer - ok
14:46:07.0578 0208 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:46:07.0718 0208 CiSvc - ok
14:46:07.0750 0208 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:46:07.0906 0208 ClipSrv - ok
14:46:07.0953 0208 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:46:07.0968 0208 clr_optimization_v2.0.50727_32 - ok
14:46:08.0031 0208 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:46:08.0062 0208 clr_optimization_v4.0.30319_32 - ok
14:46:08.0109 0208 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:46:08.0265 0208 CmdIde - ok
14:46:08.0281 0208 CnxtHdAudService - ok
14:46:08.0312 0208 COMSysApp - ok
14:46:08.0328 0208 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:46:08.0468 0208 Cpqarray - ok
14:46:08.0515 0208 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:46:08.0671 0208 CryptSvc - ok
14:46:08.0687 0208 CTMFLT - ok
14:46:08.0718 0208 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:46:08.0875 0208 dac2w2k - ok
14:46:08.0890 0208 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:46:09.0062 0208 dac960nt - ok
14:46:09.0109 0208 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:46:09.0203 0208 DcomLaunch - ok
14:46:09.0265 0208 [ AC7B74A292ACF45CAA0FEC8917E06C02 ] DCxxMJPG C:\WINDOWS\system32\drivers\DCxxMJPG.sys
14:46:09.0328 0208 DCxxMJPG - ok
14:46:09.0375 0208 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:46:09.0531 0208 Dhcp - ok
14:46:09.0578 0208 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:46:09.0750 0208 Disk - ok
14:46:09.0765 0208 dmadmin - ok
14:46:09.0828 0208 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:46:10.0031 0208 dmboot - ok
14:46:10.0078 0208 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:46:10.0250 0208 dmio - ok
14:46:10.0265 0208 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:46:10.0421 0208 dmload - ok
14:46:10.0453 0208 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:46:10.0609 0208 dmserver - ok
14:46:10.0640 0208 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:46:10.0796 0208 DMusic - ok
14:46:10.0843 0208 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:46:10.0953 0208 Dnscache - ok
14:46:11.0000 0208 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:46:11.0140 0208 Dot3svc - ok
14:46:11.0171 0208 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:46:11.0328 0208 dpti2o - ok
14:46:11.0343 0208 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:46:11.0500 0208 drmkaud - ok
14:46:11.0546 0208 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:46:11.0718 0208 EapHost - ok
14:46:11.0812 0208 [ D039A0C347632622934906BD59A4E1EA ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
14:46:11.0875 0208 ehRecvr - ok
14:46:11.0906 0208 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
14:46:12.0015 0208 ehSched - ok
14:46:12.0062 0208 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
14:46:12.0078 0208 ElbyCDFL - ok
14:46:12.0140 0208 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
14:46:12.0140 0208 ElbyCDIO - ok
14:46:12.0203 0208 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:46:12.0359 0208 ERSvc - ok
14:46:12.0406 0208 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:46:12.0468 0208 Eventlog - ok
14:46:12.0515 0208 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:46:12.0578 0208 EventSystem - ok
14:46:12.0609 0208 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:46:12.0750 0208 Fastfat - ok
14:46:12.0796 0208 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:46:12.0890 0208 FastUserSwitchingCompatibility - ok
14:46:12.0921 0208 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:46:13.0078 0208 Fdc - ok
14:46:13.0109 0208 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:46:13.0265 0208 Fips - ok
14:46:13.0296 0208 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:46:13.0453 0208 Flpydisk - ok
14:46:13.0484 0208 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:46:13.0625 0208 FltMgr - ok
14:46:13.0687 0208 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:46:13.0703 0208 FontCache3.0.0.0 - ok
14:46:13.0750 0208 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:46:13.0906 0208 Fs_Rec - ok
14:46:13.0937 0208 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:46:14.0093 0208 Ftdisk - ok
14:46:14.0140 0208 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:46:14.0156 0208 GEARAspiWDM - ok
14:46:14.0203 0208 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:46:14.0359 0208 Gpc - ok
14:46:14.0375 0208 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:46:14.0515 0208 HDAudBus - ok
14:46:14.0562 0208 helpsvc - ok
14:46:14.0609 0208 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:46:14.0781 0208 HidServ - ok
14:46:14.0812 0208 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:46:14.0968 0208 HidUsb - ok
14:46:15.0015 0208 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:46:15.0156 0208 hkmsvc - ok
14:46:15.0218 0208 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
14:46:15.0375 0208 hpn - ok
14:46:15.0656 0208 [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:46:15.0687 0208 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:46:15.0687 0208 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:46:15.0765 0208 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:46:15.0812 0208 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:46:15.0812 0208 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:46:15.0875 0208 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:46:16.0328 0208 HPZid412 - ok
14:46:16.0375 0208 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:46:16.0406 0208 HPZipr12 - ok
14:46:16.0453 0208 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:46:16.0515 0208 HPZius12 - ok
14:46:16.0562 0208 [ B6B0721A86E51D141EC55C3CC1CA5686 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:46:16.0625 0208 HSFHWBS2 - ok
14:46:16.0703 0208 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
14:46:16.0781 0208 HSF_DPV - ok
14:46:16.0828 0208 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:46:16.0875 0208 HTTP - ok
14:46:16.0906 0208 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:46:17.0062 0208 HTTPFilter - ok
14:46:17.0093 0208 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:46:17.0234 0208 i2omgmt - ok
14:46:17.0296 0208 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:46:17.0453 0208 i2omp - ok
14:46:17.0500 0208 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:46:17.0687 0208 i8042prt - ok
14:46:17.0750 0208 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
14:46:17.0843 0208 iaStor ( UnsignedFile.Multi.Generic ) - warning
14:46:17.0843 0208 iaStor - detected UnsignedFile.Multi.Generic (1)
14:46:18.0000 0208 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:46:18.0109 0208 idsvc - ok
14:46:18.0140 0208 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:46:18.0296 0208 Imapi - ok
14:46:18.0343 0208 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:46:18.0500 0208 ImapiService - ok
14:46:18.0562 0208 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:46:18.0718 0208 ini910u - ok
14:46:19.0140 0208 [ 2389F12F0ED506176B7C29C8144CEA09 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:46:19.0312 0208 IntcAzAudAddService - ok
14:46:19.0359 0208 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:46:19.0500 0208 IntelIde - ok
14:46:19.0546 0208 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:46:19.0687 0208 intelppm - ok
14:46:19.0796 0208 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
14:46:19.0796 0208 IntuitUpdateService - ok
14:46:19.0875 0208 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
14:46:19.0906 0208 IntuitUpdateServiceV4 - ok
14:46:19.0921 0208 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:46:20.0093 0208 Ip6Fw - ok
14:46:20.0125 0208 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:46:20.0281 0208 IpFilterDriver - ok
14:46:20.0312 0208 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:46:20.0453 0208 IpInIp - ok
14:46:20.0500 0208 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:46:20.0671 0208 IpNat - ok
14:46:20.0718 0208 [ DCB3796E0169419618C72F0CE34C68ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:46:20.0765 0208 iPod Service - ok
14:46:20.0812 0208 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:46:20.0937 0208 IPSec - ok
14:46:20.0953 0208 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:46:21.0031 0208 IRENUM - ok
14:46:21.0078 0208 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:46:21.0234 0208 isapnp - ok
14:46:21.0328 0208 [ 0AE61463ADDA697A6291155CE6B08AAF ] ISODrive C:\Program Files\UltraISO\drivers\ISODrive.sys
14:46:21.0421 0208 ISODrive - ok
14:46:21.0562 0208 [ 39133291CB607BDD87CFC565A4A1E7A5 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
14:46:21.0578 0208 JavaQuickStarterService - ok
14:46:21.0609 0208 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:46:21.0781 0208 Kbdclass - ok
14:46:21.0812 0208 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:46:21.0968 0208 kmixer - ok
14:46:22.0015 0208 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:46:22.0093 0208 KSecDD - ok
14:46:22.0140 0208 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:46:22.0203 0208 lanmanserver - ok
14:46:22.0218 0208 lbrtfdc - ok
14:46:22.0234 0208 LC7981 - ok
14:46:22.0281 0208 [ ED8854A04430F17A4A237D14CA707CC0 ] lgatbus C:\WINDOWS\system32\DRIVERS\lgatbus.sys
14:46:22.0328 0208 lgatbus ( UnsignedFile.Multi.Generic ) - warning
14:46:22.0328 0208 lgatbus - detected UnsignedFile.Multi.Generic (1)
14:46:22.0375 0208 [ 0E869725086064FF6695A9CB71F27869 ] lgatmdm C:\WINDOWS\system32\DRIVERS\lgatmdm.sys
14:46:22.0468 0208 lgatmdm ( UnsignedFile.Multi.Generic ) - warning
14:46:22.0468 0208 lgatmdm - detected UnsignedFile.Multi.Generic (1)
14:46:22.0515 0208 [ DDFA2E84AF1A804AAA24D3D5B6291778 ] lgatserd C:\WINDOWS\system32\DRIVERS\lgatserd.sys
14:46:22.0593 0208 lgatserd ( UnsignedFile.Multi.Generic ) - warning
14:46:22.0593 0208 lgatserd - detected UnsignedFile.Multi.Generic (1)
14:46:22.0656 0208 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:46:22.0812 0208 LmHosts - ok
14:46:22.0875 0208 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
14:46:22.0890 0208 McciCMService ( UnsignedFile.Multi.Generic ) - warning
14:46:22.0890 0208 McciCMService - detected UnsignedFile.Multi.Generic (1)
14:46:22.0953 0208 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
14:46:22.0984 0208 McrdSvc - ok
14:46:23.0000 0208 MCSTRM - ok
14:46:23.0046 0208 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:46:23.0062 0208 mdmxsdk - ok
14:46:23.0109 0208 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:46:23.0265 0208 Messenger - ok
14:46:23.0312 0208 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
14:46:23.0328 0208 MHN ( UnsignedFile.Multi.Generic ) - warning
14:46:23.0328 0208 MHN - detected UnsignedFile.Multi.Generic (1)
14:46:23.0375 0208 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:46:23.0390 0208 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
14:46:23.0390 0208 MHNDRV - detected UnsignedFile.Multi.Generic (1)
14:46:23.0406 0208 mi-raysat_3dsMax2008_32 - ok
14:46:23.0562 0208 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:46:23.0578 0208 Microsoft Office Groove Audit Service - ok
14:46:23.0625 0208 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:46:23.0765 0208 mnmdd - ok
14:46:23.0796 0208 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:46:23.0953 0208 mnmsrvc - ok
14:46:24.0000 0208 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:46:24.0140 0208 Modem - ok
14:46:24.0171 0208 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:46:24.0328 0208 Mouclass - ok
14:46:24.0343 0208 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:46:24.0484 0208 MountMgr - ok
14:46:24.0531 0208 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:46:24.0562 0208 MpFilter - ok
14:46:24.0781 0208 [ A69630D039C38018689190234F866D77 ] MpKsl224cc65b c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C316FA8-F92C-40C6-896D-6DD0FDE7B6A8}\MpKsl224cc65b.sys
14:46:24.0796 0208 MpKsl224cc65b - ok
14:46:24.0828 0208 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:46:24.0984 0208 mraid35x - ok
14:46:25.0015 0208 [ 80B2EC735495823AE5771A5F603E73BD ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:46:25.0093 0208 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
14:46:25.0093 0208 MREMP50 - detected UnsignedFile.Multi.Generic (1)
14:46:25.0671 0208 [ 37D7C22F7E26DA90E2D2D260E5D27846 ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:46:25.0734 0208 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
14:46:25.0734 0208 MRESP50 - detected UnsignedFile.Multi.Generic (1)
14:46:25.0765 0208 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:46:25.0937 0208 MRxDAV - ok
14:46:25.0968 0208 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:46:26.0171 0208 MSDTC - ok
14:46:26.0203 0208 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:46:26.0375 0208 Msfs - ok
14:46:26.0390 0208 MSIServer - ok
14:46:26.0437 0208 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:46:26.0593 0208 MSKSSRV - ok
14:46:26.0718 0208 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:46:26.0734 0208 MsMpSvc - ok
14:46:26.0906 0208 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:46:27.0093 0208 MSPCLOCK - ok
14:46:27.0125 0208 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:46:27.0296 0208 MSPQM - ok
14:46:27.0375 0208 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:46:27.0515 0208 mssmbios - ok
14:46:27.0671 0208 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:46:28.0281 0208 MSTEE - ok
14:46:28.0593 0208 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:46:29.0046 0208 Mup - ok
14:46:29.0125 0208 [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic C:\WINDOWS\system32\DRIVERS\mxnic.sys
14:46:29.0578 0208 mxnic - ok
14:46:29.0843 0208 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:46:30.0250 0208 NABTSFEC - ok
14:46:30.0562 0208 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:46:31.0062 0208 napagent - ok
14:46:31.0125 0208 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:46:31.0328 0208 NDIS - ok
14:46:31.0375 0208 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:46:31.0562 0208 NdisIP - ok
14:46:31.0625 0208 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:46:31.0781 0208 NdisTapi - ok
14:46:31.0859 0208 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:46:32.0015 0208 Ndisuio - ok
14:46:32.0078 0208 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:46:32.0250 0208 NdisWan - ok
14:46:32.0312 0208 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:46:32.0453 0208 NDProxy - ok
14:46:32.0531 0208 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:46:32.0593 0208 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:46:32.0593 0208 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:46:32.0687 0208 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\drivers\netbt.sys
14:46:32.0734 0208 NetBT ( UnsignedFile.Multi.Generic ) - warning
14:46:32.0734 0208 NetBT - detected UnsignedFile.Multi.Generic (1)
14:46:32.0812 0208 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:46:33.0078 0208 NetDDE - ok
14:46:33.0109 0208 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:46:33.0265 0208 NetDDEdsdm - ok
14:46:33.0406 0208 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:46:33.0578 0208 Netman - ok
14:46:33.0593 0208 NETMDUSB - ok
14:46:33.0812 0208 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:46:34.0031 0208 NetTcpPortSharing - ok
14:46:34.0062 0208 NETw5x32 - ok
14:46:34.0156 0208 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:46:34.0218 0208 Nla - ok
14:46:34.0296 0208 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:46:34.0468 0208 Npfs - ok
14:46:34.0562 0208 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:46:35.0109 0208 Ntfs - ok
14:46:35.0265 0208 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:46:35.0546 0208 NtmsSvc - ok
14:46:35.0593 0208 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:46:35.0765 0208 Null - ok
14:46:36.0156 0208 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:46:37.0453 0208 nv - ok
14:46:37.0468 0208 NVXBAR - ok
14:46:37.0531 0208 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:46:37.0781 0208 NwlnkFlt - ok
14:46:38.0093 0208 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:46:38.0421 0208 NwlnkFwd - ok
14:46:39.0500 0208 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:46:39.0968 0208 odserv - ok
14:46:39.0984 0208 oracle_load_balancer_60_client-forms6ip9 - ok
14:46:40.0437 0208 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:46:40.0687 0208 ose - ok
14:46:40.0906 0208 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
14:46:41.0203 0208 P3 - ok
14:46:41.0250 0208 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:46:41.0468 0208 Parport - ok
14:46:41.0515 0208 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:46:41.0812 0208 PartMgr - ok
14:46:41.0921 0208 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:46:42.0171 0208 ParVdm - ok
14:46:42.0328 0208 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:46:42.0500 0208 PCI - ok
14:46:42.0515 0208 PCIDump - ok
14:46:42.0531 0208 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:46:42.0703 0208 PCIIde - ok
14:46:42.0718 0208 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:46:42.0875 0208 Pcmcia - ok
14:46:42.0890 0208 PDCOMP - ok
14:46:42.0906 0208 PDFRAME - ok
14:46:42.0921 0208 PDRELI - ok
14:46:42.0937 0208 PDRFRAME - ok
14:46:42.0968 0208 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
14:46:43.0187 0208 perc2 - ok
14:46:43.0265 0208 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:46:43.0515 0208 perc2hib - ok
14:46:43.0718 0208 [ F2B3785D7282BAC66D4B644FC88749F0 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
14:46:43.0765 0208 pfc ( UnsignedFile.Multi.Generic ) - warning
14:46:43.0765 0208 pfc - detected UnsignedFile.Multi.Generic (1)
14:46:43.0796 0208 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:46:43.0906 0208 PlugPlay - ok
14:46:43.0968 0208 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:46:44.0031 0208 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:46:44.0031 0208 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:46:44.0109 0208 [ DA19E3401F39C10DF193BE029C7E7BBA ] pnetmdm C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
14:46:44.0125 0208 pnetmdm ( UnsignedFile.Multi.Generic ) - warning
14:46:44.0125 0208 pnetmdm - detected UnsignedFile.Multi.Generic (1)
14:46:44.0218 0208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:46:44.0468 0208 PolicyAgent - ok
14:46:44.0531 0208 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:46:44.0718 0208 PptpMiniport - ok
14:46:45.0031 0208 [ 33D7285F12D934268A34206DFC4AD1B3 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
14:46:45.0062 0208 PrismXL ( UnsignedFile.Multi.Generic ) - warning
14:46:45.0062 0208 PrismXL - detected UnsignedFile.Multi.Generic (1)
14:46:45.0093 0208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:46:45.0250 0208 ProtectedStorage - ok
14:46:45.0437 0208 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:46:45.0578 0208 PSched - ok
14:46:45.0609 0208 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:46:45.0750 0208 Ptilink - ok
14:46:45.0843 0208 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:46:45.0890 0208 PxHelp20 - ok
14:46:46.0093 0208 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:46:46.0531 0208 ql1080 - ok
14:46:46.0562 0208 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:46:46.0750 0208 Ql10wnt - ok
14:46:46.0781 0208 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:46:47.0000 0208 ql12160 - ok
14:46:47.0156 0208 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:46:47.0562 0208 ql1240 - ok
14:46:47.0578 0208 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:46:48.0015 0208 ql1280 - ok
14:46:48.0078 0208 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:46:48.0265 0208 RasAcd - ok
14:46:48.0468 0208 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:46:48.0671 0208 RasAuto - ok
14:46:48.0734 0208 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:46:49.0281 0208 Rasl2tp - ok
14:46:49.0328 0208 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:46:49.0546 0208 RasMan - ok
14:46:49.0578 0208 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:46:51.0234 0208 RasPppoe - ok
14:46:51.0281 0208 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:46:51.0625 0208 Raspti - ok
14:46:51.0734 0208 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:46:52.0078 0208 RDPCDD - ok
14:46:52.0140 0208 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:46:52.0843 0208 rdpdr - ok
14:46:52.0890 0208 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:46:53.0031 0208 RDPWD - ok
14:46:53.0062 0208 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\SYSTEM32\sessmgr.exe
14:46:53.0203 0208 RDSessMgr - ok
14:46:53.0250 0208 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:46:53.0578 0208 redbook - ok
14:46:53.0625 0208 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:46:53.0765 0208 RemoteAccess - ok
14:46:53.0812 0208 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:46:53.0953 0208 RemoteRegistry - ok
14:46:53.0984 0208 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
14:46:54.0156 0208 ROOTMODEM - ok
14:46:54.0234 0208 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:46:54.0281 0208 RpcSs - ok
14:46:54.0328 0208 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:46:54.0468 0208 RSVP - ok
14:46:54.0515 0208 [ 3529828EC571FB2F64F6B142F9109993 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
14:46:54.0609 0208 RTL8023xp - ok
14:46:54.0640 0208 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:46:55.0156 0208 rtl8139 - ok
14:46:55.0562 0208 s125obex - ok
14:46:55.0625 0208 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:46:55.0812 0208 SamSs - ok
14:46:55.0906 0208 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:46:55.0906 0208 SASDIFSV - ok
14:46:55.0953 0208 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
14:46:55.0968 0208 SASENUM - ok
14:46:56.0031 0208 [ 67D2688756DD304AF655349BAAD82BFF ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
14:46:56.0046 0208 SASKUTIL - ok
14:46:56.0656 0208 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
14:46:56.0953 0208 SBAMSvc - ok
14:46:57.0000 0208 [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] sbaphd C:\WINDOWS\system32\drivers\sbaphd.sys
14:46:57.0046 0208 sbaphd - ok
14:46:57.0078 0208 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs C:\WINDOWS\system32\drivers\sbapifs.sys
14:46:57.0187 0208 sbapifs - ok
14:46:57.0343 0208 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys
14:46:57.0562 0208 SBRE - ok
14:46:57.0593 0208 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:46:57.0750 0208 SCardSvr - ok
14:46:57.0796 0208 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:46:57.0953 0208 Schedule - ok
14:46:57.0984 0208 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:46:58.0062 0208 Secdrv - ok
14:46:58.0093 0208 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:46:58.0218 0208 seclogon - ok
14:46:58.0234 0208 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:46:58.0390 0208 SENS - ok
14:46:58.0406 0208 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:46:58.0625 0208 Serenum - ok
14:46:58.0656 0208 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:46:58.0781 0208 Serial - ok
14:46:58.0843 0208 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:46:58.0968 0208 Sfloppy - ok
14:46:59.0031 0208 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:46:59.0203 0208 SharedAccess - ok
14:46:59.0234 0208 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:46:59.0265 0208 ShellHWDetection - ok
14:46:59.0281 0208 Simbad - ok
14:46:59.0328 0208 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:46:59.0484 0208 sisagp - ok
14:46:59.0515 0208 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:46:59.0656 0208 SLIP - ok
14:46:59.0703 0208 [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5 C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
14:46:59.0718 0208 SMSIVZAM5 - ok
14:46:59.0765 0208 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:46:59.0859 0208 Sparrow - ok
14:46:59.0906 0208 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:47:00.0046 0208 splitter - ok
14:47:00.0046 0208 Spooler - ok
14:47:00.0125 0208 [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
14:47:00.0125 0208 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7F1B7C4D446CD3F926AF45B8C48BD593
14:47:00.0125 0208 sptd ( LockedFile.Multi.Generic ) - warning
14:47:00.0125 0208 sptd - detected LockedFile.Multi.Generic (1)
14:47:00.0140 0208 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:47:00.0234 0208 sr - ok
14:47:00.0281 0208 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:47:00.0359 0208 srservice - ok
14:47:00.0421 0208 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:47:00.0515 0208 Srv - ok
14:47:00.0562 0208 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:47:00.0625 0208 SSDPSRV - ok
14:47:00.0718 0208 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
14:47:00.0750 0208 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
14:47:00.0750 0208 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
14:47:00.0812 0208 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:47:00.0968 0208 stisvc - ok
14:47:00.0984 0208 stllssvr - ok
14:47:01.0015 0208 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:47:01.0156 0208 streamip - ok
14:47:01.0203 0208 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:47:01.0375 0208 swenum - ok
14:47:01.0406 0208 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:47:01.0562 0208 swmidi - ok
14:47:01.0578 0208 SwPrv - ok
14:47:01.0625 0208 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
14:47:01.0750 0208 symc810 - ok
14:47:01.0765 0208 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:47:02.0015 0208 symc8xx - ok
14:47:02.0046 0208 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:47:02.0234 0208 sym_hi - ok
14:47:02.0250 0208 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:47:02.0515 0208 sym_u3 - ok
14:47:02.0562 0208 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:47:02.0703 0208 sysaudio - ok
14:47:02.0734 0208 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:47:02.0859 0208 SysmonLog - ok
14:47:02.0906 0208 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:47:03.0031 0208 TapiSrv - ok
14:47:03.0093 0208 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:47:03.0156 0208 Tcpip - ok
14:47:03.0187 0208 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:47:03.0343 0208 TDPIPE - ok
14:47:03.0375 0208 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:47:03.0578 0208 TDTCP - ok
14:47:03.0609 0208 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:47:03.0750 0208 TermDD - ok
14:47:03.0828 0208 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:47:03.0984 0208 TermService - ok
14:47:04.0015 0208 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:47:04.0031 0208 Themes - ok
14:47:04.0078 0208 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:47:04.0171 0208 TlntSvr - ok
14:47:04.0218 0208 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
14:47:04.0359 0208 TosIde - ok
14:47:04.0406 0208 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:47:04.0562 0208 TrkWks - ok
14:47:04.0593 0208 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:47:04.0734 0208 Udfs - ok
14:47:04.0796 0208 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
14:47:04.0890 0208 ultra - ok
14:47:04.0953 0208 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:47:05.0125 0208 Update - ok
14:47:05.0156 0208 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:47:05.0250 0208 upnphost - ok
14:47:05.0281 0208 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:47:05.0421 0208 UPS - ok
14:47:05.0484 0208 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:47:05.0546 0208 USBAAPL - ok
14:47:05.0578 0208 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
14:47:05.0718 0208 usbaudio - ok
14:47:05.0765 0208 [ 9419FAAC6552A51542DBBA02971C841C ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
14:47:05.0875 0208 usbbus - ok
14:47:05.0906 0208 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:47:06.0062 0208 usbccgp - ok
14:47:06.0109 0208 [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
14:47:06.0125 0208 UsbDiag - ok
14:47:06.0171 0208 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:47:06.0296 0208 usbehci - ok
14:47:06.0328 0208 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:47:06.0484 0208 usbhub - ok
14:47:06.0515 0208 [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
14:47:06.0546 0208 USBModem - ok
14:47:06.0578 0208 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:47:06.0703 0208 usbohci - ok
14:47:06.0750 0208 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:47:06.0906 0208 usbprint - ok
14:47:06.0937 0208 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:47:07.0062 0208 usbscan - ok
14:47:07.0093 0208 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:47:07.0218 0208 usbstor - ok
14:47:07.0250 0208 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:47:07.0390 0208 usbuhci - ok
14:47:07.0421 0208 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
14:47:07.0546 0208 usbvideo - ok
14:47:07.0593 0208 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:47:07.0718 0208 usb_rndisx - ok
14:47:07.0750 0208 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:47:07.0875 0208 VgaSave - ok
14:47:07.0937 0208 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:47:08.0078 0208 viaagp - ok
14:47:08.0093 0208 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:47:08.0234 0208 ViaIde - ok
14:47:08.0250 0208 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:47:08.0406 0208 VolSnap - ok
14:47:08.0453 0208 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:47:08.0515 0208 VSS - ok
14:47:08.0562 0208 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
14:47:08.0937 0208 W32Time - ok
14:47:09.0000 0208 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:47:09.0140 0208 Wanarp - ok
14:47:09.0187 0208 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
14:47:09.0234 0208 wanatw - ok
14:47:09.0265 0208 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
14:47:09.0312 0208 wceusbsh - ok
14:47:09.0375 0208 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
14:47:09.0421 0208 Wdf01000 - ok
14:47:09.0437 0208 WDICA - ok
14:47:09.0468 0208 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:47:09.0625 0208 wdmaud - ok
14:47:09.0687 0208 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:47:09.0812 0208 WebClient - ok
14:47:09.0906 0208 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:47:09.0968 0208 winachsf - ok
14:47:10.0031 0208 [ 64898BEA32C12BADDA4218BE88DBD595 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:47:10.0062 0208 WinDefend - ok
14:47:10.0156 0208 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:47:10.0281 0208 winmgmt - ok
14:47:10.0343 0208 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
14:47:10.0359 0208 WinUSB - ok
14:47:10.0390 0208 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:47:10.0515 0208 WmdmPmSN - ok
14:47:10.0578 0208 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:47:10.0640 0208 Wmi - ok
14:47:10.0687 0208 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:47:10.0828 0208 WmiApSrv - ok
14:47:10.0937 0208 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:47:11.0015 0208 WMPNetworkSvc - ok
14:47:11.0046 0208 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
14:47:11.0093 0208 WpdUsb - ok
14:47:11.0203 0208 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:47:11.0265 0208 WPFFontCache_v0400 - ok
14:47:11.0296 0208 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:47:11.0437 0208 WS2IFSL - ok
14:47:11.0484 0208 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:47:11.0625 0208 wscsvc - ok
14:47:11.0656 0208 WSearch - ok
14:47:11.0687 0208 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:47:11.0812 0208 WSTCODEC - ok
14:47:11.0843 0208 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:47:11.0984 0208 wuauserv - ok
14:47:12.0031 0208 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:47:12.0093 0208 WudfPf - ok
14:47:12.0109 0208 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:47:12.0140 0208 WudfRd - ok
14:47:12.0187 0208 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:47:12.0218 0208 WudfSvc - ok
14:47:12.0312 0208 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:47:12.0468 0208 WZCSVC - ok
14:47:12.0515 0208 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:47:12.0656 0208 xmlprov - ok
14:47:12.0703 0208 ================ Scan global ===============================
14:47:12.0750 0208 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:47:12.0812 0208 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:47:12.0843 0208 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:47:12.0875 0208 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:47:12.0875 0208 [Global] - ok
14:47:12.0875 0208 ================ Scan MBR ==================================
14:47:12.0921 0208 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:47:13.0156 0208 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:47:13.0156 0208 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:47:13.0171 0208 ================ Scan VBR ==================================
14:47:13.0171 0208 [ B4E4010A655FD933CD8E162D5824AE03 ] \Device\Harddisk0\DR0\Partition1
14:47:13.0171 0208 \Device\Harddisk0\DR0\Partition1 - ok
14:47:13.0187 0208 [ 4E01E28445CDF8C646B2BED6EEDBA63C ] \Device\Harddisk0\DR0\Partition2
14:47:13.0187 0208 \Device\Harddisk0\DR0\Partition2 - ok
14:47:13.0187 0208 ============================================================
14:47:13.0187 0208 Scan finished
14:47:13.0187 0208 ============================================================
14:47:13.0312 0768 Detected object count: 22
14:47:13.0312 0768 Actual detected object count: 22
14:48:30.0625 0768 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0625 0768 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0625 0768 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0625 0768 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0625 0768 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0625 0768 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0640 0768 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0640 0768 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0640 0768 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0640 0768 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0640 0768 lgatbus ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0640 0768 lgatbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0640 0768 lgatmdm ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0640 0768 lgatmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0640 0768 lgatserd ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0640 0768 lgatserd ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0656 0768 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0656 0768 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0656 0768 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0656 0768 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0656 0768 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0656 0768 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0656 0768 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0656 0768 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0656 0768 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0656 0768 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0671 0768 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0671 0768 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0671 0768 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0671 0768 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0671 0768 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0671 0768 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0671 0768 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0671 0768 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0671 0768 pnetmdm ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0671 0768 pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0687 0768 PrismXL ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0687 0768 PrismXL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0687 0768 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:48:30.0687 0768 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:48:30.0687 0768 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
14:48:30.0687 0768 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:48:30.0734 0768 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:48:30.0750 0768 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:48:30.0906 0768 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:48:31.0000 0768 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:48:31.0156 0768 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:48:31.0218 0768 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:48:31.0296 0768 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:48:39.0750 0768 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:48:39.0859 0768 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:48:39.0875 0768 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:48:39.0875 0768 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:48:39.0953 0768 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:48:39.0984 0768 \Device\Harddisk0\DR0\TDLFS - deleted
14:48:39.0984 0768 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
14:49:05.0828 3720 Deinitialize success
jlec
Geek in Training
Geek in Training
 
Posts: 29
Joined: Thu Sep 27, 2007 8:21 pm

Thanks given:1
Thanks received:0
Top

PreviousNext

Return to Malware Support

Who is online

Users browsing this forum: No registered users and 1 guest