Jump to content

amfufu89

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello Malwarebytes forum,, im here to ask for some help first im trying to install the windows 7 over my win xp pro sp3 without using cd or usb but when i reboot it a message appears "bootmgr is compressed " press ctrl al delete to restart " now i try downloading recovery console from another laptop then use a USB to try to put it on the defect one but nothing happens still the same message! HELP ME PLS!! T_T
  2. BTW. do i need to upgrade it to sp3?? and i can upgrade it now without any errors right?
  3. well thanks for your help ) i really appreciate it
  4. so should i turn on automatic update and get updates??
  5. well i tried to play warcraft III again then i got a new BSOD 0x000000EA and it says it is caused by igxprd32 :< im wondering if is it because my video card cant handle the resolution or not updated drivers? or virus again?? :<
  6. Here Sir !! ) ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=16ffcfb288a05a44b45267428aaba172 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-01 09:36:18 # local_time=2012-09-01 02:36:18 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=66264 # found=3 # cleaned=3 # scan_time=3682 C:\TDSSKiller_Quarantine\31.08.2012_00.02.51\rtkt0000\svc0000\tsk0000.dta Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\31.08.2012_00.02.51\rtkt0000\tdlfs0000\tsk0003.dta Win32/Olmarik.YR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\31.08.2012_13.06.34\tdlfs0000\tsk0003.dta Win32/Olmarik.YR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  7. Quarantine Folder RIGHT??? okay ^^ Yes Sir!!! http://www.mediafire.com/?5bnwpdayf561zlv
  8. i Installed the windows recovery console??? is it okay.? and heres the log of combo fix LOG> ComboFix 12-08-30.05 - Administrator 08/31/2012 13:22:55.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.552 [GMT -7:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\CFLog c:\documents and settings\Administrator\Application Data\Administratorlog.dat c:\documents and settings\Administrator\Application Data\Dealio c:\documents and settings\Administrator\Application Data\Dealio\res\widgets.xml c:\documents and settings\Administrator\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml c:\documents and settings\Administrator\Application Data\PriceGong c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml c:\documents and settings\Administrator\Application Data\Toolbar4 c:\documents and settings\Administrator\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\6f52dca438370b63146a128c3829cc7e c:\documents and settings\Administrator\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\bbb9c886cf2ba534f4be36c9ba863f2f c:\documents and settings\Administrator\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\qa.ssp c:\documents and settings\Administrator\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\speedbit_icon0.2.png c:\documents and settings\Administrator\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\1e6d0a92883b25f29523edfaccfcde3b c:\documents and settings\Administrator\Application Data\Windir c:\documents and settings\Administrator\Local Settings\Application Data\assembly\tmp c:\documents and settings\Administrator\windbg.exe c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\FF\chrome.manifest c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul c:\program files\Dealio Toolbar\FF\chrome\content\login.js c:\program files\Dealio Toolbar\FF\chrome\content\login.xul c:\program files\Dealio Toolbar\FF\chrome\content\parser.js c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css c:\program files\Dealio Toolbar\FF\components\config.ini c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt c:\program files\Dealio Toolbar\FF\install.rdf c:\program files\Dealio Toolbar\IE\4.0.2\config.ini c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\ViOrb c:\program files\ViOrb\resources\flag.png c:\program files\ViOrb\resources\Thumbs.db c:\program files\ViOrb\StartHook.dll c:\program files\ViOrb\ViOrb.exe c:\windows\~GLC0000.TMP c:\windows\explorer(2).exe c:\windows\explorer(3).exe c:\windows\system32\~GLH006b.TMP c:\windows\system32\ctfmon(2).exe c:\windows\system32\ctfmon(3).exe c:\windows\system32\install c:\windows\system32\linkinfo(2).dll c:\windows\system32\linkinfo(3).dll c:\windows\system32\SET1E0.tmp c:\windows\system32\SET1E5.tmp c:\windows\system32\SET1EC.tmp c:\windows\system32\usp10(2).dll c:\windows\system32\VIRepair c:\windows\system32\VIRepair\vi.sif c:\windows\system32\WinDir . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ILVMONEYDRIVER53 -------\Legacy_SSHNAS -------\Service_abp470n5 -------\Service_IlvMoneyDRIVER53 . . ((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 ))))))))))))))))))))))))))))))) . . 2012-08-31 07:04 . 2012-08-31 20:09 -------- dc----w- C:\TDSSKiller_Quarantine 2012-08-30 09:58 . 2012-08-30 09:58 -------- dc----w- c:\documents and settings\Administrator\Application Data\DonationCoder 2012-08-30 09:58 . 2012-08-30 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DonationCoder 2012-08-30 09:58 . 2012-08-31 20:35 -------- d-----w- c:\program files\ProcessTamer 2012-08-21 06:05 . 2012-08-21 06:05 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2012-08-21 06:04 . 2012-08-30 09:05 15612896 ----a-w- c:\program files\Mozilla Firefox\xul.dll 2012-08-16 22:07 . 2012-08-16 22:12 2829 ----a-w- c:\windows\War3Unin.pif 2012-08-16 22:07 . 2012-08-16 22:12 139264 ----a-w- c:\windows\War3Unin.exe 2012-08-16 21:29 . 2012-08-16 21:29 477240 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-08-16 21:15 . 2012-08-30 09:21 -------- dc----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro 2012-08-11 08:18 . 2008-07-01 16:04 34312 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2012-08-11 08:18 . 2008-07-01 15:57 53256 ----a-w- c:\windows\system32\drivers\easdrv.sys 2012-08-11 08:18 . 2008-07-01 15:56 39944 ----a-w- c:\windows\system32\drivers\eamon.sys 2012-08-11 08:01 . 2012-08-11 08:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CRE 2012-08-11 07:58 . 2012-08-11 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2012-08-09 01:48 . 2012-08-31 20:35 -------- d-----w- c:\windows\system32\CatRoot2 2012-08-09 01:16 . 2006-12-29 07:31 19569 ----a-w- c:\windows\005931_.tmp 2012-08-09 00:44 . 2006-12-29 07:31 19569 ----a-w- c:\windows\006001_.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-31 07:05 . 2009-11-17 07:28 57472 ----a-w- c:\windows\system32\drivers\redbook.sys 2012-08-23 23:25 . 2012-03-31 00:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-23 23:25 . 2011-07-02 02:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-05 00:35 . 2009-08-07 03:23 222448 ----a-w- c:\windows\system32\muweb.dll 2012-03-23 17:21 . 2012-03-23 17:21 3993600 ----a-w- c:\program files\GUT35F.tmp 2012-08-30 09:05 . 2012-08-21 06:05 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys . [-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys . [-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys . [-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys . [-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys . [-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys . [-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys . [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys . [-] 2004-08-03 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll . [-] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe . [-] 2004-08-03 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll . [-] 2004-08-03 22:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll . [-] 2004-08-03 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll . [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll [-] 2004-08-03 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\rpcss.dll . [-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\system32\services.exe [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe [-] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe . [-] 2004-08-03 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe . [-] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe . [-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys . [-] 2004-08-03 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [-] 2004-08-03 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2001-08-23 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll . [-] 2004-08-03 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll . [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [-] 2004-08-03 22:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974$\es.dll . [-] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll . [-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll [-] 2004-08-03 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426$\kernel32.dll . [-] 2004-08-03 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll . [-] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll . [-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\mshtml.dll [-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll [-] 2010-02-26 . FC9771E54B65828AA8E032329CD61A79 . 3073024 . . [6.00.2900.3676] . . c:\windows\$hf_mig$\KB980182\SP2QFE\mshtml.dll [-] 2010-02-26 . 9577B285B95EF8F750B2D1A7C3E05285 . 3065344 . . [6.00.2900.3676] . . c:\windows\ie8\mshtml.dll [-] 2010-02-26 . 063D664850A16932F60E7F8830BDF2E1 . 3073024 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3GDR\mshtml.dll [-] 2010-02-26 . EE6B9880933172AE78A1146BE15D6D21 . 3073536 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\mshtml.dll [-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll [-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll [-] 2009-12-22 . BD1365D9400C3DB84D76AE77318E1A8D . 3063808 . . [6.00.2900.3660] . . c:\windows\$NtUninstallKB980182$\mshtml.dll [-] 2009-12-22 . 5747867041C33E26DA5CC893C9532DB8 . 3071488 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll [-] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll [-] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll [-] 2009-10-29 . D1CF72C34BAF70C52797D1CB78D6EE92 . 3070976 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\mshtml.dll [-] 2009-10-29 . 6CAFAA3E8C37CDD0D7441AF82807F70C . 3063296 . . [6.00.2900.3640] . . c:\windows\$NtUninstallKB978207$\mshtml.dll [-] 2009-10-29 . DA551BFEC150760A38A9AD0C95A8A71C . 3073024 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll [-] 2009-10-29 . F3A9E882DF2F155C9395979FF9D7B0A7 . 3070976 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\mshtml.dll [7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll [-] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB976325$\mshtml.dll . [-] 2004-08-03 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll [-] 2004-08-03 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll [-] 2001-08-23 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll . [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll . [-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll [-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll [-] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll . [-] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll . [-] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll . [-] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll . [-] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe . [-] 2004-08-03 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll . [-] 2004-08-03 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll . [-] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe . [-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\system32\wininet.dll [-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll [-] 2010-02-26 . 728AB52393206408EFAD838F797F435D . 662016 . . [6.00.2900.3676] . . c:\windows\ie8\wininet.dll [-] 2010-02-26 . B42B5BCCDB9853F480FDBB80E5604C30 . 668672 . . [6.00.2900.3676] . . c:\windows\$hf_mig$\KB980182\SP2QFE\wininet.dll [-] 2010-02-26 . 6F0C67BA6837D82E2366AEAD046FAF4C . 667136 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3GDR\wininet.dll [-] 2010-02-26 . AEB15B107E1C6543F99D9104BE0DD800 . 668672 . . [6.00.2900.5945] . . c:\windows\$hf_mig$\KB980182\SP3QFE\wininet.dll [-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll [-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll [-] 2009-12-22 . A59054653A2DA13132BE377A650971C9 . 662016 . . [6.00.2900.3660] . . c:\windows\$NtUninstallKB980182$\wininet.dll [-] 2009-12-22 . 3E617A36A895363FBBE6D1D0405D7E12 . 668672 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\wininet.dll [-] 2009-12-22 . 814C265012ED921443C515A591D5BFE1 . 667136 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\wininet.dll [-] 2009-12-22 . BD27AF5C72D2FBFE491D3A3A8429B974 . 668672 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll [-] 2009-10-29 . 228ECFDD44D2D9234BDC6E3FA749AE99 . 662016 . . [6.00.2900.3640] . . c:\windows\$NtUninstallKB978207$\wininet.dll [-] 2009-10-29 . 3839BD07F2C693EFE995F96BAAB7F4BF . 667136 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\wininet.dll [-] 2009-10-29 . 6AC4AA42CC9AAEFAB1D5E4E2AF2E3D2B . 668672 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll [-] 2009-10-29 . DF1F2953B7983F9630CD658899826344 . 668672 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\wininet.dll [7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll [-] 2004-08-03 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB976325$\wininet.dll . [-] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll . [-] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll . [-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe . [-] 2004-08-03 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\regedit.exe . [-] 2004-08-03 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll . [-] 2004-08-03 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll . [-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll [-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\ksuser.dll [-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\ksuser.dll . [-] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe . [-] 2004-08-03 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll . [-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll . [-] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe . [-] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll . [-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntdll.dll [-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll [-] 2009-02-09 . C06986B55981B355090DD34DE809E4BB . 714752 . . [5.1.2600.3520] . . c:\windows\system32\ntdll.dll [-] 2009-02-09 . 2F868BFFBF50524653D7FE0D99AFB064 . 715264 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntdll.dll [-] 2004-08-03 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\ntdll.dll . [-] 2004-08-03 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\system32\MSCTFIME.IME . [-] 2004-08-03 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll . [-] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . [-] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys . [-] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll . [-] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll . [-] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll . [-] 2004-08-03 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll . [-] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll . [-] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll . [-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys . [-] 2004-08-04 06:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys . [-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys . [-] 2001-08-23 11:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll . [-] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll . [-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2004-08-11 09:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2004-08-11 09:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [7] 2004-08-03 22:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll . [-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe [-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe [-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2010-02-16 . 26A901A1840E9E46FFFC6D09B9618CDF . 2016768 . . [5.1.2600.3670] . . c:\windows\system32\ntkrnlpa.exe [-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe [-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe [-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntkrnlpa.exe [-] 2009-12-08 . 5B542B9C2D8D613CE7D24563926F3411 . 2015744 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe [-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\$hf_mig$\KB977165\SP2QFE\ntkrnlpa.exe [-] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe [-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe [-] 2009-08-04 . E832C72D32FA117CB0D033C5EA95B58F . 2015744 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe [-] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe [-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe [-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe [-] 2004-08-03 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe . [-] 2004-08-03 22:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll . [-] 2004-08-03 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll . [-] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll . [-] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll . [-] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll . [-] 2004-08-03 22:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll . [-] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll . [-] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll . [-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe [-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe [-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2010-02-16 . A63052FA8FB8685382E10EE83C326864 . 2137088 . . [5.1.2600.3670] . . c:\windows\system32\ntoskrnl.exe [-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe [-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe [-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe [-] 2009-12-08 . 339EC6940BEBF9775CB65E29E0CD9782 . 2136064 . . [5.1.2600.3654] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe [-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\$hf_mig$\KB977165\SP2QFE\ntoskrnl.exe [-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe [-] 2009-08-04 . 11CDD81560E766101F0032EB05872C1B . 2136064 . . [5.1.2600.3610] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe [-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe [-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe [-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe [-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe [-] 2004-08-03 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe . [-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll . [-] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll . [-] 2004-08-03 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\system32\wiaservc.dll . [-] 2004-08-03 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll . [-] 2004-08-03 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\rasadhlp.dll . [-] 2004-08-03 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\system32\wshtcpip.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\documents and settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-08-11 4440896] "Facebook Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-08-30 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-17 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-17 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-17 141848] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "ProcessTamer"="c:\program files\ProcessTamer\ProcessTamerTray.exe" [2009-03-28 163840] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 53760] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino] 2006-06-29 01:54 49152 ----a-w- c:\windows\Domino.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-07-03 20:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg9wd"=2 (0x2) "MozillaMaintenance"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "AdobeFlashPlayerUpdateSvc"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHid.exe"= "c:\\WINDOWS\\system32\\igfxtray.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\WINDOWS\\system32\\hkcmd.exe"= "c:\\WINDOWS\\system32\\Net.exe"= "c:\\WINDOWS\\system32\\igfxsrvc.exe"= "c:\\WINDOWS\\system32\\net1.exe"= "c:\\WINDOWS\\system32\\igfxpers.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"= "c:\\WINDOWS\\system32\\dumprep.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\WINDOWS\\system32\\taskmgr.exe"= "c:\\Program Files\\WinRAR\\WinRAR.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57080:TCP"= 57080:TCP:Pando Media Booster "57080:UDP"= 57080:UDP:Pando Media Booster "56314:TCP"= 56314:TCP:Pando Media Booster "56314:UDP"= 56314:UDP:Pando Media Booster "57466:TCP"= 57466:TCP:Pando Media Booster "57466:UDP"= 57466:UDP:Pando Media Booster "56247:TCP"= 56247:TCP:Pando Media Booster "56247:UDP"= 56247:UDP:Pando Media Booster "56209:TCP"= 56209:TCP:Pando Media Booster "56209:UDP"= 56209:UDP:Pando Media Booster "1044:TCP"= 1044:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [9/12/2010 8:28 PM 22312] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/3/2004 3:56 PM 14336] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/29/2012 12:59 AM 655944] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/29/2012 12:59 AM 22344] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2011 2:18 PM 136176] S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 3:56 PM 14336] S3 ByakkoDriver;ByakkoDriver;\??\d:\ng3ng0k\Cabal\Byakko.K32 --> d:\ng3ng0k\Cabal\Byakko.K32 [?] S3 ByakkoSvc;ByakkoSvc;d:\ng3ng0k\Cabal\Byakko.exe --> d:\ng3ng0k\Cabal\Byakko.exe [?] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10/18/2011 2:43 AM 78136] S3 dpti930;dpti930;\??\c:\windows\system32\drivers\kvrmqt.sys --> c:\windows\system32\drivers\kvrmqt.sys [?] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?] S3 GUCI_AVS;USB2.0 VGA Video Device;c:\windows\system32\DRIVERS\GUCI_AVS.sys --> c:\windows\system32\DRIVERS\GUCI_AVS.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2011 2:18 PM 136176] S3 LcAgent;LC Remote Agent;c:\windows\Temp\lcagent.exe --> c:\windows\Temp\lcagent.exe [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [10/18/2011 2:43 AM 181432] S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [12/3/2010 5:35 PM 428160] S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?] S3 XDva365;XDva365;\??\c:\windows\system32\XDva365.sys --> c:\windows\system32\XDva365.sys [?] S3 XDva369;XDva369;\??\c:\windows\system32\XDva369.sys --> c:\windows\system32\XDva369.sys [?] S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?] S3 XDva388;XDva388;\??\c:\windows\system32\XDva388.sys --> c:\windows\system32\XDva388.sys [?] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 5:59 PM 250056] S4 Da12prp;Da12prp; [x] S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8/20/2012 11:05 PM 114144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai getPlusHelper REG_MULTI_SZ getPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-06-20 20:47 524288 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:25] . 2012-08-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-790525478-1606980848-725345543-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-30 18:41] . 2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0919b3a0a236.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-23 21:17] . 2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-23 21:17] . 2012-08-31 c:\windows\Tasks\User_Feed_Synchronization-{45F79B54-37FA-4BBF-825B-67858124DE74}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31] . 2012-08-31 c:\windows\Tasks\User_Feed_Synchronization-{EFD369B7-55CC-47E9-88F3-63980F061E47}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.starwebsearch.com/index.php?from=3 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> IE: &Download All using 4shared Desktop - d:\4shared desktop\down_all.htm IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html TCP: DhcpNameServer = 192.168.254.254 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ecitfnq6.default\ . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll BHO-{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - d:\amfufu\updates\RegTweaker\key.dll HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe HKCU-Run-LClock - c:\program files\LClock\LClock.exe HKLM-Run-ITSecMng - c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe HKLM-Run-Apoint - c:\program files\DellTPad\Apoint.exe HKLM-Run-DrvIcon - c:\program files\Vista Drive Icon\DrvIcon.exe HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe SafeBoot-12780170.sys SafeBoot-48304030.sys SafeBoot-94533133.sys MSConfigStartUp-13415tyhewr5234325 - c:\documents and settings\Administrator\Application Data\3T0F1VR85D.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe MSConfigStartUp-BigDog303 - c:\windows\VM303_STI.EXE MSConfigStartUp-GUCI_AVS - c:\windows\PixArt\PAP7501\GUCI_AVS.exe MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe MSConfigStartUp-PACTray - c:\windows\PixArt\PAP7501\PACTray.exe MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe MSConfigStartUp-VisualTooltip - c:\program files\VisualTooltip\VisualToolTip.exe MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe MSConfigStartUp-YouTube Mini - c:\program files\YoutubeDownloader.org\YouTubeDownloader\YouTube Mini.exe AddRemove-Mozilla Embedded Browser_is1 - d:\ng3ng0k\PhpED\Mozilla Browser\unins000.exe AddRemove-PunkBusterSvc - d:\amfufu\BH\pbsvc_heroes.exe AddRemove-VOLUME - d:\mabry\UNWISE.EXE AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe AddRemove-KalydoPlayer - c:\documents and settings\Administrator\Application Data\Kalydo\KalydoPlayer\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-31 13:35 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ByakkoDriver] "ImagePath"="\??\d:\ng3ng0k\Cabal\Byakko.K32" . [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-790525478-1606980848-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,0c,59,ee,23,4d,6a,45,84,52,24,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,e8,6b,37,10,c2,e4,40,b2,c1,ce,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2536) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2012-08-31 13:47:42 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-31 20:47 . Pre-Run: 38,843,654,144 bytes free Post-Run: 43,044,253,696 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - F0A6F66770697145E52C5FA4B454B0A8
  9. TDSSKILLER LOG Part 3: 00:04:11.0234 3252 C:\WINDOWS\system32\wbem\wmisvc.dll - ok 00:04:11.0250 3252 [ 79DABB124D00ADF19852AE879C201890 ] C:\WINDOWS\system32\vssapi.dll 00:04:11.0250 3252 C:\WINDOWS\system32\vssapi.dll - ok 00:04:11.0250 3252 [ 13D72740963CBA12D9FF76A7F218BCD8 ] C:\WINDOWS\system32\wuauserv.dll 00:04:11.0250 3252 C:\WINDOWS\system32\wuauserv.dll - ok 00:04:11.0250 3252 [ 6298277B73C77FA99106B271A7525163 ] C:\WINDOWS\system32\wuaueng.dll 00:04:11.0250 3252 C:\WINDOWS\system32\wuaueng.dll - ok 00:04:11.0265 3252 [ 9BF1A8AF22AADC7727F4E395C5C09B1B ] C:\WINDOWS\system32\mmfinfo.dll 00:04:11.0265 3252 C:\WINDOWS\system32\mmfinfo.dll - ok 00:04:11.0265 3252 [ 4A93524B0DFEEA362DE46B441C7667DC ] C:\WINDOWS\system32\mkunicode.dll 00:04:11.0265 3252 C:\WINDOWS\system32\mkunicode.dll - ok 00:04:11.0281 3252 [ 78399ABE7D00A9C5D405337875AFC76C ] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll 00:04:11.0281 3252 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll - ok 00:04:11.0281 3252 [ 633C197292B4051D986903827DE561A3 ] C:\WINDOWS\system32\mspatcha.dll 00:04:11.0281 3252 C:\WINDOWS\system32\mspatcha.dll - ok 00:04:11.0281 3252 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] C:\WINDOWS\system32\browser.dll 00:04:11.0281 3252 C:\WINDOWS\system32\browser.dll - ok 00:04:11.0296 3252 [ 36CC8C01B5E50163037BEF56CB96DEFF ] C:\WINDOWS\system32\ipnathlp.dll 00:04:11.0296 3252 C:\WINDOWS\system32\ipnathlp.dll - ok 00:04:11.0296 3252 [ 62B7380F7F554116FA3C845049E70C58 ] C:\WINDOWS\system32\igfxpph.dll 00:04:11.0296 3252 C:\WINDOWS\system32\igfxpph.dll - ok 00:04:11.0312 3252 [ 39DD0C97932CDFDCF006569E1A942728 ] C:\WINDOWS\system32\wiavusd.dll 00:04:11.0312 3252 C:\WINDOWS\system32\wiavusd.dll - ok 00:04:11.0312 3252 [ 4D59DAA66C60858CDF4F67A900F42D4A ] C:\WINDOWS\system32\wscsvc.dll 00:04:11.0312 3252 C:\WINDOWS\system32\wscsvc.dll - ok 00:04:11.0328 3252 [ 1D326842006C4BE77ECD848CF89F01AB ] C:\WINDOWS\system32\wups.dll 00:04:11.0328 3252 C:\WINDOWS\system32\wups.dll - ok 00:04:11.0328 3252 [ 5BD1234E11B39C63BBA87022AF6D43C2 ] C:\WINDOWS\system32\wups2.dll 00:04:11.0328 3252 C:\WINDOWS\system32\wups2.dll - ok 00:04:11.0328 3252 [ 36360B625D7290BBA2CD03AD4975E1BC ] C:\WINDOWS\system32\wbem\wbemcore.dll 00:04:11.0328 3252 C:\WINDOWS\system32\wbem\wbemcore.dll - ok 00:04:11.0343 3252 [ DE578E4E6844954823FC7688625F00C8 ] C:\WINDOWS\system32\wbem\esscli.dll 00:04:11.0343 3252 C:\WINDOWS\system32\wbem\esscli.dll - ok 00:04:11.0343 3252 [ 950DF6295D3C6B5F2D508DCB1B275B87 ] C:\WINDOWS\system32\wbem\fastprox.dll 00:04:11.0343 3252 C:\WINDOWS\system32\wbem\fastprox.dll - ok 00:04:11.0343 3252 [ 652603D2A664D9BFC1D5EB0A9FAEA016 ] C:\WINDOWS\system32\comsvcs.dll 00:04:11.0343 3252 C:\WINDOWS\system32\comsvcs.dll - ok 00:04:11.0359 3252 [ 99F43B9B76C88ACEAD42FE84744F8C87 ] C:\WINDOWS\system32\mtxclu.dll 00:04:11.0359 3252 C:\WINDOWS\system32\mtxclu.dll - ok 00:04:11.0359 3252 [ 01A04FB59E76697C9171B6327274D371 ] C:\WINDOWS\system32\colbact.dll 00:04:11.0359 3252 C:\WINDOWS\system32\colbact.dll - ok 00:04:11.0375 3252 [ 98C1FF6676E02D43DA208802286A6EE7 ] C:\WINDOWS\system32\clusapi.dll 00:04:11.0375 3252 C:\WINDOWS\system32\clusapi.dll - ok 00:04:11.0375 3252 [ 2738C8A33FF07DD3C99C7C8F0A85DA72 ] C:\WINDOWS\system32\resutils.dll 00:04:11.0375 3252 C:\WINDOWS\system32\resutils.dll - ok 00:04:11.0375 3252 [ 7D676AC8CC19341117C77C261647BA07 ] C:\WINDOWS\system32\wbem\wbemsvc.dll 00:04:11.0375 3252 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok 00:04:11.0390 3252 [ 0A1161DB4FCCF7821736C70D70A0F5A3 ] C:\WINDOWS\system32\wbem\wmiutils.dll 00:04:11.0390 3252 C:\WINDOWS\system32\wbem\wmiutils.dll - ok 00:04:11.0390 3252 [ 62BB79160F86CD962F312C68C6239BFD ] C:\WINDOWS\system32\wuauclt.exe 00:04:11.0390 3252 C:\WINDOWS\system32\wuauclt.exe - ok 00:04:11.0406 3252 [ 9A66728EFE501D855D0FFE3DE023CE32 ] C:\WINDOWS\system32\wbem\repdrvfs.dll 00:04:11.0406 3252 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok 00:04:11.0406 3252 [ 80B1AA84CD23724C284AD5988F208EB3 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll 00:04:11.0406 3252 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok 00:04:11.0421 3252 [ 6708E1DDF12CAB2D5B5A2B66B76E0038 ] C:\WINDOWS\system32\wbem\wbemess.dll 00:04:11.0421 3252 C:\WINDOWS\system32\wbem\wbemess.dll - ok 00:04:11.0421 3252 [ 009758CC06B7F55B4A4D16A66E243C24 ] C:\WINDOWS\system32\wuapi.dll 00:04:11.0421 3252 C:\WINDOWS\system32\wuapi.dll - ok 00:04:11.0421 3252 [ 6AE613FFF9F9DFEE552652662BFABE41 ] C:\WINDOWS\system32\wbem\ncprov.dll 00:04:11.0421 3252 C:\WINDOWS\system32\wbem\ncprov.dll - ok 00:04:11.0437 3252 [ 7C25440617EEE6F69709AA8C915D2C32 ] C:\WINDOWS\system32\dwwin.exe 00:04:11.0437 3252 C:\WINDOWS\system32\dwwin.exe - ok 00:04:11.0437 3252 [ B60C877D16D9C880B952FDA04ADF16E6 ] C:\WINDOWS\system32\termsrv.dll 00:04:11.0437 3252 C:\WINDOWS\system32\termsrv.dll - ok 00:04:11.0453 3252 [ 37E7DB460A5315E4609B212C6C014527 ] C:\WINDOWS\system32\icaapi.dll 00:04:11.0453 3252 C:\WINDOWS\system32\icaapi.dll - ok 00:04:11.0453 3252 [ F5EE7CACD1784241F138A5E55B715897 ] C:\WINDOWS\system32\mstlsapi.dll 00:04:11.0453 3252 C:\WINDOWS\system32\mstlsapi.dll - ok 00:04:11.0453 3252 [ D18D28CEF9FEA09359C7DE7BE3669F66 ] C:\WINDOWS\system32\wbem\wbemcons.dll 00:04:11.0453 3252 C:\WINDOWS\system32\wbem\wbemcons.dll - ok 00:04:11.0468 3252 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] C:\WINDOWS\system32\imapi.exe 00:04:11.0468 3252 C:\WINDOWS\system32\imapi.exe - ok 00:04:11.0468 3252 [ EF32415C2755E66CA1B345DF68C71243 ] C:\WINDOWS\system32\1033\dwintl.dll 00:04:11.0468 3252 C:\WINDOWS\system32\1033\dwintl.dll - ok 00:04:11.0484 3252 [ E3AE8DC04643850D2DFD431443558B28 ] C:\WINDOWS\system32\netcfgx.dll 00:04:11.0484 3252 C:\WINDOWS\system32\netcfgx.dll - ok 00:04:11.0484 3252 [ 41A3C11E3517C962C9B44893BCEC3B34 ] C:\WINDOWS\system32\rasmans.dll 00:04:11.0484 3252 C:\WINDOWS\system32\rasmans.dll - ok 00:04:11.0500 3252 [ 9F8B0F4276F618964FD118BE4289B7CD ] C:\WINDOWS\system32\drivers\http.sys 00:04:11.0500 3252 C:\WINDOWS\system32\drivers\http.sys - ok 00:04:11.0500 3252 [ 4B8D61792F7175BED48859CC18CE4E38 ] C:\WINDOWS\system32\ssdpsrv.dll 00:04:11.0500 3252 C:\WINDOWS\system32\ssdpsrv.dll - ok 00:04:11.0500 3252 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] C:\WINDOWS\system32\tapisrv.dll 00:04:11.0500 3252 C:\WINDOWS\system32\tapisrv.dll - ok 00:04:11.0515 3252 [ 1D536BEBC30DD8D0D3B6FF3B0CD2D32B ] C:\WINDOWS\system32\rastapi.dll 00:04:11.0515 3252 C:\WINDOWS\system32\rastapi.dll - ok 00:04:11.0515 3252 [ 1DFD6E8DA0FE2D14A5FA12CFCFB162C1 ] C:\WINDOWS\system32\unimdm.tsp 00:04:11.0515 3252 C:\WINDOWS\system32\unimdm.tsp - ok 00:04:11.0531 3252 [ 3AB4213BF48F9062E087B909832AA8E6 ] C:\WINDOWS\system32\uniplat.dll 00:04:11.0531 3252 C:\WINDOWS\system32\uniplat.dll - ok 00:04:11.0531 3252 [ 49911DD39E023BB6C45E4E436CFBD297 ] C:\WINDOWS\system32\wscntfy.exe 00:04:11.0531 3252 C:\WINDOWS\system32\wscntfy.exe - ok 00:04:11.0546 3252 [ 731F22BA402EE4B62748ADAF6363C182 ] C:\WINDOWS\system32\drivers\ipfltdrv.sys 00:04:11.0546 3252 C:\WINDOWS\system32\drivers\ipfltdrv.sys - ok 00:04:11.0546 3252 [ DA285490BBD8A1D0CE6623577D5BA1FF ] C:\WINDOWS\system32\rundll32.exe 00:04:11.0546 3252 C:\WINDOWS\system32\rundll32.exe - ok 00:04:11.0546 3252 [ D39D208F543C7F539D03077742E88260 ] C:\WINDOWS\system32\newdev.dll 00:04:11.0546 3252 C:\WINDOWS\system32\newdev.dll - ok 00:04:11.0562 3252 [ 2DBFBD419C332E4361E35528E611B0A0 ] C:\WINDOWS\system32\unimdmat.dll 00:04:11.0562 3252 C:\WINDOWS\system32\unimdmat.dll - ok 00:04:11.0562 3252 ============================================================ 00:04:11.0562 3252 Scan finished 00:04:11.0562 3252 ============================================================ 00:04:11.0671 3244 Detected object count: 239 00:04:11.0687 3244 Actual detected object count: 239 00:04:36.0687 3244 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0687 3244 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0687 3244 ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0687 3244 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0687 3244 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0687 3244 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0687 3244 aec ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0687 3244 aec ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0703 3244 AFD ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0703 3244 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0703 3244 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 00:04:36.0703 3244 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 00:04:36.0703 3244 Alerter ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0703 3244 Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0703 3244 AppMgmt ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0703 3244 AppMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0703 3244 AR5416 ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0703 3244 AR5416 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0703 3244 Arp1394 ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0703 3244 Arp1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0718 3244 AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0718 3244 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0718 3244 atapi ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0718 3244 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0718 3244 Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0718 3244 Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0718 3244 AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0718 3244 AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0718 3244 audstub ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0718 3244 audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0718 3244 Beep ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0718 3244 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0734 3244 BITS ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0734 3244 BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0734 3244 Browser ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0734 3244 Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0734 3244 cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0734 3244 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0734 3244 CCDECODE ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0734 3244 CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0734 3244 Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0734 3244 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0734 3244 Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0734 3244 Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0750 3244 Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0750 3244 Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0750 3244 CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0750 3244 CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0750 3244 ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0750 3244 ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0750 3244 CmBatt ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0750 3244 CmBatt ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0750 3244 Compbatt ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0750 3244 Compbatt ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0750 3244 CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0750 3244 CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0765 3244 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0765 3244 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0765 3244 Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0765 3244 Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0765 3244 Disk ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0765 3244 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0765 3244 dmboot ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0765 3244 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0765 3244 dmio ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0765 3244 dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0765 3244 dmload ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0765 3244 dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0765 3244 dmserver ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0765 3244 dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0781 3244 DMusic ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0781 3244 DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0781 3244 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0781 3244 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0781 3244 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0781 3244 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0781 3244 ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0781 3244 ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0781 3244 Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0781 3244 Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0781 3244 EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0781 3244 EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0796 3244 Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0796 3244 Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0796 3244 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0796 3244 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0796 3244 Fdc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0796 3244 Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0796 3244 Fips ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0796 3244 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0796 3244 Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0796 3244 Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0796 3244 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0796 3244 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0812 3244 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0812 3244 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0812 3244 Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0812 3244 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0812 3244 Gpc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0812 3244 Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0812 3244 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0812 3244 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0812 3244 helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0812 3244 helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0812 3244 HidUsb ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0812 3244 HidUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0828 3244 HPZid412 ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0828 3244 HPZid412 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0828 3244 HPZipr12 ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0828 3244 HPZipr12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0828 3244 HPZius12 ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0828 3244 HPZius12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0828 3244 HSFHWAZL ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0828 3244 HSFHWAZL ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0828 3244 HSF_DPV ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0828 3244 HSF_DPV ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0828 3244 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0828 3244 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0843 3244 HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0843 3244 HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0843 3244 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0843 3244 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0843 3244 Imapi ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0843 3244 Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0843 3244 ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0843 3244 ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0843 3244 intelppm ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0843 3244 intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0843 3244 Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0843 3244 Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0859 3244 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0859 3244 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0859 3244 IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0859 3244 IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0859 3244 IpNat ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0859 3244 IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0859 3244 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0859 3244 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0859 3244 IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0859 3244 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0859 3244 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0859 3244 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0859 3244 JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0875 3244 JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0875 3244 Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0875 3244 Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0875 3244 kmixer ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0875 3244 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0875 3244 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0875 3244 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0875 3244 lanmanserver ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0875 3244 lanmanserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0875 3244 lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0875 3244 lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0875 3244 LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0875 3244 LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0890 3244 mdmxsdk ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0890 3244 mdmxsdk ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0890 3244 Messenger ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0890 3244 Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0890 3244 mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0890 3244 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0890 3244 mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0890 3244 mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0890 3244 Modem ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0890 3244 Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0890 3244 Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0890 3244 Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0906 3244 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0906 3244 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0906 3244 MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0906 3244 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0906 3244 MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0906 3244 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0906 3244 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0906 3244 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0906 3244 MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0906 3244 MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0906 3244 Msfs ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0906 3244 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0921 3244 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0921 3244 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0921 3244 MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0921 3244 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0921 3244 MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0921 3244 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0921 3244 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0921 3244 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0921 3244 MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0921 3244 MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0921 3244 Mup ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0921 3244 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0937 3244 NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0937 3244 NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0937 3244 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0937 3244 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0937 3244 NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0937 3244 NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0937 3244 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0937 3244 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0937 3244 Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0937 3244 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0937 3244 NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0937 3244 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0953 3244 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0953 3244 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0953 3244 NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0953 3244 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0953 3244 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0953 3244 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0953 3244 NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0953 3244 NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0953 3244 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0953 3244 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0953 3244 Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0953 3244 Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0953 3244 Netman ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0953 3244 Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0968 3244 NIC1394 ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0968 3244 NIC1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0968 3244 Nla ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0968 3244 Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0968 3244 Npfs ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0968 3244 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0968 3244 Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0968 3244 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0968 3244 NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0968 3244 NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0984 3244 NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0984 3244 NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0984 3244 Null ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0984 3244 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0984 3244 NWCWorkstation ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0984 3244 NWCWorkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0984 3244 NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0984 3244 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0984 3244 NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0984 3244 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:36.0984 3244 NwlnkIpx ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:36.0984 3244 NwlnkIpx ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0000 3244 NwlnkNb ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0000 3244 NwlnkNb ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0000 3244 NwlnkSpx ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0000 3244 NwlnkSpx ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0000 3244 NWRDR ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0000 3244 NWRDR ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0000 3244 ohci1394 ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0000 3244 ohci1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0000 3244 Parport ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0000 3244 Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0000 3244 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0000 3244 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0015 3244 ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0015 3244 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0015 3244 PCI ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0015 3244 PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0015 3244 PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0015 3244 PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0015 3244 Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0015 3244 Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0015 3244 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0015 3244 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0015 3244 PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0015 3244 PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0031 3244 PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0031 3244 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0031 3244 ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0031 3244 ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0031 3244 PSched ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0031 3244 PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0031 3244 Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0031 3244 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0031 3244 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0031 3244 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0031 3244 RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0031 3244 RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0046 3244 Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0046 3244 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0046 3244 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0046 3244 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0046 3244 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0046 3244 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0046 3244 Raspti ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0046 3244 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0046 3244 Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0046 3244 Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0046 3244 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0046 3244 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0062 3244 rdpdr ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0062 3244 rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0062 3244 RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0062 3244 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0062 3244 RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:37.0062 3244 RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:37.0140 3244 C:\WINDOWS\system32\DRIVERS\redbook.sys - copied to quarantine 00:04:37.0250 3244 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 00:04:37.0250 3244 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine 00:04:37.0250 3244 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine 00:04:37.0265 3244 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine 00:04:37.0265 3244 \Device\Harddisk0\DR0\TDLFS\data.db - copied to quarantine 00:04:37.0265 3244 \Device\Harddisk0\DR0\TDLFS\data.js - copied to quarantine 00:04:38.0765 3244 Backup copy not found, trying to cure infected file.. 00:04:38.0765 3244 Cure success, using it.. 00:04:38.0781 3244 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot 00:04:38.0781 3244 redbook ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure 00:04:38.0781 3244 RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0781 3244 RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0781 3244 RemoteRegistry ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0781 3244 RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0781 3244 rimmptsk ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0781 3244 rimmptsk ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0796 3244 ROOTMODEM ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0796 3244 ROOTMODEM ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0796 3244 RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0796 3244 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0796 3244 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0796 3244 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0796 3244 RSVP ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0796 3244 RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0796 3244 RTLE8023xp ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0796 3244 RTLE8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0796 3244 SamSs ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0796 3244 SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0812 3244 SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0812 3244 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0812 3244 Schedule ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0812 3244 Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0812 3244 sdbus ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0812 3244 sdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0812 3244 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0812 3244 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0812 3244 seclogon ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0812 3244 seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0828 3244 SENS ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0828 3244 SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0828 3244 Serial ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0828 3244 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0828 3244 sffdisk ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0828 3244 sffdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0828 3244 sffp_sd ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0828 3244 sffp_sd ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0828 3244 Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0828 3244 Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0828 3244 SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0828 3244 SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0843 3244 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0843 3244 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0843 3244 SLIP ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0843 3244 SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0843 3244 splitter ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0843 3244 splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0843 3244 Spooler ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0843 3244 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0843 3244 sr ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0843 3244 sr ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0843 3244 srservice ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0843 3244 srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0859 3244 Srv ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0859 3244 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0859 3244 SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0859 3244 SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0859 3244 stisvc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0859 3244 stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0859 3244 streamip ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0859 3244 streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0859 3244 swenum ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0859 3244 swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0859 3244 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0859 3244 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0875 3244 sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0875 3244 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0875 3244 SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0875 3244 SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0875 3244 TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0875 3244 TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0875 3244 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0875 3244 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0875 3244 TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0875 3244 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0875 3244 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0875 3244 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0890 3244 TermDD ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0890 3244 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0890 3244 TermService ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0890 3244 TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0890 3244 Themes ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0890 3244 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0890 3244 TlntSvr ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0890 3244 TlntSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0890 3244 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0890 3244 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0890 3244 tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0890 3244 tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0906 3244 tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0906 3244 tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0906 3244 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0906 3244 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0906 3244 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0906 3244 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0906 3244 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0906 3244 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0906 3244 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0906 3244 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0906 3244 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0906 3244 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0921 3244 TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0921 3244 TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0921 3244 Udfs ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0921 3244 Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0921 3244 Update ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0921 3244 Update ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0921 3244 upnphost ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0921 3244 upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0921 3244 UPS ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0921 3244 UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0921 3244 usbaudio ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0921 3244 usbaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0937 3244 usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0937 3244 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0937 3244 usbehci ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0937 3244 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0937 3244 usbhub ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0937 3244 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0937 3244 usbprint ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0937 3244 usbprint ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0937 3244 usbscan ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0937 3244 usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0937 3244 USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0953 3244 USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0953 3244 usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0953 3244 usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0953 3244 usbvideo ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0953 3244 usbvideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0953 3244 VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0953 3244 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0953 3244 vmfilter303 ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0953 3244 vmfilter303 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0953 3244 VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0953 3244 VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0953 3244 VSS ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0953 3244 VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0968 3244 W32Time ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0968 3244 W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0968 3244 Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0968 3244 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0968 3244 wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0968 3244 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0968 3244 WebClient ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0968 3244 WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0968 3244 winachsf ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0968 3244 winachsf ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0968 3244 winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0968 3244 winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0984 3244 WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0984 3244 WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0984 3244 Wmi ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0984 3244 Wmi ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0984 3244 WmiAcpi ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0984 3244 WmiAcpi ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0984 3244 WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0984 3244 WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0984 3244 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:38.0984 3244 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:38.0984 3244 WpdUsb ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:39.0000 3244 WpdUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:39.0000 3244 WS2IFSL ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:39.0000 3244 WS2IFSL ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:39.0000 3244 wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:39.0000 3244 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:39.0000 3244 WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:39.0000 3244 WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:39.0000 3244 wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:39.0000 3244 wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:39.0000 3244 WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:39.0000 3244 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:39.0015 3244 WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:39.0015 3244 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:39.0015 3244 WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:39.0015 3244 WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:39.0015 3244 WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:39.0015 3244 WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:39.0015 3244 xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:39.0015 3244 xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:39.0015 3244 ZSMC303 ( UnsignedFile.Multi.Generic ) - skipped by user 00:04:39.0015 3244 ZSMC303 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:04:39.0015 3244 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 00:04:39.0015 3244 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 00:05:00.0093 0568 Deinitialize success
  10. TDSSKILLER LOG : Continuation Part 2 00:04:09.0203 3252 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys 00:04:09.0203 3252 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok 00:04:09.0203 3252 [ 561B3A4333CA2DBDBA28B5B956822519 ] C:\WINDOWS\system32\drivers\msfs.sys 00:04:09.0203 3252 C:\WINDOWS\system32\drivers\msfs.sys - ok 00:04:09.0203 3252 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] C:\WINDOWS\system32\drivers\npfs.sys 00:04:09.0203 3252 C:\WINDOWS\system32\drivers\npfs.sys - ok 00:04:09.0218 3252 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] C:\WINDOWS\system32\drivers\ipsec.sys 00:04:09.0218 3252 C:\WINDOWS\system32\drivers\ipsec.sys - ok 00:04:09.0218 3252 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys 00:04:09.0218 3252 C:\WINDOWS\system32\drivers\rasacd.sys - ok 00:04:09.0234 3252 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] C:\WINDOWS\system32\drivers\tcpip.sys 00:04:09.0234 3252 C:\WINDOWS\system32\drivers\tcpip.sys - ok 00:04:09.0234 3252 [ 0C80E410CD2F47134407EE7DD19CC86B ] C:\WINDOWS\system32\drivers\netbt.sys 00:04:09.0234 3252 C:\WINDOWS\system32\drivers\netbt.sys - ok 00:04:09.0250 3252 [ 55E6E1C51B6D30E54335750955453702 ] C:\WINDOWS\system32\drivers\afd.sys 00:04:09.0250 3252 C:\WINDOWS\system32\drivers\afd.sys - ok 00:04:09.0250 3252 [ B5A8E215AC29D24D60B4D1250EF05ACE ] C:\WINDOWS\system32\drivers\ipnat.sys 00:04:09.0250 3252 C:\WINDOWS\system32\drivers\ipnat.sys - ok 00:04:09.0265 3252 [ 984EF0B9788ABF89974CFED4BFBAACBC ] C:\WINDOWS\system32\drivers\wanarp.sys 00:04:09.0265 3252 C:\WINDOWS\system32\drivers\wanarp.sys - ok 00:04:09.0265 3252 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] C:\WINDOWS\system32\drivers\arp1394.sys 00:04:09.0265 3252 C:\WINDOWS\system32\drivers\arp1394.sys - ok 00:04:09.0265 3252 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] C:\WINDOWS\system32\drivers\netbios.sys 00:04:09.0265 3252 C:\WINDOWS\system32\drivers\netbios.sys - ok 00:04:09.0281 3252 [ 29D66245ADBA878FFF574CD66ABD2884 ] C:\WINDOWS\system32\drivers\rdbss.sys 00:04:09.0281 3252 C:\WINDOWS\system32\drivers\rdbss.sys - ok 00:04:09.0281 3252 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] C:\WINDOWS\system32\drivers\mrxsmb.sys 00:04:09.0281 3252 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok 00:04:09.0296 3252 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] C:\WINDOWS\system32\drivers\fips.sys 00:04:09.0296 3252 C:\WINDOWS\system32\drivers\fips.sys - ok 00:04:09.0296 3252 [ B8EAC99B14772BDC36CA963AED109FA2 ] C:\WINDOWS\system32\drivers\dddsk.sys 00:04:09.0296 3252 C:\WINDOWS\system32\drivers\dddsk.sys - ok 00:04:09.0296 3252 [ BD7FB0957C716F1A60333AEE04DE2178 ] C:\WINDOWS\system32\smss.exe 00:04:09.0296 3252 C:\WINDOWS\system32\smss.exe - ok 00:04:09.0312 3252 [ F6680C77BE134C81CC67F91986022701 ] C:\WINDOWS\system32\drivers\tosrfusb.sys 00:04:09.0312 3252 C:\WINDOWS\system32\drivers\tosrfusb.sys - ok 00:04:09.0312 3252 [ C06986B55981B355090DD34DE809E4BB ] C:\WINDOWS\system32\ntdll.dll 00:04:09.0312 3252 C:\WINDOWS\system32\ntdll.dll - ok 00:04:09.0328 3252 [ B3415B9D6026F65E43089ABED096C38C ] C:\WINDOWS\system32\autochk.exe 00:04:09.0328 3252 C:\WINDOWS\system32\autochk.exe - ok 00:04:09.0328 3252 [ 30A609E00BD1D4FFC49D6B5A432BE7F2 ] C:\WINDOWS\system32\sfcfiles.dll 00:04:09.0328 3252 C:\WINDOWS\system32\sfcfiles.dll - ok 00:04:09.0328 3252 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] C:\WINDOWS\system32\drivers\usbccgp.sys 00:04:09.0328 3252 C:\WINDOWS\system32\drivers\usbccgp.sys - ok 00:04:09.0343 3252 [ CD7D5152DF32B47F4E36F710B35AAE02 ] C:\WINDOWS\system32\drivers\cdfs.sys 00:04:09.0343 3252 C:\WINDOWS\system32\drivers\cdfs.sys - ok 00:04:09.0343 3252 [ CD6E9C27ADC6B37B0B3DF29CC83E15A7 ] C:\WINDOWS\system32\drivers\tosrfbd.sys 00:04:09.0343 3252 C:\WINDOWS\system32\drivers\tosrfbd.sys - ok 00:04:09.0359 3252 [ 8968FF3973A883C49E8B564200F565B9 ] C:\WINDOWS\system32\drivers\usbvideo.sys 00:04:09.0359 3252 C:\WINDOWS\system32\drivers\usbvideo.sys - ok 00:04:09.0359 3252 [ 45A0D14B26C35497AD93BCE7E15C9941 ] C:\WINDOWS\system32\drivers\USBAUDIO.sys 00:04:09.0359 3252 C:\WINDOWS\system32\drivers\USBAUDIO.sys - ok 00:04:09.0359 3252 [ D3F87C46C7C9E5DB99FBD3D17121B891 ] C:\WINDOWS\system32\drivers\Tosrfhid.sys 00:04:09.0359 3252 C:\WINDOWS\system32\drivers\Tosrfhid.sys - ok 00:04:09.0375 3252 [ 181E217A7A326817D97946D045B3CB46 ] C:\WINDOWS\system32\drivers\tosrfbnp.sys 00:04:09.0375 3252 C:\WINDOWS\system32\drivers\tosrfbnp.sys - ok 00:04:09.0375 3252 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] C:\WINDOWS\system32\drivers\tosrfnds.sys 00:04:09.0375 3252 C:\WINDOWS\system32\drivers\tosrfnds.sys - ok 00:04:09.0390 3252 [ 5FFF41CD5108E9051D255C37825AF697 ] C:\WINDOWS\system32\drivers\hidparse.sys 00:04:09.0390 3252 C:\WINDOWS\system32\drivers\hidparse.sys - ok 00:04:09.0390 3252 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] C:\WINDOWS\system32\drivers\KMWDFILTER.sys 00:04:09.0390 3252 C:\WINDOWS\system32\drivers\KMWDFILTER.sys - ok 00:04:09.0390 3252 [ 378055AB8DDA86228683C697C4E11685 ] C:\WINDOWS\system32\drivers\hidclass.sys 00:04:09.0390 3252 C:\WINDOWS\system32\drivers\hidclass.sys - ok 00:04:09.0406 3252 [ 1DE6783B918F540149AA69943BDFEBA8 ] C:\WINDOWS\system32\drivers\hidusb.sys 00:04:09.0406 3252 C:\WINDOWS\system32\drivers\hidusb.sys - ok 00:04:09.0406 3252 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys 00:04:09.0406 3252 C:\WINDOWS\system32\drivers\mouhid.sys - ok 00:04:09.0421 3252 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys 00:04:09.0421 3252 C:\WINDOWS\system32\drivers\dxapi.sys - ok 00:04:09.0421 3252 [ C9BF2F12C4E6C12F8A85FBA4B6BC6208 ] C:\WINDOWS\system32\watchdog.sys 00:04:09.0421 3252 C:\WINDOWS\system32\watchdog.sys - ok 00:04:09.0421 3252 [ 7190A8EBD16D56C78864E49C9BB5FE7D ] C:\WINDOWS\system32\win32k.sys 00:04:09.0421 3252 C:\WINDOWS\system32\win32k.sys - ok 00:04:09.0437 3252 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll 00:04:09.0437 3252 C:\WINDOWS\system32\basesrv.dll - ok 00:04:09.0437 3252 [ EFD2862F003538B9A5B4C015F8FDB1B3 ] C:\WINDOWS\system32\csrsrv.dll 00:04:09.0437 3252 C:\WINDOWS\system32\csrsrv.dll - ok 00:04:09.0453 3252 [ F12B178B1678D778CFD3FF1FC38C71FB ] C:\WINDOWS\system32\csrss.exe 00:04:09.0453 3252 C:\WINDOWS\system32\csrss.exe - ok 00:04:09.0453 3252 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll 00:04:09.0453 3252 C:\WINDOWS\system32\winsrv.dll - ok 00:04:09.0453 3252 [ C72661F8552ACE7C5C85E16A3CF505C4 ] C:\WINDOWS\system32\user32.dll 00:04:09.0453 3252 C:\WINDOWS\system32\user32.dll - ok 00:04:09.0468 3252 [ B6ACAED7588295129791E0E6A2B0FADE ] C:\WINDOWS\system32\kernel32.dll 00:04:09.0468 3252 C:\WINDOWS\system32\kernel32.dll - ok 00:04:09.0468 3252 [ 0C07B16769E579F78C541773D0A2E7E0 ] C:\WINDOWS\system32\gdi32.dll 00:04:09.0468 3252 C:\WINDOWS\system32\gdi32.dll - ok 00:04:09.0484 3252 [ D3DAC8432110AAD0B02A58B4459AB835 ] C:\WINDOWS\system32\drivers\dxg.sys 00:04:09.0484 3252 C:\WINDOWS\system32\drivers\dxg.sys - ok 00:04:09.0484 3252 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys 00:04:09.0484 3252 C:\WINDOWS\system32\drivers\dxgthk.sys - ok 00:04:09.0500 3252 [ DF5AE7C74571B14930886D95F52167B5 ] C:\WINDOWS\system32\igxpgd32.dll 00:04:09.0500 3252 C:\WINDOWS\system32\igxpgd32.dll - ok 00:04:09.0500 3252 [ 72D5187B523B7865A55CE01C6DB4EF0B ] C:\WINDOWS\system32\igxprd32.dll 00:04:09.0500 3252 C:\WINDOWS\system32\igxprd32.dll - ok 00:04:09.0515 3252 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll 00:04:09.0515 3252 C:\WINDOWS\system32\vga.dll - ok 00:04:09.0515 3252 [ 24F596A4E38F15BC2C38414F5EE79314 ] C:\WINDOWS\system32\igxpdv32.dll 00:04:09.0515 3252 C:\WINDOWS\system32\igxpdv32.dll - ok 00:04:09.0515 3252 [ F2CF63898D484DC91F8DFA1EE65BD099 ] C:\WINDOWS\system32\igxpdx32.dll 00:04:09.0515 3252 C:\WINDOWS\system32\igxpdx32.dll - ok 00:04:09.0531 3252 [ 01C3346C241652F43AED8E2149881BFE ] C:\WINDOWS\system32\winlogon.exe 00:04:09.0531 3252 C:\WINDOWS\system32\winlogon.exe - ok 00:04:09.0531 3252 [ 1081C185AED0660B2B5F173C3E023B23 ] C:\WINDOWS\system32\advapi32.dll 00:04:09.0531 3252 C:\WINDOWS\system32\advapi32.dll - ok 00:04:09.0546 3252 [ 461B6E2F04112E659280314B7A414F30 ] C:\WINDOWS\system32\rpcrt4.dll 00:04:09.0546 3252 C:\WINDOWS\system32\rpcrt4.dll - ok 00:04:09.0546 3252 [ 174F3D2CA3C9E53643772A67C36BE5AF ] C:\WINDOWS\system32\secur32.dll 00:04:09.0546 3252 C:\WINDOWS\system32\secur32.dll - ok 00:04:09.0546 3252 [ A3930A43856BD52772BA475648D6DB5B ] C:\WINDOWS\system32\authz.dll 00:04:09.0546 3252 C:\WINDOWS\system32\authz.dll - ok 00:04:09.0562 3252 [ B0FEFA816D61EC66AA765DDF534EAB5E ] C:\WINDOWS\system32\msvcrt.dll 00:04:09.0562 3252 C:\WINDOWS\system32\msvcrt.dll - ok 00:04:09.0562 3252 [ EFC958396A7A7EF7E6D4A52B97512E18 ] C:\WINDOWS\system32\crypt32.dll 00:04:09.0562 3252 C:\WINDOWS\system32\crypt32.dll - ok 00:04:09.0578 3252 [ DDE959EFC7CD79D1AC4BDA320A959DC0 ] C:\WINDOWS\system32\msasn1.dll 00:04:09.0578 3252 C:\WINDOWS\system32\msasn1.dll - ok 00:04:09.0578 3252 [ 458AB591E8CF240CC105A23671F2C3D6 ] C:\WINDOWS\system32\nddeapi.dll 00:04:09.0578 3252 C:\WINDOWS\system32\nddeapi.dll - ok 00:04:09.0593 3252 [ 0A457307006530FD03A797F572A067FA ] C:\WINDOWS\system32\netapi32.dll 00:04:09.0593 3252 C:\WINDOWS\system32\netapi32.dll - ok 00:04:09.0593 3252 [ FE4F71711CF5C17ADE5E506348132D24 ] C:\WINDOWS\system32\profmap.dll 00:04:09.0593 3252 C:\WINDOWS\system32\profmap.dll - ok 00:04:09.0593 3252 [ 2B9B56A89A8A42E917511972A6DB36E3 ] C:\WINDOWS\system32\userenv.dll 00:04:09.0593 3252 C:\WINDOWS\system32\userenv.dll - ok 00:04:09.0609 3252 [ 96E48C7EB9089D1DBF6F85CA11B264DF ] C:\WINDOWS\system32\psapi.dll 00:04:09.0609 3252 C:\WINDOWS\system32\psapi.dll - ok 00:04:09.0609 3252 [ 899ED710FDC37EB7D0115C2932C2B1EB ] C:\WINDOWS\system32\regapi.dll 00:04:09.0609 3252 C:\WINDOWS\system32\regapi.dll - ok 00:04:09.0625 3252 [ 7808313CBC634EE08346D5DDFEF1CC5F ] C:\WINDOWS\system32\setupapi.dll 00:04:09.0625 3252 C:\WINDOWS\system32\setupapi.dll - ok 00:04:09.0625 3252 [ D38408967BE738D0C1B47005BCE8CEEB ] C:\WINDOWS\system32\version.dll 00:04:09.0625 3252 C:\WINDOWS\system32\version.dll - ok 00:04:09.0625 3252 [ 5AFCE94E8286B2F57A04DA37F01BF21A ] C:\WINDOWS\system32\imagehlp.dll 00:04:09.0625 3252 C:\WINDOWS\system32\imagehlp.dll - ok 00:04:09.0640 3252 [ 7BC4BA4C33ADF3EF5CD370D99BC60B04 ] C:\WINDOWS\system32\winsta.dll 00:04:09.0640 3252 C:\WINDOWS\system32\winsta.dll - ok 00:04:09.0640 3252 [ 1955BD9737BE6F4B72AD7A4859B4E300 ] C:\WINDOWS\system32\wintrust.dll 00:04:09.0640 3252 C:\WINDOWS\system32\wintrust.dll - ok 00:04:09.0656 3252 [ 87CA7CE6469577F059297B9D6556D66D ] C:\WINDOWS\system32\imm32.dll 00:04:09.0656 3252 C:\WINDOWS\system32\imm32.dll - ok 00:04:09.0656 3252 [ F28EB5CBC3CA6D8C787F09F047D1F9C8 ] C:\WINDOWS\system32\msvbvm60.dll 00:04:09.0656 3252 C:\WINDOWS\system32\msvbvm60.dll - ok 00:04:09.0656 3252 [ 9BEACB911CA61E5881102188AB7FB431 ] C:\WINDOWS\system32\ws2help.dll 00:04:09.0656 3252 C:\WINDOWS\system32\ws2help.dll - ok 00:04:09.0671 3252 [ 2ED0B7F12A60F90092081C50FA0EC2B2 ] C:\WINDOWS\system32\ws2_32.dll 00:04:09.0671 3252 C:\WINDOWS\system32\ws2_32.dll - ok 00:04:09.0671 3252 [ 4FE9D9FA62D020E35E0AC6D1AEEB96F0 ] C:\WINDOWS\system32\ole32.dll 00:04:09.0671 3252 C:\WINDOWS\system32\ole32.dll - ok 00:04:09.0687 3252 [ B3742DEE858B243E77C73D2B8F7C8223 ] C:\WINDOWS\system32\oleaut32.dll 00:04:09.0687 3252 C:\WINDOWS\system32\oleaut32.dll - ok 00:04:09.0687 3252 [ E028B7125B7B8DA90F55B23FC6A20631 ] C:\WINDOWS\system32\dinput.dll 00:04:09.0687 3252 C:\WINDOWS\system32\dinput.dll - ok 00:04:09.0703 3252 [ 90FDAA22F38D9E911F91FA3B8A1F7E5D ] C:\WINDOWS\system32\winmm.dll 00:04:09.0703 3252 C:\WINDOWS\system32\winmm.dll - ok 00:04:09.0703 3252 [ 9885269505AF14E11C6DD95E27BC6430 ] C:\WINDOWS\system32\shlwapi.dll 00:04:09.0703 3252 C:\WINDOWS\system32\shlwapi.dll - ok 00:04:09.0703 3252 [ 176497D0E7AE618860552A4B5635B206 ] C:\WINDOWS\system32\dnsapi.dll 00:04:09.0703 3252 C:\WINDOWS\system32\dnsapi.dll - ok 00:04:09.0718 3252 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll 00:04:09.0718 3252 C:\WINDOWS\system32\kbdus.dll - ok 00:04:09.0718 3252 [ 097722F235A1FB698BF9234E01B52637 ] C:\WINDOWS\system32\mswsock.dll 00:04:09.0718 3252 C:\WINDOWS\system32\mswsock.dll - ok 00:04:09.0734 3252 [ A29AF639AA180CC68C59242A10E1D3B1 ] C:\WINDOWS\system32\msgina.dll 00:04:09.0734 3252 C:\WINDOWS\system32\msgina.dll - ok 00:04:09.0734 3252 [ 56B6333DDA2576803F99F0EA373D0A7B ] C:\WINDOWS\system32\shell32.dll 00:04:09.0734 3252 C:\WINDOWS\system32\shell32.dll - ok 00:04:09.0734 3252 [ A77DFB85FAEE49D66C74DA6024EBC69B ] C:\WINDOWS\system32\comctl32.dll 00:04:09.0734 3252 C:\WINDOWS\system32\comctl32.dll - ok 00:04:09.0750 3252 [ 1EDB1BB89D021955E6F7265911175B8D ] C:\WINDOWS\system32\comdlg32.dll 00:04:09.0750 3252 C:\WINDOWS\system32\comdlg32.dll - ok 00:04:09.0750 3252 [ F79D7D98CD764499ECCBAAF3F800D349 ] C:\WINDOWS\system32\odbc32.dll 00:04:09.0750 3252 C:\WINDOWS\system32\odbc32.dll - ok 00:04:09.0765 3252 [ BCDF5F4BAE714231ECC916A1EF724627 ] C:\WINDOWS\system32\sxs.dll 00:04:09.0765 3252 C:\WINDOWS\system32\sxs.dll - ok 00:04:09.0765 3252 [ 5AF68A5E44734A082442668E9C787743 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 00:04:09.0765 3252 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll - ok 00:04:09.0765 3252 [ C237FB08F52F27823C4E4E6705ECD196 ] C:\WINDOWS\system32\odbcint.dll 00:04:09.0765 3252 C:\WINDOWS\system32\odbcint.dll - ok 00:04:09.0781 3252 [ E7518DC542D3EBDCB80EDD98462C7821 ] C:\WINDOWS\system32\shsvcs.dll 00:04:09.0781 3252 C:\WINDOWS\system32\shsvcs.dll - ok 00:04:09.0781 3252 [ E8A12A12EA9088B4327D49EDCA3ADD3E ] C:\WINDOWS\system32\sfc.dll 00:04:09.0781 3252 C:\WINDOWS\system32\sfc.dll - ok 00:04:09.0796 3252 [ 9858CC4D73A4CCF2F852FAE07C11A0B5 ] C:\WINDOWS\system32\sfc_os.dll 00:04:09.0796 3252 C:\WINDOWS\system32\sfc_os.dll - ok 00:04:09.0796 3252 [ ECA24AB73FCFFA754D4070CDB03529E3 ] C:\WINDOWS\system32\apphelp.dll 00:04:09.0796 3252 C:\WINDOWS\system32\apphelp.dll - ok 00:04:09.0796 3252 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe 00:04:09.0796 3252 C:\WINDOWS\system32\services.exe - ok 00:04:09.0812 3252 [ 84885F9B82F4D55C6146EBF6065D75D2 ] C:\WINDOWS\system32\lsass.exe 00:04:09.0812 3252 C:\WINDOWS\system32\lsass.exe - ok 00:04:09.0812 3252 [ 39F3B6CC2932E103D72C4564F8A680AC ] C:\WINDOWS\system32\lsasrv.dll 00:04:09.0812 3252 C:\WINDOWS\system32\lsasrv.dll - ok 00:04:09.0828 3252 [ DA201A0A309B96381FD674D0FAB5DA86 ] C:\WINDOWS\system32\ncobjapi.dll 00:04:09.0828 3252 C:\WINDOWS\system32\ncobjapi.dll - ok 00:04:09.0828 3252 [ 1F57EB5B92B2AC7F9D71A77D184D8C13 ] C:\WINDOWS\system32\msvcp60.dll 00:04:09.0828 3252 C:\WINDOWS\system32\msvcp60.dll - ok 00:04:09.0843 3252 [ 9A42C1F3154545A4D32E5043038B01FA ] C:\WINDOWS\system32\scesrv.dll 00:04:09.0843 3252 C:\WINDOWS\system32\scesrv.dll - ok 00:04:09.0843 3252 [ 2CFE80AA3428C09E6DE67FAC50DA65CF ] C:\WINDOWS\system32\mpr.dll 00:04:09.0843 3252 C:\WINDOWS\system32\mpr.dll - ok 00:04:09.0843 3252 [ 6201BACF384292A5FE94CE73364AE53A ] C:\WINDOWS\system32\ntdsapi.dll 00:04:09.0843 3252 C:\WINDOWS\system32\ntdsapi.dll - ok 00:04:09.0859 3252 [ B43A92C15AE97C6E609C88129CFEE53B ] C:\WINDOWS\system32\umpnpmgr.dll 00:04:09.0859 3252 C:\WINDOWS\system32\umpnpmgr.dll - ok 00:04:09.0859 3252 [ 10F36FA092D7A309A0647FCDC764AE6C ] C:\WINDOWS\system32\wldap32.dll 00:04:09.0859 3252 C:\WINDOWS\system32\wldap32.dll - ok 00:04:09.0875 3252 [ FB537F29A827D78F756154CF397A113F ] C:\WINDOWS\AppPatch\AcGenral.dll 00:04:09.0875 3252 C:\WINDOWS\AppPatch\AcGenral.dll - ok 00:04:09.0875 3252 [ EBE12F403FDE45E7312E7BF764BFB6C6 ] C:\WINDOWS\system32\samlib.dll 00:04:09.0875 3252 C:\WINDOWS\system32\samlib.dll - ok 00:04:09.0875 3252 [ 43DA983415EA533F9E667FDB415F4655 ] C:\WINDOWS\system32\shimeng.dll 00:04:09.0875 3252 C:\WINDOWS\system32\shimeng.dll - ok 00:04:09.0890 3252 [ 975D12353B1D525C0F3444C447FB3B9A ] C:\WINDOWS\system32\msacm32.dll 00:04:09.0890 3252 C:\WINDOWS\system32\msacm32.dll - ok 00:04:09.0890 3252 [ E15154E7FDA8A580A8F74C7CC16B1FFE ] C:\WINDOWS\system32\samsrv.dll 00:04:09.0890 3252 C:\WINDOWS\system32\samsrv.dll - ok 00:04:09.0906 3252 [ D56227E628537269DF9D0FF04AA67768 ] C:\WINDOWS\system32\uxtheme.dll 00:04:09.0906 3252 C:\WINDOWS\system32\uxtheme.dll - ok 00:04:09.0906 3252 [ EF5B64A9CD71ED27E837165C08DA4CC1 ] C:\WINDOWS\system32\cryptdll.dll 00:04:09.0906 3252 C:\WINDOWS\system32\cryptdll.dll - ok 00:04:09.0906 3252 [ E484F006380A89A52CCC7828ECE5DCA0 ] C:\WINDOWS\system32\msapsspc.dll 00:04:09.0906 3252 C:\WINDOWS\system32\msapsspc.dll - ok 00:04:09.0921 3252 [ 146D198E3AD9D4B69C9EB0AEA6EF333B ] C:\WINDOWS\system32\msvcrt40.dll 00:04:09.0921 3252 C:\WINDOWS\system32\msvcrt40.dll - ok 00:04:09.0921 3252 [ 7B47C36B4F0170B8EF4F3B4EFD371F67 ] C:\WINDOWS\system32\schannel.dll 00:04:09.0921 3252 C:\WINDOWS\system32\schannel.dll - ok 00:04:09.0937 3252 [ 7F2310210256C0AC04A82285DEBC0F51 ] C:\WINDOWS\system32\digest.dll 00:04:09.0937 3252 C:\WINDOWS\system32\digest.dll - ok 00:04:09.0937 3252 [ BB1367FECA810F06B1AEA06D610B1E4F ] C:\WINDOWS\system32\msnsspc.dll 00:04:09.0937 3252 C:\WINDOWS\system32\msnsspc.dll - ok 00:04:09.0937 3252 [ D87041EAA67ECA4394F6D5D09C0C2885 ] C:\WINDOWS\system32\MSCTFIME.IME 00:04:09.0937 3252 C:\WINDOWS\system32\MSCTFIME.IME - ok 00:04:09.0953 3252 [ C0FE34F85B6D29368133587B1D6FA039 ] C:\WINDOWS\system32\kerberos.dll 00:04:09.0953 3252 C:\WINDOWS\system32\kerberos.dll - ok 00:04:09.0953 3252 [ 6BEC17053284E847CF1FBB8C9A181E1E ] C:\WINDOWS\system32\msprivs.dll 00:04:09.0953 3252 C:\WINDOWS\system32\msprivs.dll - ok 00:04:09.0968 3252 [ FE1F6432B5B64500FB2927098219EA8D ] C:\WINDOWS\system32\atmfd.dll 00:04:09.0968 3252 C:\WINDOWS\system32\atmfd.dll - ok 00:04:09.0968 3252 [ 4E49D244C178505FEB090E37989D4045 ] C:\WINDOWS\system32\msv1_0.dll 00:04:09.0968 3252 C:\WINDOWS\system32\msv1_0.dll - ok 00:04:09.0968 3252 [ 42A1912DBDF8BCC087A1CAE008DB060C ] C:\WINDOWS\system32\iphlpapi.dll 00:04:09.0968 3252 C:\WINDOWS\system32\iphlpapi.dll - ok 00:04:09.0984 3252 [ 96353FCECBA774BB8DA74A1C6507015A ] C:\WINDOWS\system32\netlogon.dll 00:04:09.0984 3252 C:\WINDOWS\system32\netlogon.dll - ok 00:04:09.0984 3252 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] C:\WINDOWS\system32\w32time.dll 00:04:09.0984 3252 C:\WINDOWS\system32\w32time.dll - ok 00:04:10.0000 3252 [ DBB2E47723A164B178836668A6CA4C1B ] C:\WINDOWS\system32\wdigest.dll 00:04:10.0000 3252 C:\WINDOWS\system32\wdigest.dll - ok 00:04:10.0000 3252 [ 26ACBD865F8CFF730F1791C4D0854352 ] C:\WINDOWS\system32\rsaenh.dll 00:04:10.0000 3252 C:\WINDOWS\system32\rsaenh.dll - ok 00:04:10.0000 3252 [ F01D97A8E0380BA52F58249A7B3BD7F1 ] C:\WINDOWS\system32\nwprovau.dll 00:04:10.0000 3252 C:\WINDOWS\system32\nwprovau.dll - ok 00:04:10.0015 3252 [ 7BCB23FA39CE266AF4347A6BEAB60F8C ] C:\WINDOWS\system32\winscard.dll 00:04:10.0015 3252 C:\WINDOWS\system32\winscard.dll - ok 00:04:10.0015 3252 [ 67F2D109AB373FECEB819F420DB11F03 ] C:\WINDOWS\system32\wtsapi32.dll 00:04:10.0015 3252 C:\WINDOWS\system32\wtsapi32.dll - ok 00:04:10.0031 3252 [ 0F78E27F563F2AAF74B91A49E2ABF19A ] C:\WINDOWS\system32\scecli.dll 00:04:10.0031 3252 C:\WINDOWS\system32\scecli.dll - ok 00:04:10.0031 3252 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] C:\WINDOWS\system32\drivers\mbam.sys 00:04:10.0031 3252 C:\WINDOWS\system32\drivers\mbam.sys - ok 00:04:10.0031 3252 [ 8F078AE4ED187AAABC0A305146DE6716 ] C:\WINDOWS\system32\svchost.exe 00:04:10.0031 3252 C:\WINDOWS\system32\svchost.exe - ok 00:04:10.0046 3252 [ DAA91B358E685FC6CCA9ACA72BE6FE85 ] C:\WINDOWS\system32\ntmarta.dll 00:04:10.0046 3252 C:\WINDOWS\system32\ntmarta.dll - ok 00:04:10.0046 3252 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] C:\WINDOWS\system32\rpcss.dll 00:04:10.0046 3252 C:\WINDOWS\system32\rpcss.dll - ok 00:04:10.0062 3252 [ 1320AEA7057A26A671D9548CC7BEBDA5 ] C:\WINDOWS\system32\xpsp2res.dll 00:04:10.0062 3252 C:\WINDOWS\system32\xpsp2res.dll - ok 00:04:10.0062 3252 [ 82B24CB70E5944E6E34662205A2A5B78 ] C:\WINDOWS\system32\eventlog.dll 00:04:10.0062 3252 C:\WINDOWS\system32\eventlog.dll - ok 00:04:10.0078 3252 [ 765B30C776A1780B46B479FE614F707C ] C:\WINDOWS\system32\hnetcfg.dll 00:04:10.0078 3252 C:\WINDOWS\system32\hnetcfg.dll - ok 00:04:10.0078 3252 [ A7F95A53EE055115DF03588997A47D4D ] C:\WINDOWS\system32\wshtcpip.dll 00:04:10.0078 3252 C:\WINDOWS\system32\wshtcpip.dll - ok 00:04:10.0078 3252 [ 811BB60991FC03A63F2F844A3F9C6488 ] C:\WINDOWS\system32\wshisn.dll 00:04:10.0078 3252 C:\WINDOWS\system32\wshisn.dll - ok 00:04:10.0093 3252 [ 53AF9F2B2CE4B6EFF41C70417359D010 ] C:\WINDOWS\system32\wsock32.dll 00:04:10.0093 3252 C:\WINDOWS\system32\wsock32.dll - ok 00:04:10.0093 3252 [ 2C8FDB176F22629EA5342DB474FAC391 ] C:\WINDOWS\system32\winrnr.dll 00:04:10.0093 3252 C:\WINDOWS\system32\winrnr.dll - ok 00:04:10.0093 3252 [ 4CAEC028C1E21C75E17877D4522D3DB4 ] C:\WINDOWS\system32\rasadhlp.dll 00:04:10.0093 3252 C:\WINDOWS\system32\rasadhlp.dll - ok 00:04:10.0109 3252 [ 587729679B4FE04CE06A5C61D6C56DCD ] C:\WINDOWS\system32\cscdll.dll 00:04:10.0109 3252 C:\WINDOWS\system32\cscdll.dll - ok 00:04:10.0109 3252 [ A599E5E366C1408E48AA5D37882D4E3E ] C:\WINDOWS\system32\wlnotify.dll 00:04:10.0109 3252 C:\WINDOWS\system32\wlnotify.dll - ok 00:04:10.0125 3252 [ 777EB29D0135D81AD9828A2B05443496 ] C:\WINDOWS\system32\winspool.drv 00:04:10.0125 3252 C:\WINDOWS\system32\winspool.drv - ok 00:04:10.0125 3252 [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe 00:04:10.0125 3252 C:\WINDOWS\system32\mpnotify.exe - ok 00:04:10.0125 3252 [ 05231C04253C5BC30B26CBAAE680ED89 ] C:\WINDOWS\system32\WudfSvc.dll 00:04:10.0125 3252 C:\WINDOWS\system32\WudfSvc.dll - ok 00:04:10.0140 3252 [ 5CAF91E865FE0C85048A233E594544D2 ] C:\WINDOWS\system32\WudfPlatform.dll 00:04:10.0140 3252 C:\WINDOWS\system32\WudfPlatform.dll - ok 00:04:10.0140 3252 [ 79EA3FCDA7067977625B3363A2657C80 ] C:\WINDOWS\system32\drivers\nwlnkipx.sys 00:04:10.0140 3252 C:\WINDOWS\system32\drivers\nwlnkipx.sys - ok 00:04:10.0156 3252 [ 56D34A67C05E94E16377C60609741FF8 ] C:\WINDOWS\system32\drivers\nwlnknb.sys 00:04:10.0156 3252 C:\WINDOWS\system32\drivers\nwlnknb.sys - ok 00:04:10.0156 3252 [ CB6CA3E5261D65F6F809EED23BF167AA ] C:\WINDOWS\system32\dhcpcsvc.dll 00:04:10.0156 3252 C:\WINDOWS\system32\dhcpcsvc.dll - ok 00:04:10.0171 3252 [ 7379DE06FD196E396A00AA97B990C00D ] C:\WINDOWS\system32\dnsrslvr.dll 00:04:10.0171 3252 C:\WINDOWS\system32\dnsrslvr.dll - ok 00:04:10.0171 3252 [ B3EFF6D938C572E90A07B3D87A3C7657 ] C:\WINDOWS\system32\lmhsvc.dll 00:04:10.0171 3252 C:\WINDOWS\system32\lmhsvc.dll - ok 00:04:10.0171 3252 [ E26F50A92EE564F21C30501AA6173676 ] C:\WINDOWS\system32\clbcatq.dll 00:04:10.0171 3252 C:\WINDOWS\system32\clbcatq.dll - ok 00:04:10.0187 3252 [ 6728270CB7DBB776ED086F5AC4C82310 ] C:\WINDOWS\system32\comres.dll 00:04:10.0187 3252 C:\WINDOWS\system32\comres.dll - ok 00:04:10.0187 3252 [ 92360854316611F6CC471612213C3D92 ] C:\WINDOWS\system32\schedsvc.dll 00:04:10.0187 3252 C:\WINDOWS\system32\schedsvc.dll - ok 00:04:10.0203 3252 [ DB66DB626E4882EBEF55F136F12C1829 ] C:\WINDOWS\system32\audiosrv.dll 00:04:10.0203 3252 C:\WINDOWS\system32\audiosrv.dll - ok 00:04:10.0203 3252 [ 249817F51C84D283E96E6B2580D21FFD ] C:\WINDOWS\system32\msidle.dll 00:04:10.0203 3252 C:\WINDOWS\system32\msidle.dll - ok 00:04:10.0203 3252 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] C:\WINDOWS\system32\wkssvc.dll 00:04:10.0203 3252 C:\WINDOWS\system32\wkssvc.dll - ok 00:04:10.0218 3252 [ BE20FCAEC36A7DD5FD3B4B4E52318D00 ] C:\WINDOWS\system32\nwwks.dll 00:04:10.0218 3252 C:\WINDOWS\system32\nwwks.dll - ok 00:04:10.0218 3252 [ 03373A79440473062C6F3AEDEC6A49C8 ] C:\WINDOWS\system32\drivers\nwrdr.sys 00:04:10.0218 3252 C:\WINDOWS\system32\drivers\nwrdr.sys - ok 00:04:10.0234 3252 [ D5B57D2E225D47C97275E12666488F0C ] C:\WINDOWS\system32\nwapi32.dll 00:04:10.0234 3252 C:\WINDOWS\system32\nwapi32.dll - ok 00:04:10.0234 3252 [ 46EDCC8F2DB2F322C24F48785CB46366 ] C:\WINDOWS\system32\drivers\mrxdav.sys 00:04:10.0234 3252 C:\WINDOWS\system32\drivers\mrxdav.sys - ok 00:04:10.0234 3252 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] C:\WINDOWS\system32\webclnt.dll 00:04:10.0234 3252 C:\WINDOWS\system32\webclnt.dll - ok 00:04:10.0250 3252 [ 2D9C7B010409372C34F725DA5CCED083 ] C:\WINDOWS\system32\wininet.dll 00:04:10.0250 3252 C:\WINDOWS\system32\wininet.dll - ok 00:04:10.0250 3252 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll 00:04:10.0250 3252 C:\WINDOWS\system32\normaliz.dll - ok 00:04:10.0265 3252 [ E3AB3442249C4861C9D591F95330731F ] C:\WINDOWS\system32\urlmon.dll 00:04:10.0265 3252 C:\WINDOWS\system32\urlmon.dll - ok 00:04:10.0265 3252 [ 7FBE659ECDC2E61BDA3AA930C1532516 ] C:\WINDOWS\system32\iertutil.dll 00:04:10.0265 3252 C:\WINDOWS\system32\iertutil.dll - ok 00:04:10.0265 3252 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] C:\WINDOWS\system32\drivers\nwlnkspx.sys 00:04:10.0265 3252 C:\WINDOWS\system32\drivers\nwlnkspx.sys - ok 00:04:10.0281 3252 [ 51230212AE7F8159A90F06A7EA30DD8A ] C:\WINDOWS\system32\cscui.dll 00:04:10.0281 3252 C:\WINDOWS\system32\cscui.dll - ok 00:04:10.0281 3252 [ 1B5F6923ABB450692E9FE0672C897AED ] C:\WINDOWS\system32\powrprof.dll 00:04:10.0281 3252 C:\WINDOWS\system32\powrprof.dll - ok 00:04:10.0296 3252 [ F7FC12EDD4F0C19490D37AF9570C50F8 ] C:\WINDOWS\system32\dpcdll.dll 00:04:10.0296 3252 C:\WINDOWS\system32\dpcdll.dll - ok 00:04:10.0296 3252 [ D6A8DC8C374EEA24744F2D4E87CA0E7E ] C:\WINDOWS\system32\wdmaud.drv 00:04:10.0296 3252 C:\WINDOWS\system32\wdmaud.drv - ok 00:04:10.0312 3252 [ 650AD082D46BAC0E64C9C0E0928492FD ] C:\WINDOWS\system32\drivers\sysaudio.sys 00:04:10.0312 3252 C:\WINDOWS\system32\drivers\sysaudio.sys - ok 00:04:10.0312 3252 [ 2797F33EBF50466020C430EE4F037933 ] C:\WINDOWS\system32\drivers\wdmaud.sys 00:04:10.0312 3252 C:\WINDOWS\system32\drivers\wdmaud.sys - ok 00:04:10.0312 3252 [ 8E186B8F23295D1E42C573B82B80D548 ] C:\WINDOWS\system32\drivers\splitter.sys 00:04:10.0312 3252 C:\WINDOWS\system32\drivers\splitter.sys - ok 00:04:10.0328 3252 [ 841F385C6CFAF66B58FBD898722BB4F0 ] C:\WINDOWS\system32\drivers\aec.sys 00:04:10.0328 3252 C:\WINDOWS\system32\drivers\aec.sys - ok 00:04:10.0328 3252 [ 39B1FFB03C2296323832ACBAE50D2AFF ] C:\WINDOWS\system32\userinit.exe 00:04:10.0328 3252 C:\WINDOWS\system32\userinit.exe - ok 00:04:10.0328 3252 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] C:\WINDOWS\system32\drivers\swmidi.sys 00:04:10.0328 3252 C:\WINDOWS\system32\drivers\swmidi.sys - ok 00:04:10.0343 3252 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe 00:04:10.0343 3252 C:\Program Files\Google\Update\GoogleUpdate.exe - ok 00:04:10.0343 3252 [ A6F881284AC1150E37D9AE47FF601267 ] C:\WINDOWS\system32\drivers\DMusic.sys 00:04:10.0343 3252 C:\WINDOWS\system32\drivers\DMusic.sys - ok 00:04:10.0359 3252 [ D93CAD07C5683DB066B0B2D2D3790EAD ] C:\WINDOWS\system32\drivers\kmixer.sys 00:04:10.0359 3252 C:\WINDOWS\system32\drivers\kmixer.sys - ok 00:04:10.0359 3252 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] C:\WINDOWS\system32\drivers\drmkaud.sys 00:04:10.0359 3252 C:\WINDOWS\system32\drivers\drmkaud.sys - ok 00:04:10.0359 3252 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv 00:04:10.0359 3252 C:\WINDOWS\system32\msacm32.drv - ok 00:04:10.0375 3252 [ 39C5FCF8AA3B83D79A0E853ECB38BF25 ] C:\Program Files\Google\Update\1.3.21.115\goopdate.dll 00:04:10.0375 3252 C:\Program Files\Google\Update\1.3.21.115\goopdate.dll - ok 00:04:10.0375 3252 [ A0732187050030AE399B241436565E64 ] C:\WINDOWS\explorer.exe 00:04:10.0375 3252 C:\WINDOWS\explorer.exe - ok 00:04:10.0390 3252 [ 3B4702155BB2AE9DC00C06A68834BDFA ] C:\WINDOWS\system32\midimap.dll 00:04:10.0390 3252 C:\WINDOWS\system32\midimap.dll - ok 00:04:10.0390 3252 [ 8C22083ED515DC94D575438662F0BE6A ] C:\WINDOWS\system32\msi.dll 00:04:10.0390 3252 C:\WINDOWS\system32\msi.dll - ok 00:04:10.0390 3252 [ 17DB4CCB413B32EAD67C2696D78E1145 ] C:\WINDOWS\system32\browseui.dll 00:04:10.0390 3252 C:\WINDOWS\system32\browseui.dll - ok 00:04:10.0406 3252 [ 6479A184873F7CA797FF0375D711E9A6 ] C:\WINDOWS\system32\dbghelp.dll 00:04:10.0406 3252 C:\WINDOWS\system32\dbghelp.dll - ok 00:04:10.0406 3252 [ 93F29E6964BAEF31E53D203992B0AFD4 ] C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe 00:04:10.0406 3252 C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe - ok 00:04:10.0421 3252 [ DAD1CEF1B77539B4EF734A1041CF95ED ] C:\WINDOWS\system32\mstask.dll 00:04:10.0421 3252 C:\WINDOWS\system32\mstask.dll - ok 00:04:10.0421 3252 [ D4F8A13A213018CA69F42395A8B6210A ] C:\WINDOWS\system32\shdocvw.dll 00:04:10.0421 3252 C:\WINDOWS\system32\shdocvw.dll - ok 00:04:10.0437 3252 [ 4AC302BF714DC163E685D0A187A36D0F ] C:\WINDOWS\system32\cryptui.dll 00:04:10.0437 3252 C:\WINDOWS\system32\cryptui.dll - ok 00:04:10.0437 3252 [ A0BC687A49542C40EB60B7308F454E8A ] C:\WINDOWS\system32\riched20.dll 00:04:10.0437 3252 C:\WINDOWS\system32\riched20.dll - ok 00:04:10.0437 3252 [ E931B4DD87DFACE46468FD506FDCD262 ] C:\WINDOWS\system32\desk.cpl 00:04:10.0437 3252 C:\WINDOWS\system32\desk.cpl - ok 00:04:10.0453 3252 [ E6796D51CED309E46D29C0B787735615 ] C:\WINDOWS\system32\themeui.dll 00:04:10.0453 3252 C:\WINDOWS\system32\themeui.dll - ok 00:04:10.0453 3252 [ B5331F2B6F37C66C29C847F3B94FF900 ] C:\WINDOWS\system32\msimg32.dll 00:04:10.0453 3252 C:\WINDOWS\system32\msimg32.dll - ok 00:04:10.0468 3252 [ 13510490BEA0997DB625DAA0178CBFCA ] C:\WINDOWS\system32\actxprxy.dll 00:04:10.0468 3252 C:\WINDOWS\system32\actxprxy.dll - ok 00:04:10.0468 3252 [ EEB024F2C81F0D55936FB825D21A91D6 ] C:\WINDOWS\system32\cmd.exe 00:04:10.0468 3252 C:\WINDOWS\system32\cmd.exe - ok 00:04:10.0468 3252 [ 4939E99C1B61017E37A006EEC2E7632D ] C:\WINDOWS\system32\ieframe.dll 00:04:10.0468 3252 C:\WINDOWS\system32\ieframe.dll - ok 00:04:10.0484 3252 [ CAD4AA32E7ECA00C23CC39C0EB833F9D ] C:\WINDOWS\system32\cryptnet.dll 00:04:10.0484 3252 C:\WINDOWS\system32\cryptnet.dll - ok 00:04:10.0484 3252 [ DCE3C277C4C9ADBC11850DBC4AD131B3 ] C:\WINDOWS\system32\winhttp.dll 00:04:10.0484 3252 C:\WINDOWS\system32\winhttp.dll - ok 00:04:10.0500 3252 [ 6E205319848B8AF2A0DA52B8D63DB91E ] C:\WINDOWS\system32\sensapi.dll 00:04:10.0500 3252 C:\WINDOWS\system32\sensapi.dll - ok 00:04:10.0500 3252 [ 08F0190AE201EC331B4CA3B0FA2D2CCE ] C:\WINDOWS\system32\cabinet.dll 00:04:10.0500 3252 C:\WINDOWS\system32\cabinet.dll - ok 00:04:10.0515 3252 [ 29744EB4CE659DFE3B4122DEB45BC478 ] C:\WINDOWS\system32\drivers\parport.sys 00:04:10.0515 3252 C:\WINDOWS\system32\drivers\parport.sys - ok 00:04:10.0515 3252 [ CD9404D115A00D249F70A371B46D5A26 ] C:\WINDOWS\system32\drivers\serial.sys 00:04:10.0515 3252 C:\WINDOWS\system32\drivers\serial.sys - ok 00:04:10.0515 3252 [ 29584F02A43E427C4227E3B1D9FF1B22 ] C:\Program Files\Common Files\Akamai\netsession_win_4f7fccd.dll 00:04:10.0531 3252 C:\Program Files\Common Files\Akamai\netsession_win_4f7fccd.dll - ok 00:04:10.0531 3252 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] C:\WINDOWS\system32\alrsvc.dll 00:04:10.0531 3252 C:\WINDOWS\system32\alrsvc.dll - ok 00:04:10.0531 3252 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:04:10.0531 3252 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok 00:04:10.0546 3252 [ 2C69EC7E5A311334D10DD95F338FCCEA ] C:\WINDOWS\system32\qmgr.dll 00:04:10.0546 3252 C:\WINDOWS\system32\qmgr.dll - ok 00:04:10.0546 3252 [ 7C8F371C924DAA376217E553378275BA ] C:\WINDOWS\system32\shfolder.dll 00:04:10.0546 3252 C:\WINDOWS\system32\shfolder.dll - ok 00:04:10.0562 3252 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll 00:04:10.0562 3252 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok 00:04:10.0562 3252 [ DB963459BEA73867E50BC92D3A3F61BC ] C:\WINDOWS\system32\pdh.dll 00:04:10.0562 3252 C:\WINDOWS\system32\pdh.dll - ok 00:04:10.0562 3252 [ 7AA15CCBE1DD20339200659AF99D588F ] C:\WINDOWS\system32\odbcbcp.dll 00:04:10.0562 3252 C:\WINDOWS\system32\odbcbcp.dll - ok 00:04:10.0578 3252 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll 00:04:10.0578 3252 C:\WINDOWS\system32\mscoree.dll - ok 00:04:10.0578 3252 [ 10654F9DDCEA9C46CFB77554231BE73B ] C:\WINDOWS\system32\cryptsvc.dll 00:04:10.0578 3252 C:\WINDOWS\system32\cryptsvc.dll - ok 00:04:10.0578 3252 [ AD44C5BC21213F394F6AFCB55CC39293 ] C:\WINDOWS\system32\certcli.dll 00:04:10.0578 3252 C:\WINDOWS\system32\certcli.dll - ok 00:04:10.0593 3252 [ 72F2CFC7653FB5ABB85789D28E26A643 ] C:\WINDOWS\system32\atl.dll 00:04:10.0593 3252 C:\WINDOWS\system32\atl.dll - ok 00:04:10.0593 3252 [ A57B8ACD54AFBE482042C285C2767EBF ] C:\WINDOWS\system32\esent.dll 00:04:10.0593 3252 C:\WINDOWS\system32\esent.dll - ok 00:04:10.0609 3252 [ AD6B1A69B0CCCF27A792F4C00740D24D ] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\52CE7DB5-1F35-43D0-BC40-78002682A349.exe 00:04:10.0609 3252 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\52CE7DB5-1F35-43D0-BC40-78002682A349.exe - ok 00:04:10.0609 3252 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] C:\WINDOWS\system32\dmserver.dll 00:04:10.0609 3252 C:\WINDOWS\system32\dmserver.dll - ok 00:04:10.0609 3252 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] C:\WINDOWS\system32\ersvc.dll 00:04:10.0609 3252 C:\WINDOWS\system32\ersvc.dll - ok 00:04:10.0625 3252 [ 60D1A6342238378BFB7545C81EE3606C ] C:\WINDOWS\system32\es.dll 00:04:10.0625 3252 C:\WINDOWS\system32\es.dll - ok 00:04:10.0625 3252 [ 93D32468D34E000CB3407947D1D6E22A ] C:\WINDOWS\system32\srvsvc.dll 00:04:10.0625 3252 C:\WINDOWS\system32\srvsvc.dll - ok 00:04:10.0640 3252 [ 98D884ADC0B8C0FEBCC9D7BEE6D86F90 ] C:\Program Files\Common Files\LightScribe\LSSrvc.exe 00:04:10.0640 3252 C:\Program Files\Common Files\LightScribe\LSSrvc.exe - ok 00:04:10.0640 3252 [ A624930228B698CF5B89F91CAF23A908 ] C:\WINDOWS\system32\security.dll 00:04:10.0640 3252 C:\WINDOWS\system32\security.dll - ok 00:04:10.0656 3252 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll 00:04:10.0656 3252 C:\WINDOWS\system32\netmsg.dll - ok 00:04:10.0656 3252 [ 8827911A8C37E40C027CBFC88E69D967 ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll 00:04:10.0656 3252 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok 00:04:10.0656 3252 [ 7A4F147CC6B133F905F6E65E2F8669FB ] C:\WINDOWS\system32\drivers\srv.sys 00:04:10.0656 3252 C:\WINDOWS\system32\drivers\srv.sys - ok 00:04:10.0671 3252 [ C2BBD044C741EA4292016C36F718D2E4 ] C:\WINDOWS\system32\linkinfo.dll 00:04:10.0671 3252 C:\WINDOWS\system32\linkinfo.dll - ok 00:04:10.0671 3252 [ 385E9AEC6E100DBEBEE5BD1F27A55E1D ] C:\WINDOWS\system32\ntshrui.dll 00:04:10.0671 3252 C:\WINDOWS\system32\ntshrui.dll - ok 00:04:10.0687 3252 [ BF52A4D4EB4CFB3109667E429B93E21A ] C:\WINDOWS\system32\netshell.dll 00:04:10.0687 3252 C:\WINDOWS\system32\netshell.dll - ok 00:04:10.0687 3252 [ 2030FA027E7C3E0A145649C03171457B ] C:\WINDOWS\system32\rtutils.dll 00:04:10.0687 3252 C:\WINDOWS\system32\rtutils.dll - ok 00:04:10.0687 3252 [ 1ECB753D7CEEC8F5A94C9781CA64EC44 ] C:\WINDOWS\system32\credui.dll 00:04:10.0687 3252 C:\WINDOWS\system32\credui.dll - ok 00:04:10.0703 3252 [ CE8E4F91A4B0CF432D7CF6F083E20C1A ] C:\Program Files\Common Files\LightScribe\LSSProxy.dll 00:04:10.0703 3252 C:\Program Files\Common Files\LightScribe\LSSProxy.dll - ok 00:04:10.0703 3252 [ 98FF556821502AC055717E732B98FD33 ] C:\WINDOWS\vmsnap3.exe 00:04:10.0703 3252 C:\WINDOWS\vmsnap3.exe - ok 00:04:10.0718 3252 [ B9CE75B2385A39F3CE814019F90761FD ] C:\Program Files\Common Files\LightScribe\LSLog.dll 00:04:10.0718 3252 C:\Program Files\Common Files\LightScribe\LSLog.dll - ok 00:04:10.0718 3252 [ C5245F09C55FE9D49DB96CEF768DD360 ] C:\WINDOWS\system32\ksproxy.ax 00:04:10.0718 3252 C:\WINDOWS\system32\ksproxy.ax - ok 00:04:10.0718 3252 [ 1169436EE42F860C7DB37A4692B38F0E ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll 00:04:10.0718 3252 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll - ok 00:04:10.0734 3252 [ B1513B37A55F15DBE08002246F21BB2B ] C:\WINDOWS\system32\igfxtray.exe 00:04:10.0734 3252 C:\WINDOWS\system32\igfxtray.exe - ok 00:04:10.0734 3252 [ AC02CD5FD078307D3D0D73DC773A6AEA ] C:\WINDOWS\system32\hkcmd.exe 00:04:10.0734 3252 C:\WINDOWS\system32\hkcmd.exe - ok 00:04:10.0750 3252 [ AB5B795B6821B30922DA8742FD7EC656 ] C:\WINDOWS\system32\igfxpers.exe 00:04:10.0750 3252 C:\WINDOWS\system32\igfxpers.exe - ok 00:04:10.0750 3252 [ 84DB35F319E5B67838A4877C11748866 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 00:04:10.0750 3252 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok 00:04:10.0765 3252 [ EBBCE8ED76E1355E9A1231033107AFE4 ] C:\Program Files\ProcessTamer\ProcessTamerTray.exe 00:04:10.0765 3252 C:\Program Files\ProcessTamer\ProcessTamerTray.exe - ok 00:04:10.0765 3252 [ 13922EB54890C77005268882629A31FE ] C:\WINDOWS\system32\dumprep.exe 00:04:10.0765 3252 C:\WINDOWS\system32\dumprep.exe - ok 00:04:10.0765 3252 [ CBCD254547689BFF80C9F547B20911E9 ] C:\WINDOWS\system32\ksuser.dll 00:04:10.0765 3252 C:\WINDOWS\system32\ksuser.dll - ok 00:04:10.0781 3252 [ 8C53CCD787C381CD535D8DCCA12584D8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll 00:04:10.0781 3252 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll - ok 00:04:10.0781 3252 [ 24232996A38C0B0CF151C2140AE29FC8 ] C:\WINDOWS\system32\ctfmon.exe 00:04:10.0781 3252 C:\WINDOWS\system32\ctfmon.exe - ok 00:04:10.0796 3252 [ A0946E1D50DD86B25CBDF170D32FA700 ] C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe 00:04:10.0796 3252 C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe - ok 00:04:10.0796 3252 [ 1A8E30111A377F66391A542BAF8DD1F4 ] C:\WINDOWS\system32\hccutils.dll 00:04:10.0796 3252 C:\WINDOWS\system32\hccutils.dll - ok 00:04:10.0796 3252 [ 6CD4A623E07139CCB76D32A828733496 ] C:\WINDOWS\system32\devenum.dll 00:04:10.0796 3252 C:\WINDOWS\system32\devenum.dll - ok 00:04:10.0812 3252 [ 2A3FB4C98F139038E23330D2439DB8A4 ] C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe 00:04:10.0812 3252 C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe - ok 00:04:10.0812 3252 [ FB665485B6C8EE16FED0619ADFF8B27A ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll 00:04:10.0812 3252 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok 00:04:10.0828 3252 [ 24744F14E76174927AA2BD4600709192 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll 00:04:10.0828 3252 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok 00:04:10.0828 3252 [ D45E2F7E7861FDCBD0FA24E8E33E603F ] C:\WINDOWS\system32\igfxsrvc.exe 00:04:10.0828 3252 C:\WINDOWS\system32\igfxsrvc.exe - ok 00:04:10.0828 3252 [ E8F155CCCA86AC2604A222EAFF5ED7F9 ] C:\WINDOWS\system32\msdmo.dll 00:04:10.0828 3252 C:\WINDOWS\system32\msdmo.dll - ok 00:04:10.0843 3252 [ 01CFA88F8DEE91EC9F8E0988F49D106E ] C:\WINDOWS\system32\avicap32.dll 00:04:10.0843 3252 C:\WINDOWS\system32\avicap32.dll - ok 00:04:10.0843 3252 [ 9CAB732C554BC1191E68D1EFB102DA45 ] C:\WINDOWS\system32\msvfw32.dll 00:04:10.0843 3252 C:\WINDOWS\system32\msvfw32.dll - ok 00:04:10.0859 3252 [ A9753F3343EB7A8BC3B498841C8BE6FD ] C:\WINDOWS\system32\msctf.dll 00:04:10.0859 3252 C:\WINDOWS\system32\msctf.dll - ok 00:04:10.0859 3252 [ 9EEA0CA999A33C9D2EABE82E4C624CC3 ] C:\WINDOWS\system32\msutb.dll 00:04:10.0859 3252 C:\WINDOWS\system32\msutb.dll - ok 00:04:10.0859 3252 [ 34AA667D93A1A9F604FE2ECE64DA4A50 ] C:\WINDOWS\system32\vidcap.ax 00:04:10.0859 3252 C:\WINDOWS\system32\vidcap.ax - ok 00:04:10.0875 3252 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll 00:04:10.0875 3252 C:\WINDOWS\system32\webcheck.dll - ok 00:04:10.0875 3252 [ 4038EE8AC13C15A067536D292A93D697 ] C:\WINDOWS\ime\SPTIP.dll 00:04:10.0875 3252 C:\WINDOWS\ime\SPTIP.dll - ok 00:04:10.0890 3252 [ 6B1E8FE58ED05AC413B1B182EE6AA035 ] C:\WINDOWS\system32\igfxsrvc.dll 00:04:10.0890 3252 C:\WINDOWS\system32\igfxsrvc.dll - ok 00:04:10.0890 3252 [ E7F6CD0194DCF6EA6AAD87C6406496D3 ] C:\WINDOWS\system32\vdmdbg.dll 00:04:10.0890 3252 C:\WINDOWS\system32\vdmdbg.dll - ok 00:04:10.0890 3252 [ DB1976563498431B55D1A5D6F0548663 ] C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll 00:04:10.0890 3252 C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll - ok 00:04:10.0906 3252 [ C7A7A5BB6BCE43B3601361C579490B83 ] C:\WINDOWS\system32\igfxdev.dll 00:04:10.0906 3252 C:\WINDOWS\system32\igfxdev.dll - ok 00:04:10.0906 3252 [ F0AF09B4781F4935FDB49AFA87C90FA9 ] C:\WINDOWS\system32\faultrep.dll 00:04:10.0906 3252 C:\WINDOWS\system32\faultrep.dll - ok 00:04:10.0921 3252 [ B6821E48C0310E52C7A7CD3E626F70D1 ] C:\WINDOWS\system32\kswdmcap.ax 00:04:10.0921 3252 C:\WINDOWS\system32\kswdmcap.ax - ok 00:04:10.0921 3252 [ B6992EAE19BBD7A589363AB8D876441D ] C:\WINDOWS\system32\igfxrenu.lrc 00:04:10.0921 3252 C:\WINDOWS\system32\igfxrenu.lrc - ok 00:04:10.0921 3252 [ 0346DA24DE3C85909717D5997510A31F ] C:\WINDOWS\system32\mlang.dll 00:04:10.0921 3252 C:\WINDOWS\system32\mlang.dll - ok 00:04:10.0937 3252 [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll 00:04:10.0937 3252 C:\WINDOWS\system32\oleacc.dll - ok 00:04:10.0937 3252 [ 4602907535FD682195DFFF9117365826 ] C:\WINDOWS\system32\mfc42.dll 00:04:10.0937 3252 C:\WINDOWS\system32\mfc42.dll - ok 00:04:10.0953 3252 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\98973607.sys 00:04:10.0953 3252 C:\WINDOWS\system32\drivers\98973607.sys - ok 00:04:10.0953 3252 [ FC77C63C47AE2D0D8B05DA6EC1785C0F ] C:\WINDOWS\system32\perfos.dll 00:04:10.0953 3252 C:\WINDOWS\system32\perfos.dll - ok 00:04:10.0953 3252 [ 43683E970F008C93C9429EF428147A54 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 00:04:10.0953 3252 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok 00:04:10.0968 3252 [ 297101A925ECFFDCDF7F6341FFBB6C1A ] C:\WINDOWS\system32\stobject.dll 00:04:10.0968 3252 C:\WINDOWS\system32\stobject.dll - ok 00:04:10.0968 3252 [ 4E6EEEA8EB9302D604603D4758C05E75 ] C:\WINDOWS\system32\batmeter.dll 00:04:10.0968 3252 C:\WINDOWS\system32\batmeter.dll - ok 00:04:10.0984 3252 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll 00:04:10.0984 3252 C:\WINDOWS\system32\WPDShServiceObj.dll - ok 00:04:10.0984 3252 [ 97BE032BD062F04B86A428EAACF33F7C ] C:\WINDOWS\system32\igfxress.dll 00:04:10.0984 3252 C:\WINDOWS\system32\igfxress.dll - ok 00:04:10.0984 3252 [ DD6D5ABAD9B8C13CEDA4752370BA982C ] C:\WINDOWS\system32\mydocs.dll 00:04:11.0000 3252 C:\WINDOWS\system32\mydocs.dll - ok 00:04:11.0000 3252 [ 8F233C5BC68E34D18D38257B283CE96C ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll 00:04:11.0000 3252 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok 00:04:11.0000 3252 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll 00:04:11.0000 3252 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok 00:04:11.0015 3252 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll 00:04:11.0015 3252 C:\WINDOWS\system32\PortableDeviceApi.dll - ok 00:04:11.0015 3252 [ CFCCF968B0E4F70B458EA4CB9F340C87 ] C:\Program Files\ProcessTamer\ProcessTamerConfigurator.exe 00:04:11.0015 3252 C:\Program Files\ProcessTamer\ProcessTamerConfigurator.exe - ok 00:04:11.0031 3252 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] C:\WINDOWS\system32\drivers\mdmxsdk.sys 00:04:11.0031 3252 C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok 00:04:11.0031 3252 [ DAB9E6C7105D2EF49876FE92C524F565 ] C:\WINDOWS\system32\netman.dll 00:04:11.0031 3252 C:\WINDOWS\system32\netman.dll - ok 00:04:11.0031 3252 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] C:\WINDOWS\system32\PnkBstrA.exe 00:04:11.0031 3252 C:\WINDOWS\system32\PnkBstrA.exe - ok 00:04:11.0046 3252 [ 9F78F329B1858E845087B923B4DBA0F3 ] C:\WINDOWS\system32\mprapi.dll 00:04:11.0046 3252 C:\WINDOWS\system32\mprapi.dll - ok 00:04:11.0046 3252 [ 875D770F477E0AE0088BE1810D537B23 ] C:\WINDOWS\system32\activeds.dll 00:04:11.0046 3252 C:\WINDOWS\system32\activeds.dll - ok 00:04:11.0062 3252 [ 524F073B1241F5D37CD70FF389B3B7FD ] C:\WINDOWS\system32\msxml3.dll 00:04:11.0062 3252 C:\WINDOWS\system32\msxml3.dll - ok 00:04:11.0062 3252 [ 12A581CA44E53B09D24C5B94F252C78D ] C:\WINDOWS\system32\adsldpc.dll 00:04:11.0062 3252 C:\WINDOWS\system32\adsldpc.dll - ok 00:04:11.0062 3252 [ CD1F7ED9842138BEADF9ECBF37818BEF ] C:\WINDOWS\system32\rasapi32.dll 00:04:11.0062 3252 C:\WINDOWS\system32\rasapi32.dll - ok 00:04:11.0078 3252 [ 30E244A707E6CE0A4B099CD6384EC6CA ] C:\WINDOWS\system32\rasman.dll 00:04:11.0078 3252 C:\WINDOWS\system32\rasman.dll - ok 00:04:11.0078 3252 [ 6307A1B82F6CA87D7E0CDF49E6E7BC00 ] C:\WINDOWS\system32\tapi32.dll 00:04:11.0078 3252 C:\WINDOWS\system32\tapi32.dll - ok 00:04:11.0078 3252 [ 5A91E6FEAB9F901302FA7FF768C0120F ] C:\WINDOWS\system32\wzcsvc.dll 00:04:11.0078 3252 C:\WINDOWS\system32\wzcsvc.dll - ok 00:04:11.0093 3252 [ 2604411DB362F3C7D46BAB31362F0B55 ] C:\WINDOWS\system32\perfproc.dll 00:04:11.0093 3252 C:\WINDOWS\system32\perfproc.dll - ok 00:04:11.0093 3252 [ E682696D7F982494A8CFC80C5B59D422 ] C:\WINDOWS\system32\wmi.dll 00:04:11.0093 3252 C:\WINDOWS\system32\wmi.dll - ok 00:04:11.0109 3252 [ 9A9BBC71D0EBCD400A33ABCD5F0AB39C ] C:\WINDOWS\system32\wzcsapi.dll 00:04:11.0109 3252 C:\WINDOWS\system32\wzcsapi.dll - ok 00:04:11.0109 3252 [ D1E299962B5956005113EC4AB1E0D9B7 ] C:\WINDOWS\system32\ipsecsvc.dll 00:04:11.0109 3252 C:\WINDOWS\system32\ipsecsvc.dll - ok 00:04:11.0109 3252 [ E7E39B9152E6C27E5F608574EA6C5A52 ] C:\WINDOWS\system32\oakley.dll 00:04:11.0109 3252 C:\WINDOWS\system32\oakley.dll - ok 00:04:11.0125 3252 [ 3151427DB7D87107D1C5BE58FAC53960 ] C:\WINDOWS\system32\regsvc.dll 00:04:11.0125 3252 C:\WINDOWS\system32\regsvc.dll - ok 00:04:11.0125 3252 [ 2B2F31E3F2CE3723C1B0F3700C8BE28B ] C:\WINDOWS\system32\winipsec.dll 00:04:11.0125 3252 C:\WINDOWS\system32\winipsec.dll - ok 00:04:11.0140 3252 [ 306B30A036DB25FCB76B507FEDE07D58 ] C:\WINDOWS\system32\pstorsvc.dll 00:04:11.0140 3252 C:\WINDOWS\system32\pstorsvc.dll - ok 00:04:11.0140 3252 [ B1E0CE09895376871746F36DC5773B4F ] C:\WINDOWS\system32\seclogon.dll 00:04:11.0140 3252 C:\WINDOWS\system32\seclogon.dll - ok 00:04:11.0140 3252 [ 4D3CCDF22D2B4BAE229BA73B81D13E26 ] C:\WINDOWS\system32\psbase.dll 00:04:11.0156 3252 C:\WINDOWS\system32\psbase.dll - ok 00:04:11.0156 3252 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] C:\WINDOWS\system32\srsvc.dll 00:04:11.0156 3252 C:\WINDOWS\system32\srsvc.dll - ok 00:04:11.0156 3252 [ DFD9870CF39C791D86C4C209DA9FA919 ] C:\WINDOWS\system32\sens.dll 00:04:11.0156 3252 C:\WINDOWS\system32\sens.dll - ok 00:04:11.0171 3252 [ CACD2C63A79268D131EA37E85524CC44 ] C:\WINDOWS\system32\dssenh.dll 00:04:11.0171 3252 C:\WINDOWS\system32\dssenh.dll - ok 00:04:11.0171 3252 [ 4721AB485E0C29CD1617A5F296B9CC47 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll 00:04:11.0171 3252 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll - ok 00:04:11.0187 3252 [ 339089D6C3FC3BC5CED8D9049C4D2101 ] C:\WINDOWS\system32\upnp.dll 00:04:11.0187 3252 C:\WINDOWS\system32\upnp.dll - ok 00:04:11.0187 3252 [ 5B8DFA748FA4845BC04445A30126F2E9 ] C:\WINDOWS\system32\ssdpapi.dll 00:04:11.0187 3252 C:\WINDOWS\system32\ssdpapi.dll - ok 00:04:11.0187 3252 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] C:\WINDOWS\system32\wiaservc.dll 00:04:11.0187 3252 C:\WINDOWS\system32\wiaservc.dll - ok 00:04:11.0203 3252 [ D9A627A7F98C3E1A47EC7D8724F06C4F ] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe 00:04:11.0203 3252 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe - ok 00:04:11.0203 3252 [ 0FCB11B39AF688035E1CDE754684EE5C ] C:\WINDOWS\system32\cfgmgr32.dll 00:04:11.0203 3252 C:\WINDOWS\system32\cfgmgr32.dll - ok 00:04:11.0218 3252 [ 4ED87C9C1F9EA9FC68C2E22C3A2DB286 ] C:\WINDOWS\system32\mscms.dll 00:04:11.0218 3252 C:\WINDOWS\system32\mscms.dll - ok 00:04:11.0218 3252 [ 851547797C2A7F8A04841644C471A567 ] C:\WINDOWS\system32\wbem\wbemprox.dll 00:04:11.0218 3252 C:\WINDOWS\system32\wbem\wbemprox.dll - ok 00:04:11.0218 3252 [ 4E39C36213E95FB971A61A247BDE2F61 ] C:\WINDOWS\system32\wbem\wbemcomn.dll 00:04:11.0218 3252 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok 00:04:11.0234 3252 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] C:\WINDOWS\system32\trkwks.dll 00:04:11.0234 3252 C:\WINDOWS\system32\trkwks.dll - ok 00:04:11.0234 3252 [ F399242A80C4066FD155EFA4CF96658E ] C:\WINDOWS\system32\wbem\wmisvc.dll
  11. TDSSKILLER LOG: 00:02:49.0406 1388 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 00:02:51.0437 1388 ============================================================ 00:02:51.0437 1388 Current date / time: 2012/08/31 00:02:51.0437 00:02:51.0437 1388 SystemInfo: 00:02:51.0437 1388 00:02:51.0437 1388 OS Version: 5.1.2600 ServicePack: 2.0 00:02:51.0437 1388 Product type: Workstation 00:02:51.0437 1388 ComputerName: AMFUFU 00:02:51.0437 1388 UserName: Administrator 00:02:51.0437 1388 Windows directory: C:\WINDOWS 00:02:51.0437 1388 System windows directory: C:\WINDOWS 00:02:51.0437 1388 Processor architecture: Intel x86 00:02:51.0437 1388 Number of processors: 2 00:02:51.0437 1388 Page size: 0x1000 00:02:51.0437 1388 Boot type: Normal boot 00:02:51.0437 1388 ============================================================ 00:02:57.0000 1388 BG loaded 00:02:58.0500 1388 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 00:02:58.0593 1388 ============================================================ 00:02:58.0593 1388 \Device\Harddisk0\DR0: 00:02:58.0593 1388 MBR partitions: 00:02:58.0593 1388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B8F9D 00:02:58.0609 1388 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88B901B, BlocksNum 0xA15BBE5 00:02:58.0609 1388 ============================================================ 00:02:58.0656 1388 C: <-> \Device\Harddisk0\DR0\Partition1 00:02:58.0781 1388 D: <-> \Device\Harddisk0\DR0\Partition2 00:02:58.0859 1388 ============================================================ 00:02:58.0859 1388 Initialize success 00:02:58.0859 1388 ============================================================ 00:03:18.0750 3252 ============================================================ 00:03:18.0750 3252 Scan started 00:03:18.0750 3252 Mode: Manual; SigCheck; TDLFS; 00:03:18.0750 3252 ============================================================ 00:03:21.0343 3252 ================ Scan system memory ======================== 00:03:21.0343 3252 System memory - ok 00:03:21.0343 3252 ================ Scan services ============================= 00:03:21.0500 3252 1394hub - ok 00:03:21.0515 3252 Abiosdsk - ok 00:03:21.0531 3252 abp470n5 - ok 00:03:21.0546 3252 abp480n5 - ok 00:03:21.0593 3252 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 00:03:22.0296 3252 ACPI ( UnsignedFile.Multi.Generic ) - warning 00:03:22.0296 3252 ACPI - detected UnsignedFile.Multi.Generic (1) 00:03:22.0359 3252 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 00:03:22.0437 3252 ACPIEC ( UnsignedFile.Multi.Generic ) - warning 00:03:22.0437 3252 ACPIEC - detected UnsignedFile.Multi.Generic (1) 00:03:22.0609 3252 [ 0FC9F9FFBCF23D4D2F3523DC9DEAA764 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 00:03:22.0703 3252 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning 00:03:22.0703 3252 Adobe LM Service - detected UnsignedFile.Multi.Generic (1) 00:03:22.0921 3252 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 00:03:23.0406 3252 AdobeFlashPlayerUpdateSvc - ok 00:03:23.0421 3252 adpu160m - ok 00:03:23.0437 3252 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys 00:03:23.0515 3252 aec ( UnsignedFile.Multi.Generic ) - warning 00:03:23.0515 3252 aec - detected UnsignedFile.Multi.Generic (1) 00:03:23.0546 3252 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys 00:03:23.0656 3252 AFD ( UnsignedFile.Multi.Generic ) - warning 00:03:23.0656 3252 AFD - detected UnsignedFile.Multi.Generic (1) 00:03:23.0687 3252 Aha154x - ok 00:03:23.0718 3252 aic78u2 - ok 00:03:23.0734 3252 aic78xx - ok 00:03:24.0000 3252 [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai c:\program files\common files\akamai/netsession_win_4f7fccd.dll 00:03:24.0000 3252 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22 00:03:24.0046 3252 Akamai ( HiddenFile.Multi.Generic ) - warning 00:03:24.0046 3252 Akamai - detected HiddenFile.Multi.Generic (1) 00:03:24.0093 3252 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll 00:03:24.0187 3252 Alerter ( UnsignedFile.Multi.Generic ) - warning 00:03:24.0187 3252 Alerter - detected UnsignedFile.Multi.Generic (1) 00:03:24.0203 3252 AliIde - ok 00:03:24.0218 3252 amsint - ok 00:03:24.0281 3252 [ 9325E49D555D8F12CE1735227DBB3D80 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 00:03:25.0312 3252 ApfiltrService - ok 00:03:25.0343 3252 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 00:03:25.0421 3252 AppMgmt ( UnsignedFile.Multi.Generic ) - warning 00:03:25.0421 3252 AppMgmt - detected UnsignedFile.Multi.Generic (1) 00:03:25.0515 3252 [ 7CAE93FE5511D0C0688CFA56CF241E31 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys 00:03:25.0765 3252 AR5416 ( UnsignedFile.Multi.Generic ) - warning 00:03:25.0765 3252 AR5416 - detected UnsignedFile.Multi.Generic (1) 00:03:25.0796 3252 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 00:03:25.0906 3252 Arp1394 ( UnsignedFile.Multi.Generic ) - warning 00:03:25.0906 3252 Arp1394 - detected UnsignedFile.Multi.Generic (1) 00:03:25.0921 3252 asc - ok 00:03:25.0937 3252 asc3350p - ok 00:03:25.0953 3252 asc3550 - ok 00:03:26.0109 3252 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 00:03:26.0531 3252 aspnet_state - ok 00:03:26.0546 3252 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 00:03:26.0625 3252 AsyncMac ( UnsignedFile.Multi.Generic ) - warning 00:03:26.0625 3252 AsyncMac - detected UnsignedFile.Multi.Generic (1) 00:03:26.0640 3252 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 00:03:26.0734 3252 atapi ( UnsignedFile.Multi.Generic ) - warning 00:03:26.0734 3252 atapi - detected UnsignedFile.Multi.Generic (1) 00:03:26.0781 3252 Atdisk - ok 00:03:27.0015 3252 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 00:03:27.0125 3252 Atmarpc ( UnsignedFile.Multi.Generic ) - warning 00:03:27.0125 3252 Atmarpc - detected UnsignedFile.Multi.Generic (1) 00:03:27.0187 3252 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 00:03:27.0250 3252 AudioSrv ( UnsignedFile.Multi.Generic ) - warning 00:03:27.0250 3252 AudioSrv - detected UnsignedFile.Multi.Generic (1) 00:03:27.0343 3252 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 00:03:27.0406 3252 audstub ( UnsignedFile.Multi.Generic ) - warning 00:03:27.0406 3252 audstub - detected UnsignedFile.Multi.Generic (1) 00:03:27.0437 3252 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 00:03:27.0562 3252 Beep ( UnsignedFile.Multi.Generic ) - warning 00:03:27.0562 3252 Beep - detected UnsignedFile.Multi.Generic (1) 00:03:27.0609 3252 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll 00:03:28.0359 3252 BITS ( UnsignedFile.Multi.Generic ) - warning 00:03:28.0359 3252 BITS - detected UnsignedFile.Multi.Generic (1) 00:03:28.0390 3252 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll 00:03:28.0468 3252 Browser ( UnsignedFile.Multi.Generic ) - warning 00:03:28.0468 3252 Browser - detected UnsignedFile.Multi.Generic (1) 00:03:28.0468 3252 ByakkoDriver - ok 00:03:28.0500 3252 ByakkoSvc - ok 00:03:28.0546 3252 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 00:03:28.0656 3252 cbidf2k ( UnsignedFile.Multi.Generic ) - warning 00:03:28.0656 3252 cbidf2k - detected UnsignedFile.Multi.Generic (1) 00:03:28.0718 3252 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 00:03:28.0781 3252 CCDECODE ( UnsignedFile.Multi.Generic ) - warning 00:03:28.0781 3252 CCDECODE - detected UnsignedFile.Multi.Generic (1) 00:03:29.0062 3252 cd20xrnt - ok 00:03:29.0140 3252 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 00:03:29.0203 3252 Cdaudio ( UnsignedFile.Multi.Generic ) - warning 00:03:29.0203 3252 Cdaudio - detected UnsignedFile.Multi.Generic (1) 00:03:30.0140 3252 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 00:03:30.0187 3252 Cdfs ( UnsignedFile.Multi.Generic ) - warning 00:03:30.0187 3252 Cdfs - detected UnsignedFile.Multi.Generic (1) 00:03:30.0250 3252 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 00:03:30.0265 3252 Cdrom ( UnsignedFile.Multi.Generic ) - warning 00:03:30.0265 3252 Cdrom - detected UnsignedFile.Multi.Generic (1) 00:03:30.0734 3252 Changer - ok 00:03:32.0531 3252 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe 00:03:32.0593 3252 CiSvc ( UnsignedFile.Multi.Generic ) - warning 00:03:32.0593 3252 CiSvc - detected UnsignedFile.Multi.Generic (1) 00:03:32.0609 3252 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 00:03:32.0640 3252 ClipSrv ( UnsignedFile.Multi.Generic ) - warning 00:03:32.0640 3252 ClipSrv - detected UnsignedFile.Multi.Generic (1) 00:03:32.0687 3252 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:03:32.0843 3252 clr_optimization_v2.0.50727_32 - ok 00:03:32.0921 3252 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:03:33.0093 3252 clr_optimization_v4.0.30319_32 - ok 00:03:33.0156 3252 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 00:03:33.0218 3252 CmBatt ( UnsignedFile.Multi.Generic ) - warning 00:03:33.0218 3252 CmBatt - detected UnsignedFile.Multi.Generic (1) 00:03:33.0234 3252 CmdIde - ok 00:03:33.0343 3252 [ E2D7F6AF93FE72DD840802797FAFE4D3 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDAU32.sys 00:03:33.0812 3252 CnxtHdAudService - ok 00:03:33.0875 3252 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 00:03:33.0937 3252 Compbatt ( UnsignedFile.Multi.Generic ) - warning 00:03:33.0937 3252 Compbatt - detected UnsignedFile.Multi.Generic (1) 00:03:33.0953 3252 COMSysApp - ok 00:03:33.0984 3252 Cpqarray - ok 00:03:34.0031 3252 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 00:03:34.0078 3252 CryptSvc ( UnsignedFile.Multi.Generic ) - warning 00:03:34.0078 3252 CryptSvc - detected UnsignedFile.Multi.Generic (1) 00:03:34.0093 3252 Da12prp - ok 00:03:34.0125 3252 dac2w2k - ok 00:03:34.0140 3252 dac960nt - ok 00:03:34.0203 3252 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 00:03:34.0312 3252 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning 00:03:34.0312 3252 DcomLaunch - detected UnsignedFile.Multi.Generic (1) 00:03:34.0359 3252 [ D8522960163FA593694E441194A9A574 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys 00:03:34.0531 3252 dg_ssudbus - ok 00:03:34.0625 3252 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 00:03:34.0671 3252 Dhcp ( UnsignedFile.Multi.Generic ) - warning 00:03:34.0671 3252 Dhcp - detected UnsignedFile.Multi.Generic (1) 00:03:34.0718 3252 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 00:03:34.0750 3252 Disk ( UnsignedFile.Multi.Generic ) - warning 00:03:34.0765 3252 Disk - detected UnsignedFile.Multi.Generic (1) 00:03:34.0765 3252 dmadmin - ok 00:03:34.0843 3252 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 00:03:35.0000 3252 dmboot ( UnsignedFile.Multi.Generic ) - warning 00:03:35.0000 3252 dmboot - detected UnsignedFile.Multi.Generic (1) 00:03:35.0046 3252 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys 00:03:35.0125 3252 dmio ( UnsignedFile.Multi.Generic ) - warning 00:03:35.0125 3252 dmio - detected UnsignedFile.Multi.Generic (1) 00:03:35.0234 3252 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 00:03:35.0312 3252 dmload ( UnsignedFile.Multi.Generic ) - warning 00:03:35.0312 3252 dmload - detected UnsignedFile.Multi.Generic (1) 00:03:35.0375 3252 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll 00:03:35.0421 3252 dmserver ( UnsignedFile.Multi.Generic ) - warning 00:03:35.0421 3252 dmserver - detected UnsignedFile.Multi.Generic (1) 00:03:35.0437 3252 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 00:03:35.0546 3252 DMusic ( UnsignedFile.Multi.Generic ) - warning 00:03:35.0546 3252 DMusic - detected UnsignedFile.Multi.Generic (1) 00:03:35.0578 3252 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 00:03:35.0687 3252 Dnscache ( UnsignedFile.Multi.Generic ) - warning 00:03:35.0687 3252 Dnscache - detected UnsignedFile.Multi.Generic (1) 00:03:35.0687 3252 dpti2o - ok 00:03:35.0703 3252 dpti930 - ok 00:03:35.0843 3252 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 00:03:35.0875 3252 drmkaud ( UnsignedFile.Multi.Generic ) - warning 00:03:35.0875 3252 drmkaud - detected UnsignedFile.Multi.Generic (1) 00:03:35.0890 3252 EagleNT - ok 00:03:35.0906 3252 EagleXNt - ok 00:03:35.0953 3252 [ B8EAC99B14772BDC36CA963AED109FA2 ] ElRawDisk C:\WINDOWS\system32\drivers\dddsk.sys 00:03:36.0046 3252 ElRawDisk - ok 00:03:36.0093 3252 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll 00:03:36.0375 3252 ERSvc ( UnsignedFile.Multi.Generic ) - warning 00:03:36.0375 3252 ERSvc - detected UnsignedFile.Multi.Generic (1) 00:03:36.0453 3252 [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog C:\WINDOWS\system32\services.exe 00:03:36.0546 3252 Eventlog ( UnsignedFile.Multi.Generic ) - warning 00:03:36.0546 3252 Eventlog - detected UnsignedFile.Multi.Generic (1) 00:03:36.0656 3252 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\system32\es.dll 00:03:36.0687 3252 EventSystem ( UnsignedFile.Multi.Generic ) - warning 00:03:36.0687 3252 EventSystem - detected UnsignedFile.Multi.Generic (1) 00:03:36.0765 3252 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 00:03:36.0859 3252 Fastfat ( UnsignedFile.Multi.Generic ) - warning 00:03:36.0859 3252 Fastfat - detected UnsignedFile.Multi.Generic (1) 00:03:36.0906 3252 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 00:03:36.0968 3252 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning 00:03:36.0968 3252 FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1) 00:03:36.0984 3252 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 00:03:37.0000 3252 Fdc ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0000 3252 Fdc - detected UnsignedFile.Multi.Generic (1) 00:03:37.0062 3252 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys 00:03:37.0093 3252 Fips ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0093 3252 Fips - detected UnsignedFile.Multi.Generic (1) 00:03:37.0125 3252 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 00:03:37.0140 3252 Flpydisk ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0140 3252 Flpydisk - detected UnsignedFile.Multi.Generic (1) 00:03:37.0187 3252 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 00:03:37.0218 3252 FltMgr ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0218 3252 FltMgr - detected UnsignedFile.Multi.Generic (1) 00:03:37.0265 3252 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 00:03:37.0281 3252 FontCache3.0.0.0 - ok 00:03:37.0296 3252 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 00:03:37.0312 3252 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0312 3252 Fs_Rec - detected UnsignedFile.Multi.Generic (1) 00:03:37.0343 3252 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 00:03:37.0359 3252 Ftdisk ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0359 3252 Ftdisk - detected UnsignedFile.Multi.Generic (1) 00:03:37.0390 3252 [ 9599A713E1776B8F69300FC9008F33C1 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll 00:03:37.0406 3252 getPlusHelper - ok 00:03:37.0406 3252 GGSAFERDriver - ok 00:03:37.0453 3252 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 00:03:37.0468 3252 Gpc ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0468 3252 Gpc - detected UnsignedFile.Multi.Generic (1) 00:03:37.0468 3252 GUCI_AVS - ok 00:03:37.0531 3252 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 00:03:37.0546 3252 gupdate - ok 00:03:37.0562 3252 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 00:03:37.0578 3252 gupdatem - ok 00:03:37.0609 3252 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys 00:03:37.0625 3252 hamachi - ok 00:03:37.0656 3252 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 00:03:37.0671 3252 HDAudBus ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0671 3252 HDAudBus - detected UnsignedFile.Multi.Generic (1) 00:03:37.0718 3252 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 00:03:37.0734 3252 helpsvc ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0734 3252 helpsvc - detected UnsignedFile.Multi.Generic (1) 00:03:37.0750 3252 HidServ - ok 00:03:37.0781 3252 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 00:03:37.0781 3252 HidUsb ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0781 3252 HidUsb - detected UnsignedFile.Multi.Generic (1) 00:03:37.0796 3252 hpn - ok 00:03:37.0859 3252 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 00:03:37.0875 3252 HPZid412 ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0875 3252 HPZid412 - detected UnsignedFile.Multi.Generic (1) 00:03:37.0875 3252 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 00:03:37.0906 3252 HPZipr12 ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0906 3252 HPZipr12 - detected UnsignedFile.Multi.Generic (1) 00:03:37.0937 3252 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 00:03:37.0953 3252 HPZius12 ( UnsignedFile.Multi.Generic ) - warning 00:03:37.0953 3252 HPZius12 - detected UnsignedFile.Multi.Generic (1) 00:03:38.0000 3252 [ 7290FB97535C317A237D4C73149C7E2C ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 00:03:38.0031 3252 HSFHWAZL ( UnsignedFile.Multi.Generic ) - warning 00:03:38.0031 3252 HSFHWAZL - detected UnsignedFile.Multi.Generic (1) 00:03:38.0062 3252 [ F362C0B442337DA8AB0608DFAA4CA076 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 00:03:38.0140 3252 HSF_DPV ( UnsignedFile.Multi.Generic ) - warning 00:03:38.0140 3252 HSF_DPV - detected UnsignedFile.Multi.Generic (1) 00:03:38.0171 3252 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 00:03:38.0187 3252 HTTP ( UnsignedFile.Multi.Generic ) - warning 00:03:38.0187 3252 HTTP - detected UnsignedFile.Multi.Generic (1) 00:03:38.0218 3252 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 00:03:38.0250 3252 HTTPFilter ( UnsignedFile.Multi.Generic ) - warning 00:03:38.0250 3252 HTTPFilter - detected UnsignedFile.Multi.Generic (1) 00:03:38.0265 3252 i2omgmt - ok 00:03:38.0265 3252 i2omp - ok 00:03:38.0312 3252 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 00:03:38.0328 3252 i8042prt ( UnsignedFile.Multi.Generic ) - warning 00:03:38.0328 3252 i8042prt - detected UnsignedFile.Multi.Generic (1) 00:03:38.0609 3252 [ BD9462E346229F37FD5B95FBCB6D3D34 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 00:03:38.0906 3252 ialm - ok 00:03:38.0984 3252 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 00:03:39.0046 3252 idsvc - ok 00:03:39.0046 3252 IlvMoneyDRIVER53 - ok 00:03:39.0093 3252 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 00:03:39.0109 3252 Imapi ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0109 3252 Imapi - detected UnsignedFile.Multi.Generic (1) 00:03:39.0125 3252 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe 00:03:39.0156 3252 ImapiService ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0156 3252 ImapiService - detected UnsignedFile.Multi.Generic (1) 00:03:39.0171 3252 ini910u - ok 00:03:39.0171 3252 IntelIde - ok 00:03:39.0187 3252 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 00:03:39.0203 3252 intelppm ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0203 3252 intelppm - detected UnsignedFile.Multi.Generic (1) 00:03:39.0234 3252 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 00:03:39.0250 3252 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0250 3252 Ip6Fw - detected UnsignedFile.Multi.Generic (1) 00:03:39.0281 3252 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 00:03:39.0281 3252 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0281 3252 IpFilterDriver - detected UnsignedFile.Multi.Generic (1) 00:03:39.0296 3252 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 00:03:39.0312 3252 IpInIp ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0312 3252 IpInIp - detected UnsignedFile.Multi.Generic (1) 00:03:39.0343 3252 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 00:03:39.0359 3252 IpNat ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0359 3252 IpNat - detected UnsignedFile.Multi.Generic (1) 00:03:39.0390 3252 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 00:03:39.0406 3252 IPSec ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0406 3252 IPSec - detected UnsignedFile.Multi.Generic (1) 00:03:39.0421 3252 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 00:03:39.0437 3252 IRENUM ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0437 3252 IRENUM - detected UnsignedFile.Multi.Generic (1) 00:03:39.0468 3252 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 00:03:39.0468 3252 isapnp ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0468 3252 isapnp - detected UnsignedFile.Multi.Generic (1) 00:03:39.0578 3252 [ B4D322EE642EFFAB2CBAD638CDB7751D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe 00:03:39.0593 3252 JavaQuickStarterService ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0593 3252 JavaQuickStarterService - detected UnsignedFile.Multi.Generic (1) 00:03:39.0625 3252 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 00:03:39.0625 3252 Kbdclass ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0625 3252 Kbdclass - detected UnsignedFile.Multi.Generic (1) 00:03:39.0656 3252 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 00:03:39.0687 3252 kmixer ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0703 3252 kmixer - detected UnsignedFile.Multi.Generic (1) 00:03:39.0718 3252 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 00:03:39.0765 3252 KMWDFILTER - ok 00:03:39.0781 3252 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 00:03:39.0812 3252 KSecDD ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0812 3252 KSecDD - detected UnsignedFile.Multi.Generic (1) 00:03:39.0859 3252 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 00:03:39.0875 3252 lanmanserver ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0875 3252 lanmanserver - detected UnsignedFile.Multi.Generic (1) 00:03:39.0890 3252 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 00:03:39.0953 3252 lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning 00:03:39.0953 3252 lanmanworkstation - detected UnsignedFile.Multi.Generic (1) 00:03:39.0953 3252 lbrtfdc - ok 00:03:40.0015 3252 LcAgent - ok 00:03:40.0078 3252 [ 98D884ADC0B8C0FEBCC9D7BEE6D86F90 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 00:03:40.0109 3252 LightScribeService - ok 00:03:40.0125 3252 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 00:03:40.0140 3252 LmHosts ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0140 3252 LmHosts - detected UnsignedFile.Multi.Generic (1) 00:03:40.0187 3252 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 00:03:40.0187 3252 MBAMProtector - ok 00:03:40.0281 3252 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 00:03:40.0328 3252 MBAMService - ok 00:03:40.0328 3252 mcdbus - ok 00:03:40.0375 3252 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 00:03:40.0390 3252 mdmxsdk ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0390 3252 mdmxsdk - detected UnsignedFile.Multi.Generic (1) 00:03:40.0421 3252 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll 00:03:40.0437 3252 Messenger ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0437 3252 Messenger - detected UnsignedFile.Multi.Generic (1) 00:03:40.0468 3252 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 00:03:40.0484 3252 mnmdd ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0484 3252 mnmdd - detected UnsignedFile.Multi.Generic (1) 00:03:40.0515 3252 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 00:03:40.0546 3252 mnmsrvc ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0546 3252 mnmsrvc - detected UnsignedFile.Multi.Generic (1) 00:03:40.0578 3252 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 00:03:40.0593 3252 Modem ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0593 3252 Modem - detected UnsignedFile.Multi.Generic (1) 00:03:40.0609 3252 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 00:03:40.0625 3252 Mouclass ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0625 3252 Mouclass - detected UnsignedFile.Multi.Generic (1) 00:03:40.0656 3252 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 00:03:40.0671 3252 mouhid ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0671 3252 mouhid - detected UnsignedFile.Multi.Generic (1) 00:03:40.0703 3252 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 00:03:40.0703 3252 MountMgr ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0703 3252 MountMgr - detected UnsignedFile.Multi.Generic (1) 00:03:40.0750 3252 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 00:03:40.0781 3252 MozillaMaintenance - ok 00:03:40.0796 3252 mraid35x - ok 00:03:40.0796 3252 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 00:03:40.0828 3252 MRxDAV ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0828 3252 MRxDAV - detected UnsignedFile.Multi.Generic (1) 00:03:40.0875 3252 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 00:03:40.0890 3252 MRxSmb ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0890 3252 MRxSmb - detected UnsignedFile.Multi.Generic (1) 00:03:40.0953 3252 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 00:03:40.0953 3252 MSDTC ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0953 3252 MSDTC - detected UnsignedFile.Multi.Generic (1) 00:03:40.0968 3252 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 00:03:40.0984 3252 Msfs ( UnsignedFile.Multi.Generic ) - warning 00:03:40.0984 3252 Msfs - detected UnsignedFile.Multi.Generic (1) 00:03:40.0984 3252 MSIServer - ok 00:03:41.0046 3252 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 00:03:41.0093 3252 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning 00:03:41.0093 3252 MSKSSRV - detected UnsignedFile.Multi.Generic (1) 00:03:41.0140 3252 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 00:03:41.0171 3252 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning 00:03:41.0171 3252 MSPCLOCK - detected UnsignedFile.Multi.Generic (1) 00:03:41.0218 3252 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 00:03:41.0234 3252 MSPQM ( UnsignedFile.Multi.Generic ) - warning 00:03:41.0234 3252 MSPQM - detected UnsignedFile.Multi.Generic (1) 00:03:41.0250 3252 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 00:03:41.0265 3252 mssmbios ( UnsignedFile.Multi.Generic ) - warning 00:03:41.0265 3252 mssmbios - detected UnsignedFile.Multi.Generic (1) 00:03:41.0281 3252 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 00:03:41.0296 3252 MSTEE ( UnsignedFile.Multi.Generic ) - warning 00:03:41.0296 3252 MSTEE - detected UnsignedFile.Multi.Generic (1) 00:03:41.0312 3252 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 00:03:49.0875 3252 Mup ( UnsignedFile.Multi.Generic ) - warning 00:03:49.0875 3252 Mup - detected UnsignedFile.Multi.Generic (1) 00:03:49.0921 3252 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 00:03:50.0140 3252 NABTSFEC ( UnsignedFile.Multi.Generic ) - warning 00:03:50.0140 3252 NABTSFEC - detected UnsignedFile.Multi.Generic (1) 00:03:50.0171 3252 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 00:03:50.0234 3252 NDIS ( UnsignedFile.Multi.Generic ) - warning 00:03:50.0234 3252 NDIS - detected UnsignedFile.Multi.Generic (1) 00:03:50.0265 3252 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 00:03:50.0328 3252 NdisIP ( UnsignedFile.Multi.Generic ) - warning 00:03:50.0328 3252 NdisIP - detected UnsignedFile.Multi.Generic (1) 00:03:50.0359 3252 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 00:03:50.0484 3252 NdisTapi ( UnsignedFile.Multi.Generic ) - warning 00:03:50.0500 3252 NdisTapi - detected UnsignedFile.Multi.Generic (1) 00:03:50.0671 3252 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 00:03:50.0906 3252 Ndisuio ( UnsignedFile.Multi.Generic ) - warning 00:03:50.0906 3252 Ndisuio - detected UnsignedFile.Multi.Generic (1) 00:03:51.0000 3252 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 00:03:51.0046 3252 NdisWan ( UnsignedFile.Multi.Generic ) - warning 00:03:51.0046 3252 NdisWan - detected UnsignedFile.Multi.Generic (1) 00:03:51.0140 3252 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 00:03:51.0203 3252 NDProxy ( UnsignedFile.Multi.Generic ) - warning 00:03:51.0203 3252 NDProxy - detected UnsignedFile.Multi.Generic (1) 00:03:51.0250 3252 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 00:03:51.0281 3252 NetBIOS ( UnsignedFile.Multi.Generic ) - warning 00:03:51.0281 3252 NetBIOS - detected UnsignedFile.Multi.Generic (1) 00:03:51.0375 3252 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 00:03:51.0375 3252 NetBT ( UnsignedFile.Multi.Generic ) - warning 00:03:51.0375 3252 NetBT - detected UnsignedFile.Multi.Generic (1) 00:03:51.0421 3252 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe 00:03:51.0453 3252 NetDDE ( UnsignedFile.Multi.Generic ) - warning 00:03:51.0453 3252 NetDDE - detected UnsignedFile.Multi.Generic (1) 00:03:51.0453 3252 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 00:03:51.0484 3252 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning 00:03:51.0484 3252 NetDDEdsdm - detected UnsignedFile.Multi.Generic (1) 00:03:51.0531 3252 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe 00:03:51.0609 3252 Netlogon ( UnsignedFile.Multi.Generic ) - warning 00:03:51.0609 3252 Netlogon - detected UnsignedFile.Multi.Generic (1) 00:03:51.0656 3252 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll 00:03:51.0812 3252 Netman ( UnsignedFile.Multi.Generic ) - warning 00:03:51.0812 3252 Netman - detected UnsignedFile.Multi.Generic (1) 00:03:51.0875 3252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 00:03:51.0921 3252 NetTcpPortSharing - ok 00:03:51.0937 3252 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 00:03:51.0953 3252 NIC1394 ( UnsignedFile.Multi.Generic ) - warning 00:03:51.0953 3252 NIC1394 - detected UnsignedFile.Multi.Generic (1) 00:03:51.0984 3252 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll 00:03:52.0015 3252 Nla ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0015 3252 Nla - detected UnsignedFile.Multi.Generic (1) 00:03:52.0062 3252 NMIndexingService - ok 00:03:52.0078 3252 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 00:03:52.0093 3252 Npfs ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0093 3252 Npfs - detected UnsignedFile.Multi.Generic (1) 00:03:52.0109 3252 npggsvc - ok 00:03:52.0125 3252 npkcrypt - ok 00:03:52.0171 3252 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 00:03:52.0203 3252 Ntfs ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0203 3252 Ntfs - detected UnsignedFile.Multi.Generic (1) 00:03:52.0218 3252 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 00:03:52.0234 3252 NtLmSsp ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0234 3252 NtLmSsp - detected UnsignedFile.Multi.Generic (1) 00:03:52.0281 3252 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 00:03:52.0343 3252 NtmsSvc ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0343 3252 NtmsSvc - detected UnsignedFile.Multi.Generic (1) 00:03:52.0359 3252 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 00:03:52.0375 3252 Null ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0375 3252 Null - detected UnsignedFile.Multi.Generic (1) 00:03:52.0406 3252 [ BE20FCAEC36A7DD5FD3B4B4E52318D00 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll 00:03:52.0406 3252 NWCWorkstation ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0406 3252 NWCWorkstation - detected UnsignedFile.Multi.Generic (1) 00:03:52.0437 3252 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 00:03:52.0468 3252 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0468 3252 NwlnkFlt - detected UnsignedFile.Multi.Generic (1) 00:03:52.0484 3252 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 00:03:52.0515 3252 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0515 3252 NwlnkFwd - detected UnsignedFile.Multi.Generic (1) 00:03:52.0562 3252 [ 79EA3FCDA7067977625B3363A2657C80 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 00:03:52.0578 3252 NwlnkIpx ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0578 3252 NwlnkIpx - detected UnsignedFile.Multi.Generic (1) 00:03:52.0578 3252 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 00:03:52.0593 3252 NwlnkNb ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0593 3252 NwlnkNb - detected UnsignedFile.Multi.Generic (1) 00:03:52.0609 3252 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 00:03:52.0625 3252 NwlnkSpx ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0625 3252 NwlnkSpx - detected UnsignedFile.Multi.Generic (1) 00:03:52.0640 3252 [ 03373A79440473062C6F3AEDEC6A49C8 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys 00:03:52.0656 3252 NWRDR ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0656 3252 NWRDR - detected UnsignedFile.Multi.Generic (1) 00:03:52.0671 3252 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 00:03:52.0687 3252 ohci1394 ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0687 3252 ohci1394 - detected UnsignedFile.Multi.Generic (1) 00:03:52.0718 3252 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 00:03:52.0718 3252 Parport ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0718 3252 Parport - detected UnsignedFile.Multi.Generic (1) 00:03:52.0734 3252 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 00:03:52.0750 3252 PartMgr ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0750 3252 PartMgr - detected UnsignedFile.Multi.Generic (1) 00:03:52.0781 3252 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 00:03:52.0781 3252 ParVdm ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0781 3252 ParVdm - detected UnsignedFile.Multi.Generic (1) 00:03:52.0796 3252 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 00:03:52.0812 3252 PCI ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0812 3252 PCI - detected UnsignedFile.Multi.Generic (1) 00:03:52.0828 3252 PCIDump - ok 00:03:52.0859 3252 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 00:03:52.0875 3252 PCIIde ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0875 3252 PCIIde - detected UnsignedFile.Multi.Generic (1) 00:03:52.0906 3252 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys 00:03:52.0921 3252 Pcmcia ( UnsignedFile.Multi.Generic ) - warning 00:03:52.0921 3252 Pcmcia - detected UnsignedFile.Multi.Generic (1) 00:03:52.0921 3252 PDCOMP - ok 00:03:52.0937 3252 PDFRAME - ok 00:03:52.0937 3252 PDRELI - ok 00:03:52.0953 3252 PDRFRAME - ok 00:03:52.0953 3252 perc2 - ok 00:03:52.0968 3252 perc2hib - ok 00:03:53.0000 3252 [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay C:\WINDOWS\system32\services.exe 00:03:53.0015 3252 PlugPlay ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0015 3252 PlugPlay - detected UnsignedFile.Multi.Generic (1) 00:03:53.0093 3252 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe 00:03:53.0109 3252 PnkBstrA - ok 00:03:53.0125 3252 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 00:03:53.0125 3252 PolicyAgent ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0125 3252 PolicyAgent - detected UnsignedFile.Multi.Generic (1) 00:03:53.0156 3252 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 00:03:53.0171 3252 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0171 3252 PptpMiniport - detected UnsignedFile.Multi.Generic (1) 00:03:53.0187 3252 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 00:03:53.0187 3252 ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0187 3252 ProtectedStorage - detected UnsignedFile.Multi.Generic (1) 00:03:53.0203 3252 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 00:03:53.0218 3252 PSched ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0218 3252 PSched - detected UnsignedFile.Multi.Generic (1) 00:03:53.0234 3252 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 00:03:53.0250 3252 Ptilink ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0250 3252 Ptilink - detected UnsignedFile.Multi.Generic (1) 00:03:53.0281 3252 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 00:03:53.0296 3252 PxHelp20 - ok 00:03:53.0312 3252 ql1080 - ok 00:03:53.0312 3252 Ql10wnt - ok 00:03:53.0312 3252 ql12160 - ok 00:03:53.0328 3252 ql1240 - ok 00:03:53.0328 3252 ql1280 - ok 00:03:53.0343 3252 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 00:03:53.0359 3252 RasAcd ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0359 3252 RasAcd - detected UnsignedFile.Multi.Generic (1) 00:03:53.0406 3252 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll 00:03:53.0406 3252 RasAuto ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0406 3252 RasAuto - detected UnsignedFile.Multi.Generic (1) 00:03:53.0421 3252 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 00:03:53.0437 3252 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0437 3252 Rasl2tp - detected UnsignedFile.Multi.Generic (1) 00:03:53.0453 3252 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll 00:03:53.0484 3252 RasMan ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0484 3252 RasMan - detected UnsignedFile.Multi.Generic (1) 00:03:53.0484 3252 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 00:03:53.0500 3252 RasPppoe ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0500 3252 RasPppoe - detected UnsignedFile.Multi.Generic (1) 00:03:53.0500 3252 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 00:03:53.0515 3252 Raspti ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0515 3252 Raspti - detected UnsignedFile.Multi.Generic (1) 00:03:53.0546 3252 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 00:03:53.0562 3252 Rdbss ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0562 3252 Rdbss - detected UnsignedFile.Multi.Generic (1) 00:03:53.0578 3252 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 00:03:53.0593 3252 RDPCDD ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0593 3252 RDPCDD - detected UnsignedFile.Multi.Generic (1) 00:03:53.0625 3252 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 00:03:53.0625 3252 rdpdr ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0625 3252 rdpdr - detected UnsignedFile.Multi.Generic (1) 00:03:53.0656 3252 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 00:03:53.0687 3252 RDPWD ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0687 3252 RDPWD - detected UnsignedFile.Multi.Generic (1) 00:03:53.0718 3252 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 00:03:53.0734 3252 RDSessMgr ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0734 3252 RDSessMgr - detected UnsignedFile.Multi.Generic (1) 00:03:53.0765 3252 [ 4852F5015591F503D4C52FA3AB0C1662 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 00:03:53.0765 3252 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 4852F5015591F503D4C52FA3AB0C1662, Fake md5: B31B4588E4086D8D84ADBF9845C2402B 00:03:53.0765 3252 redbook ( Rootkit.Win32.TDSS.tdl3 ) - infected 00:03:53.0765 3252 redbook - detected Rootkit.Win32.TDSS.tdl3 (0) 00:03:53.0781 3252 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 00:03:53.0812 3252 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0812 3252 RemoteAccess - detected UnsignedFile.Multi.Generic (1) 00:03:53.0843 3252 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 00:03:53.0875 3252 RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0875 3252 RemoteRegistry - detected UnsignedFile.Multi.Generic (1) 00:03:53.0906 3252 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 00:03:53.0921 3252 rimmptsk ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0921 3252 rimmptsk - detected UnsignedFile.Multi.Generic (1) 00:03:53.0953 3252 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys 00:03:53.0968 3252 ROOTMODEM ( UnsignedFile.Multi.Generic ) - warning 00:03:53.0968 3252 ROOTMODEM - detected UnsignedFile.Multi.Generic (1) 00:03:53.0984 3252 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe 00:03:54.0000 3252 RpcLocator ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0000 3252 RpcLocator - detected UnsignedFile.Multi.Generic (1) 00:03:54.0062 3252 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs C:\WINDOWS\system32\rpcss.dll 00:03:54.0109 3252 RpcSs ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0109 3252 RpcSs - detected UnsignedFile.Multi.Generic (1) 00:03:54.0125 3252 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 00:03:54.0156 3252 RSVP ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0156 3252 RSVP - detected UnsignedFile.Multi.Generic (1) 00:03:54.0187 3252 [ 7174F20AD9B7B7878A51ECCA03C499C2 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 00:03:54.0203 3252 RTLE8023xp ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0203 3252 RTLE8023xp - detected UnsignedFile.Multi.Generic (1) 00:03:54.0218 3252 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe 00:03:54.0234 3252 SamSs ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0234 3252 SamSs - detected UnsignedFile.Multi.Generic (1) 00:03:54.0234 3252 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 00:03:54.0265 3252 SCardSvr ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0265 3252 SCardSvr - detected UnsignedFile.Multi.Generic (1) 00:03:54.0296 3252 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll 00:03:54.0312 3252 Schedule ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0312 3252 Schedule - detected UnsignedFile.Multi.Generic (1) 00:03:54.0312 3252 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys 00:03:54.0343 3252 sdbus ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0343 3252 sdbus - detected UnsignedFile.Multi.Generic (1) 00:03:54.0375 3252 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 00:03:54.0390 3252 Secdrv ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0390 3252 Secdrv - detected UnsignedFile.Multi.Generic (1) 00:03:54.0406 3252 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll 00:03:54.0437 3252 seclogon ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0437 3252 seclogon - detected UnsignedFile.Multi.Generic (1) 00:03:54.0453 3252 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll 00:03:54.0484 3252 SENS ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0484 3252 SENS - detected UnsignedFile.Multi.Generic (1) 00:03:54.0500 3252 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys 00:03:54.0515 3252 Serial ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0515 3252 Serial - detected UnsignedFile.Multi.Generic (1) 00:03:54.0578 3252 [ 1D9F1BEC651815741F088A8FB88E17EE ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys 00:03:54.0593 3252 sffdisk ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0593 3252 sffdisk - detected UnsignedFile.Multi.Generic (1) 00:03:54.0609 3252 [ 586499FD312FFD7F78553F408E71682E ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 00:03:54.0609 3252 sffp_sd ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0609 3252 sffp_sd - detected UnsignedFile.Multi.Generic (1) 00:03:54.0625 3252 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 00:03:54.0640 3252 Sfloppy ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0640 3252 Sfloppy - detected UnsignedFile.Multi.Generic (1) 00:03:54.0687 3252 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 00:03:54.0718 3252 SharedAccess ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0718 3252 SharedAccess - detected UnsignedFile.Multi.Generic (1) 00:03:54.0765 3252 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 00:03:54.0781 3252 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0781 3252 ShellHWDetection - detected UnsignedFile.Multi.Generic (1) 00:03:54.0781 3252 Simbad - ok 00:03:54.0796 3252 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 00:03:54.0812 3252 SLIP ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0812 3252 SLIP - detected UnsignedFile.Multi.Generic (1) 00:03:54.0828 3252 Sparrow - ok 00:03:54.0843 3252 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys 00:03:54.0859 3252 splitter ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0859 3252 splitter - detected UnsignedFile.Multi.Generic (1) 00:03:54.0875 3252 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe 00:03:54.0890 3252 Spooler ( UnsignedFile.Multi.Generic ) - warning 00:03:54.0890 3252 Spooler - detected UnsignedFile.Multi.Generic (1) 00:03:54.0937 3252 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\WINDOWS\System32\Drivers\sptd.sys 00:03:54.0968 3252 sptd - ok 00:03:55.0000 3252 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 00:03:55.0015 3252 sr ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0015 3252 sr - detected UnsignedFile.Multi.Generic (1) 00:03:55.0046 3252 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll 00:03:55.0062 3252 srservice ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0062 3252 srservice - detected UnsignedFile.Multi.Generic (1) 00:03:55.0093 3252 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 00:03:55.0125 3252 Srv ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0125 3252 Srv - detected UnsignedFile.Multi.Generic (1) 00:03:55.0140 3252 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 00:03:55.0171 3252 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0171 3252 SSDPSRV - detected UnsignedFile.Multi.Generic (1) 00:03:55.0203 3252 [ 1B4052F016BA5E087689ABA536A0A927 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys 00:03:55.0234 3252 ssudmdm - ok 00:03:55.0281 3252 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll 00:03:55.0312 3252 stisvc ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0312 3252 stisvc - detected UnsignedFile.Multi.Generic (1) 00:03:55.0359 3252 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 00:03:55.0375 3252 streamip ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0375 3252 streamip - detected UnsignedFile.Multi.Generic (1) 00:03:55.0406 3252 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 00:03:55.0421 3252 swenum ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0421 3252 swenum - detected UnsignedFile.Multi.Generic (1) 00:03:55.0437 3252 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 00:03:55.0453 3252 swmidi ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0453 3252 swmidi - detected UnsignedFile.Multi.Generic (1) 00:03:55.0468 3252 SwPrv - ok 00:03:55.0468 3252 symc810 - ok 00:03:55.0484 3252 symc8xx - ok 00:03:55.0500 3252 sym_hi - ok 00:03:55.0500 3252 sym_u3 - ok 00:03:55.0531 3252 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 00:03:55.0546 3252 sysaudio ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0546 3252 sysaudio - detected UnsignedFile.Multi.Generic (1) 00:03:55.0609 3252 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 00:03:55.0640 3252 SysmonLog ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0640 3252 SysmonLog - detected UnsignedFile.Multi.Generic (1) 00:03:55.0687 3252 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 00:03:55.0703 3252 TapiSrv ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0703 3252 TapiSrv - detected UnsignedFile.Multi.Generic (1) 00:03:55.0781 3252 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 00:03:55.0843 3252 Tcpip ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0843 3252 Tcpip - detected UnsignedFile.Multi.Generic (1) 00:03:55.0859 3252 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 00:03:55.0890 3252 TDPIPE ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0890 3252 TDPIPE - detected UnsignedFile.Multi.Generic (1) 00:03:55.0906 3252 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 00:03:55.0937 3252 TDTCP ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0937 3252 TDTCP - detected UnsignedFile.Multi.Generic (1) 00:03:55.0968 3252 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 00:03:55.0968 3252 TermDD ( UnsignedFile.Multi.Generic ) - warning 00:03:55.0968 3252 TermDD - detected UnsignedFile.Multi.Generic (1) 00:03:56.0015 3252 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll 00:03:56.0046 3252 TermService ( UnsignedFile.Multi.Generic ) - warning 00:03:56.0046 3252 TermService - detected UnsignedFile.Multi.Generic (1) 00:03:56.0062 3252 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll 00:03:56.0093 3252 Themes ( UnsignedFile.Multi.Generic ) - warning 00:03:56.0093 3252 Themes - detected UnsignedFile.Multi.Generic (1) 00:03:56.0140 3252 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 00:03:56.0203 3252 TlntSvr ( UnsignedFile.Multi.Generic ) - warning 00:03:56.0203 3252 TlntSvr - detected UnsignedFile.Multi.Generic (1) 00:03:56.0328 3252 [ D9A627A7F98C3E1A47EC7D8724F06C4F ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe 00:03:56.0343 3252 TOSHIBA Bluetooth Service - ok 00:03:56.0359 3252 TosIde - ok 00:03:56.0406 3252 [ 2C15B4856F929AC7DD144044D8334B54 ] tosporte C:\WINDOWS\system32\DRIVERS\tosporte.sys 00:03:56.0421 3252 tosporte ( UnsignedFile.Multi.Generic ) - warning 00:03:56.0421 3252 tosporte - detected UnsignedFile.Multi.Generic (1) 00:03:56.0453 3252 [ CD6E9C27ADC6B37B0B3DF29CC83E15A7 ] tosrfbd C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 00:03:56.0484 3252 tosrfbd ( UnsignedFile.Multi.Generic ) - warning 00:03:56.0484 3252 tosrfbd - detected UnsignedFile.Multi.Generic (1) 00:03:56.0500 3252 [ 181E217A7A326817D97946D045B3CB46 ] tosrfbnp C:\WINDOWS\system32\Drivers\tosrfbnp.sys 00:03:56.0531 3252 tosrfbnp ( UnsignedFile.Multi.Generic ) - warning 00:03:56.0531 3252 tosrfbnp - detected UnsignedFile.Multi.Generic (1) 00:03:56.0546 3252 [ 4579B035AE3AC8044DF72621AF734894 ] Tosrfcom C:\WINDOWS\system32\Drivers\tosrfcom.sys 00:03:56.0578 3252 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning 00:03:56.0578 3252 Tosrfcom - detected UnsignedFile.Multi.Generic (1) 00:03:56.0578 3252 [ D3F87C46C7C9E5DB99FBD3D17121B891 ] Tosrfhid C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 00:03:56.0625 3252 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning 00:03:56.0625 3252 Tosrfhid - detected UnsignedFile.Multi.Generic (1) 00:03:56.0656 3252 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 00:03:56.0671 3252 tosrfnds ( UnsignedFile.Multi.Generic ) - warning 00:03:56.0671 3252 tosrfnds - detected UnsignedFile.Multi.Generic (1) 00:03:56.0703 3252 [ 156D63F6898E4D95F2962F2B72862868 ] TosRfSnd C:\WINDOWS\system32\drivers\tosrfsnd.sys 00:03:56.0718 3252 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning 00:03:56.0718 3252 TosRfSnd - detected UnsignedFile.Multi.Generic (1) 00:03:56.0765 3252 [ F6680C77BE134C81CC67F91986022701 ] Tosrfusb C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 00:03:56.0859 3252 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning 00:03:56.0859 3252 Tosrfusb - detected UnsignedFile.Multi.Generic (1) 00:03:56.0937 3252 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll 00:03:56.0968 3252 TrkWks ( UnsignedFile.Multi.Generic ) - warning 00:03:56.0968 3252 TrkWks - detected UnsignedFile.Multi.Generic (1) 00:03:57.0031 3252 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 00:03:57.0046 3252 Udfs ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0046 3252 Udfs - detected UnsignedFile.Multi.Generic (1) 00:03:57.0062 3252 ultra - ok 00:03:57.0109 3252 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 00:03:57.0140 3252 Update ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0140 3252 Update - detected UnsignedFile.Multi.Generic (1) 00:03:57.0171 3252 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll 00:03:57.0187 3252 upnphost ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0187 3252 upnphost - detected UnsignedFile.Multi.Generic (1) 00:03:57.0234 3252 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe 00:03:57.0250 3252 UPS ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0250 3252 UPS - detected UnsignedFile.Multi.Generic (1) 00:03:57.0281 3252 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 00:03:57.0296 3252 usbaudio ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0296 3252 usbaudio - detected UnsignedFile.Multi.Generic (1) 00:03:57.0328 3252 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 00:03:57.0343 3252 usbccgp ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0343 3252 usbccgp - detected UnsignedFile.Multi.Generic (1) 00:03:57.0375 3252 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 00:03:57.0406 3252 usbehci ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0406 3252 usbehci - detected UnsignedFile.Multi.Generic (1) 00:03:57.0437 3252 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 00:03:57.0437 3252 usbhub ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0437 3252 usbhub - detected UnsignedFile.Multi.Generic (1) 00:03:57.0468 3252 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 00:03:57.0468 3252 usbprint ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0468 3252 usbprint - detected UnsignedFile.Multi.Generic (1) 00:03:57.0500 3252 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 00:03:57.0515 3252 usbscan ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0515 3252 usbscan - detected UnsignedFile.Multi.Generic (1) 00:03:57.0546 3252 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 00:03:57.0562 3252 USBSTOR ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0562 3252 USBSTOR - detected UnsignedFile.Multi.Generic (1) 00:03:57.0578 3252 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 00:03:57.0593 3252 usbuhci ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0593 3252 usbuhci - detected UnsignedFile.Multi.Generic (1) 00:03:57.0671 3252 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 00:03:57.0703 3252 usbvideo ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0703 3252 usbvideo - detected UnsignedFile.Multi.Generic (1) 00:03:57.0734 3252 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 00:03:57.0765 3252 VgaSave ( UnsignedFile.Multi.Generic ) - warning 00:03:57.0765 3252 VgaSave - detected UnsignedFile.Multi.Generic (1) 00:03:57.0765 3252 ViaIde - ok 00:03:57.0921 3252 [ 233509E1AD024A3E451D8DF6795EEED5 ] vmfilter303 C:\WINDOWS\system32\drivers\vmfilter303.sys 00:03:58.0328 3252 vmfilter303 ( UnsignedFile.Multi.Generic ) - warning 00:03:58.0328 3252 vmfilter303 - detected UnsignedFile.Multi.Generic (1) 00:03:58.0359 3252 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 00:03:58.0390 3252 VolSnap ( UnsignedFile.Multi.Generic ) - warning 00:03:58.0390 3252 VolSnap - detected UnsignedFile.Multi.Generic (1) 00:03:58.0593 3252 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe 00:03:58.0843 3252 VSS ( UnsignedFile.Multi.Generic ) - warning 00:03:58.0843 3252 VSS - detected UnsignedFile.Multi.Generic (1) 00:03:58.0953 3252 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll 00:03:58.0953 3252 W32Time ( UnsignedFile.Multi.Generic ) - warning 00:03:58.0953 3252 W32Time - detected UnsignedFile.Multi.Generic (1) 00:03:59.0156 3252 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 00:03:59.0187 3252 Wanarp ( UnsignedFile.Multi.Generic ) - warning 00:03:59.0187 3252 Wanarp - detected UnsignedFile.Multi.Generic (1) 00:03:59.0312 3252 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 00:03:59.0468 3252 Wdf01000 - ok 00:03:59.0468 3252 WDICA - ok 00:03:59.0500 3252 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 00:03:59.0531 3252 wdmaud ( UnsignedFile.Multi.Generic ) - warning 00:03:59.0531 3252 wdmaud - detected UnsignedFile.Multi.Generic (1) 00:03:59.0578 3252 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll 00:03:59.0593 3252 WebClient ( UnsignedFile.Multi.Generic ) - warning 00:03:59.0593 3252 WebClient - detected UnsignedFile.Multi.Generic (1) 00:03:59.0656 3252 [ 92CE6497076EAC3083185C44157B3A46 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 00:03:59.0687 3252 winachsf ( UnsignedFile.Multi.Generic ) - warning 00:03:59.0687 3252 winachsf - detected UnsignedFile.Multi.Generic (1) 00:03:59.0781 3252 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 00:03:59.0796 3252 winmgmt ( UnsignedFile.Multi.Generic ) - warning 00:03:59.0796 3252 winmgmt - detected UnsignedFile.Multi.Generic (1) 00:03:59.0843 3252 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 00:03:59.0875 3252 WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning 00:03:59.0875 3252 WmdmPmSN - detected UnsignedFile.Multi.Generic (1) 00:03:59.0937 3252 [ 1081C185AED0660B2B5F173C3E023B23 ] Wmi C:\WINDOWS\System32\advapi32.dll 00:04:07.0296 3252 Wmi ( UnsignedFile.Multi.Generic ) - warning 00:04:07.0296 3252 Wmi - detected UnsignedFile.Multi.Generic (1) 00:04:07.0343 3252 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 00:04:07.0343 3252 WmiAcpi ( UnsignedFile.Multi.Generic ) - warning 00:04:07.0343 3252 WmiAcpi - detected UnsignedFile.Multi.Generic (1) 00:04:07.0375 3252 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 00:04:07.0390 3252 WmiApSrv ( UnsignedFile.Multi.Generic ) - warning 00:04:07.0390 3252 WmiApSrv - detected UnsignedFile.Multi.Generic (1) 00:04:07.0484 3252 [ 91A0B63B6AF5A773D4D53812B1E05703 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 00:04:07.0546 3252 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning 00:04:07.0546 3252 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1) 00:04:07.0578 3252 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 00:04:07.0593 3252 WpdUsb ( UnsignedFile.Multi.Generic ) - warning 00:04:07.0593 3252 WpdUsb - detected UnsignedFile.Multi.Generic (1) 00:04:07.0703 3252 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 00:04:07.0796 3252 WPFFontCache_v0400 - ok 00:04:07.0843 3252 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 00:04:07.0843 3252 WS2IFSL ( UnsignedFile.Multi.Generic ) - warning 00:04:07.0843 3252 WS2IFSL - detected UnsignedFile.Multi.Generic (1) 00:04:07.0875 3252 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll 00:04:07.0890 3252 wscsvc ( UnsignedFile.Multi.Generic ) - warning 00:04:07.0890 3252 wscsvc - detected UnsignedFile.Multi.Generic (1) 00:04:07.0906 3252 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 00:04:07.0906 3252 WSTCODEC ( UnsignedFile.Multi.Generic ) - warning 00:04:07.0906 3252 WSTCODEC - detected UnsignedFile.Multi.Generic (1) 00:04:07.0937 3252 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 00:04:07.0937 3252 wuauserv ( UnsignedFile.Multi.Generic ) - warning 00:04:07.0937 3252 wuauserv - detected UnsignedFile.Multi.Generic (1) 00:04:07.0984 3252 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 00:04:07.0984 3252 WudfPf ( UnsignedFile.Multi.Generic ) - warning 00:04:07.0984 3252 WudfPf - detected UnsignedFile.Multi.Generic (1) 00:04:08.0000 3252 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 00:04:08.0015 3252 WudfRd ( UnsignedFile.Multi.Generic ) - warning 00:04:08.0015 3252 WudfRd - detected UnsignedFile.Multi.Generic (1) 00:04:08.0046 3252 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 00:04:08.0062 3252 WudfSvc ( UnsignedFile.Multi.Generic ) - warning 00:04:08.0062 3252 WudfSvc - detected UnsignedFile.Multi.Generic (1) 00:04:08.0109 3252 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 00:04:08.0140 3252 WZCSVC ( UnsignedFile.Multi.Generic ) - warning 00:04:08.0140 3252 WZCSVC - detected UnsignedFile.Multi.Generic (1) 00:04:08.0140 3252 XDva346 - ok 00:04:08.0156 3252 XDva365 - ok 00:04:08.0156 3252 XDva369 - ok 00:04:08.0171 3252 XDva386 - ok 00:04:08.0171 3252 XDva388 - ok 00:04:08.0203 3252 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 00:04:08.0218 3252 xmlprov ( UnsignedFile.Multi.Generic ) - warning 00:04:08.0218 3252 xmlprov - detected UnsignedFile.Multi.Generic (1) 00:04:08.0234 3252 YahooAUService - ok 00:04:08.0281 3252 [ 3DE80BAA4AF21883CF938197D508B848 ] ZSMC303 C:\WINDOWS\system32\Drivers\usbVM303.sys 00:04:08.0296 3252 ZSMC303 ( UnsignedFile.Multi.Generic ) - warning 00:04:08.0296 3252 ZSMC303 - detected UnsignedFile.Multi.Generic (1) 00:04:08.0312 3252 ZTEusbser6k - ok 00:04:08.0328 3252 ================ Scan global =============================== 00:04:08.0359 3252 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll 00:04:08.0390 3252 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll 00:04:08.0453 3252 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll 00:04:08.0484 3252 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe 00:04:08.0500 3252 [Global] - ok 00:04:08.0500 3252 ================ Scan MBR ================================== 00:04:08.0515 3252 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 00:04:08.0718 3252 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 00:04:08.0718 3252 \Device\Harddisk0\DR0 - detected TDSS File System (1) 00:04:08.0718 3252 ================ Scan VBR ================================== 00:04:08.0734 3252 [ 282A3497B4CE5B52E684729D15795038 ] \Device\Harddisk0\DR0\Partition1 00:04:08.0734 3252 \Device\Harddisk0\DR0\Partition1 - ok 00:04:08.0765 3252 [ FF7A30306BD6F4B42DEC49C245948339 ] \Device\Harddisk0\DR0\Partition2 00:04:08.0765 3252 \Device\Harddisk0\DR0\Partition2 - ok 00:04:08.0781 3252 ================ Scan active images ======================== 00:04:08.0781 3252 [ D5A9D123F5ED7C9965A481BD20CF66D8 ] C:\WINDOWS\system32\drivers\videoprt.sys 00:04:08.0781 3252 C:\WINDOWS\system32\drivers\videoprt.sys - ok 00:04:08.0781 3252 [ BD9462E346229F37FD5B95FBCB6D3D34 ] C:\WINDOWS\system32\drivers\igxpmp32.sys 00:04:08.0796 3252 C:\WINDOWS\system32\drivers\igxpmp32.sys - ok 00:04:08.0796 3252 [ 2034CA78F9C6E787B4B76D81AC888351 ] C:\WINDOWS\system32\drivers\usbport.sys 00:04:08.0796 3252 C:\WINDOWS\system32\drivers\usbport.sys - ok 00:04:08.0796 3252 [ F8FD1400092E23C8F2F31406EF06167B ] C:\WINDOWS\system32\drivers\usbuhci.sys 00:04:08.0796 3252 C:\WINDOWS\system32\drivers\usbuhci.sys - ok 00:04:08.0812 3252 [ 15E993BA2F6946B2BFBBFCD30398621E ] C:\WINDOWS\system32\drivers\usbehci.sys 00:04:08.0812 3252 C:\WINDOWS\system32\drivers\usbehci.sys - ok 00:04:08.0812 3252 [ 3FCC124B6E08EE0E9351F717DD136939 ] C:\WINDOWS\system32\drivers\Hdaudbus.sys 00:04:08.0812 3252 C:\WINDOWS\system32\drivers\Hdaudbus.sys - ok 00:04:08.0828 3252 [ 7174F20AD9B7B7878A51ECCA03C499C2 ] C:\WINDOWS\system32\drivers\Rtenicxp.sys 00:04:08.0828 3252 C:\WINDOWS\system32\drivers\Rtenicxp.sys - ok 00:04:08.0828 3252 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] C:\WINDOWS\system32\drivers\nic1394.sys 00:04:08.0828 3252 C:\WINDOWS\system32\drivers\nic1394.sys - ok 00:04:08.0843 3252 [ 02FC71B020EC8700EE8A46C58BC6F276 ] C:\WINDOWS\system32\drivers\sdbus.sys 00:04:08.0843 3252 C:\WINDOWS\system32\drivers\sdbus.sys - ok 00:04:08.0843 3252 [ 5502B58EEF7486EE6F93F3F164DCB808 ] C:\WINDOWS\system32\drivers\i8042prt.sys 00:04:08.0843 3252 C:\WINDOWS\system32\drivers\i8042prt.sys - ok 00:04:08.0859 3252 [ C2EF513BBE069F0D4EE0938A76F975D3 ] C:\WINDOWS\system32\drivers\rimmptsk.sys 00:04:08.0859 3252 C:\WINDOWS\system32\drivers\rimmptsk.sys - ok 00:04:08.0859 3252 [ 9325E49D555D8F12CE1735227DBB3D80 ] C:\WINDOWS\system32\drivers\Apfiltr.sys 00:04:08.0859 3252 C:\WINDOWS\system32\drivers\Apfiltr.sys - ok 00:04:08.0859 3252 [ FD47474BD21794508AF449D9D91AF6E6 ] C:\WINDOWS\system32\drivers\wdf01000.sys 00:04:08.0859 3252 C:\WINDOWS\system32\drivers\wdf01000.sys - ok 00:04:08.0875 3252 [ DED98A3E466251CCAB93D579144B048C ] C:\WINDOWS\system32\drivers\wdfldr.sys 00:04:08.0875 3252 C:\WINDOWS\system32\drivers\wdfldr.sys - ok 00:04:08.0875 3252 [ 34E1F0031153E491910E12551400192C ] C:\WINDOWS\system32\drivers\mouclass.sys 00:04:08.0875 3252 C:\WINDOWS\system32\drivers\mouclass.sys - ok 00:04:08.0890 3252 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] C:\WINDOWS\system32\drivers\kbdclass.sys 00:04:08.0890 3252 C:\WINDOWS\system32\drivers\kbdclass.sys - ok 00:04:08.0890 3252 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] C:\WINDOWS\system32\drivers\imapi.sys 00:04:08.0890 3252 C:\WINDOWS\system32\drivers\imapi.sys - ok 00:04:08.0906 3252 [ AF9C19B3100FE010496B1A27181FBF72 ] C:\WINDOWS\system32\drivers\cdrom.sys 00:04:08.0906 3252 C:\WINDOWS\system32\drivers\cdrom.sys - ok 00:04:08.0906 3252 [ B9540E258F952650DE8DEC68719A5C97 ] C:\WINDOWS\system32\drivers\ks.sys 00:04:08.0906 3252 C:\WINDOWS\system32\drivers\ks.sys - ok 00:04:08.0906 3252 [ 4852F5015591F503D4C52FA3AB0C1662 ] C:\WINDOWS\system32\drivers\redbook.sys 00:04:08.0906 3252 C:\WINDOWS\system32\drivers\redbook.sys - ok 00:04:08.0921 3252 [ 4266BE808F85826AEDF3C64C1E240203 ] C:\WINDOWS\system32\drivers\CmBatt.sys 00:04:08.0921 3252 C:\WINDOWS\system32\drivers\CmBatt.sys - ok 00:04:08.0921 3252 [ AE2C8544E747C20062DB27456EA2D67A ] C:\WINDOWS\system32\drivers\wmiacpi.sys 00:04:08.0921 3252 C:\WINDOWS\system32\drivers\wmiacpi.sys - ok 00:04:08.0937 3252 [ 279FB78702454DFF2BB445F238C048D2 ] C:\WINDOWS\system32\drivers\intelppm.sys 00:04:08.0937 3252 C:\WINDOWS\system32\drivers\intelppm.sys - ok 00:04:08.0937 3252 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys 00:04:08.0937 3252 C:\WINDOWS\system32\drivers\audstub.sys - ok 00:04:08.0953 3252 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] C:\WINDOWS\system32\drivers\rasl2tp.sys 00:04:08.0953 3252 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok 00:04:08.0953 3252 [ 4579B035AE3AC8044DF72621AF734894 ] C:\WINDOWS\system32\drivers\tosrfcom.sys 00:04:08.0953 3252 C:\WINDOWS\system32\drivers\tosrfcom.sys - ok 00:04:08.0968 3252 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] C:\WINDOWS\system32\drivers\ndistapi.sys 00:04:08.0968 3252 C:\WINDOWS\system32\drivers\ndistapi.sys - ok 00:04:08.0968 3252 [ 0B90E255A9490166AB368CD55A529893 ] C:\WINDOWS\system32\drivers\ndiswan.sys 00:04:08.0968 3252 C:\WINDOWS\system32\drivers\ndiswan.sys - ok 00:04:08.0984 3252 [ 7306EEED8895454CBED4669BE9F79FAA ] C:\WINDOWS\system32\drivers\raspppoe.sys 00:04:08.0984 3252 C:\WINDOWS\system32\drivers\raspppoe.sys - ok 00:04:08.0984 3252 [ 6891B74AB9A016064E82A419388D0601 ] C:\WINDOWS\system32\drivers\tdi.sys 00:04:09.0000 3252 C:\WINDOWS\system32\drivers\tdi.sys - ok 00:04:09.0000 3252 [ C0F1D4A21DE5A415DF8170616703DEBF ] C:\WINDOWS\system32\drivers\msgpc.sys 00:04:09.0000 3252 C:\WINDOWS\system32\drivers\msgpc.sys - ok 00:04:09.0000 3252 [ 48671F327553DCF1D27F6197F622A668 ] C:\WINDOWS\system32\drivers\psched.sys 00:04:09.0000 3252 C:\WINDOWS\system32\drivers\psched.sys - ok 00:04:09.0015 3252 [ 1C5CC65AAC0783C344F16353E60B72AC ] C:\WINDOWS\system32\drivers\raspptp.sys 00:04:09.0015 3252 C:\WINDOWS\system32\drivers\raspptp.sys - ok 00:04:09.0015 3252 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] C:\WINDOWS\system32\drivers\modem.sys 00:04:09.0015 3252 C:\WINDOWS\system32\drivers\modem.sys - ok 00:04:09.0031 3252 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys 00:04:09.0031 3252 C:\WINDOWS\system32\drivers\ptilink.sys - ok 00:04:09.0031 3252 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys 00:04:09.0031 3252 C:\WINDOWS\system32\drivers\raspti.sys - ok 00:04:09.0031 3252 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] C:\WINDOWS\system32\drivers\rootmdm.sys 00:04:09.0031 3252 C:\WINDOWS\system32\drivers\rootmdm.sys - ok 00:04:09.0046 3252 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] C:\WINDOWS\system32\drivers\rdpdr.sys 00:04:09.0046 3252 C:\WINDOWS\system32\drivers\rdpdr.sys - ok 00:04:09.0046 3252 [ A540A99C281D933F3D69D55E48727F47 ] C:\WINDOWS\system32\drivers\termdd.sys 00:04:09.0046 3252 C:\WINDOWS\system32\drivers\termdd.sys - ok 00:04:09.0062 3252 [ 03C1BAE4766E2450219D20B993D6E046 ] C:\WINDOWS\system32\drivers\swenum.sys 00:04:09.0062 3252 C:\WINDOWS\system32\drivers\swenum.sys - ok 00:04:09.0062 3252 [ 469541F8BFD2B32659D5D463A6714BCE ] C:\WINDOWS\system32\drivers\mssmbios.sys 00:04:09.0062 3252 C:\WINDOWS\system32\drivers\mssmbios.sys - ok 00:04:09.0062 3252 [ AFF2E5045961BBC0A602BB6F95EB1345 ] C:\WINDOWS\system32\drivers\update.sys 00:04:09.0062 3252 C:\WINDOWS\system32\drivers\update.sys - ok 00:04:09.0078 3252 [ 2C15B4856F929AC7DD144044D8334B54 ] C:\WINDOWS\system32\drivers\tosporte.sys 00:04:09.0078 3252 C:\WINDOWS\system32\drivers\tosporte.sys - ok 00:04:09.0078 3252 [ 59FC3FB44D2669BC144FD87826BB571F ] C:\WINDOWS\system32\drivers\ndproxy.sys 00:04:09.0078 3252 C:\WINDOWS\system32\drivers\ndproxy.sys - ok 00:04:09.0078 3252 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys 00:04:09.0078 3252 C:\WINDOWS\system32\drivers\usbd.sys - ok 00:04:09.0093 3252 [ C72F40947F92CEA56A8FB532EDF025F1 ] C:\WINDOWS\system32\drivers\usbhub.sys 00:04:09.0093 3252 C:\WINDOWS\system32\drivers\usbhub.sys - ok 00:04:09.0093 3252 [ FF86422268DE771D571E123EB7092C6A ] C:\WINDOWS\system32\drivers\drmk.sys 00:04:09.0093 3252 C:\WINDOWS\system32\drivers\drmk.sys - ok 00:04:09.0109 3252 [ BC6B2BC69C1E009443E8B1FE2DB96101 ] C:\WINDOWS\system32\drivers\portcls.sys 00:04:09.0109 3252 C:\WINDOWS\system32\drivers\portcls.sys - ok 00:04:09.0109 3252 [ E2D7F6AF93FE72DD840802797FAFE4D3 ] C:\WINDOWS\system32\drivers\CHDAU32.sys 00:04:09.0109 3252 C:\WINDOWS\system32\drivers\CHDAU32.sys - ok 00:04:09.0125 3252 [ 7290FB97535C317A237D4C73149C7E2C ] C:\WINDOWS\system32\drivers\HSFHWAZL.sys 00:04:09.0125 3252 C:\WINDOWS\system32\drivers\HSFHWAZL.sys - ok 00:04:09.0125 3252 [ F362C0B442337DA8AB0608DFAA4CA076 ] C:\WINDOWS\system32\drivers\HSF_DPV.sys 00:04:09.0125 3252 C:\WINDOWS\system32\drivers\HSF_DPV.sys - ok 00:04:09.0125 3252 [ 92CE6497076EAC3083185C44157B3A46 ] C:\WINDOWS\system32\drivers\HSF_CNXT.sys 00:04:09.0125 3252 C:\WINDOWS\system32\drivers\HSF_CNXT.sys - ok 00:04:09.0140 3252 [ CED2E8396A8838E59D8FD529C680E02C ] C:\WINDOWS\system32\drivers\fdc.sys 00:04:09.0140 3252 C:\WINDOWS\system32\drivers\fdc.sys - ok 00:04:09.0140 3252 [ 0DD1DE43115B93F4D85E889D7A86F548 ] C:\WINDOWS\system32\drivers\flpydisk.sys 00:04:09.0140 3252 C:\WINDOWS\system32\drivers\flpydisk.sys - ok 00:04:09.0156 3252 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] C:\WINDOWS\system32\drivers\sfloppy.sys 00:04:09.0156 3252 C:\WINDOWS\system32\drivers\sfloppy.sys - ok 00:04:09.0156 3252 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys 00:04:09.0156 3252 C:\WINDOWS\system32\drivers\cdaudio.sys - ok 00:04:09.0156 3252 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys 00:04:09.0156 3252 C:\WINDOWS\system32\drivers\fs_rec.sys - ok 00:04:09.0171 3252 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys 00:04:09.0171 3252 C:\WINDOWS\system32\drivers\null.sys - ok 00:04:09.0171 3252 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys 00:04:09.0171 3252 C:\WINDOWS\system32\drivers\beep.sys - ok 00:04:09.0187 3252 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys 00:04:09.0187 3252 C:\WINDOWS\system32\drivers\mnmdd.sys - ok 00:04:09.0187 3252 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] C:\WINDOWS\system32\drivers\vga.sys 00:04:09.0187 3252 C:\WINDOWS\system32\drivers\vga.sys - ok
  12. MBAM LOG: Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.29.10 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: AMFUFU [administrator] Protection: Enabled 8/31/2012 12:10:33 AM mbam-log-2012-08-31 (00-10-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210037 Time elapsed: 42 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  13. hello Maniac ive done all the things you said. here are the logs i hope its correct DDS.TXT: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Run by Administrator at 0:58:27 on 2012-08-31 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.584 [GMT -7:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\ProcessTamer\ProcessTamerTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe C:\WINDOWS\System32\svchost.exe -k Akamai C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.starwebsearch.com/index.php?from=3 uSearch Page = uSearch Bar = uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4 uURLSearchHooks: H - No File uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uURLSearchHooks: H - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - d:\amfufu\updates\regtweaker\key.dll uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LClock] c:\program files\lclock\LClock.exe uRun: [Akamai NetSession Interface] "c:\documents and settings\administrator\local settings\application data\akamai\netsession_win.exe" uRun: [Facebook Update] "c:\documents and settings\administrator\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Runonce] c:\windows\system32\runouce.exe mRun: [VMSnap3] c:\windows\VMSnap3.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [ProcessTamer] c:\program files\processtamer\ProcessTamerTray.exe dRunOnce: [RunNarrator] Narrator.exe mExplorerRun: [13415tyhewr5234325] c:\documents and settings\administrator\application data\3T0F1VR85D.exe mPolicies-system: EnableLUA = 0 (0x0) dPolicies-explorer: NofolderOptions = 1 (0x1) dPolicies-system: DisableTaskMgr = 1 (0x1) dPolicies-system: DisableRegistryTools = 1 (0x1) IE: &Download All using 4shared Desktop - d:\4shared desktop\down_all.htm IE: &Search IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344411596125 DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab TCP: DhcpNameServer = 192.168.254.254 TCP: Interfaces\{3714AB7D-9B50-43E1-BBF5-298C78CFCE0E} : DhcpNameServer = 192.168.254.254 Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 nwprovau mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ecitfnq6.default\ FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\administrator\application data\kalydo\kalydoplayer\npkalydo.dll FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\administrator\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll FF - plugin: c:\windows\system32\npOGPPlugin.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll . ============= SERVICES / DRIVERS =============== . R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [2010-9-12 22312] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-3 14336] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-29 655944] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-29 22344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-23 136176] S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336] S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\kvrmqt.sys --> c:\windows\system32\drivers\kvrmqt.sys [?] S3 ByakkoDriver;ByakkoDriver;\??\d:\ng3ng0k\cabal\byakko.k32 --> d:\ng3ng0k\cabal\Byakko.K32 [?] S3 ByakkoSvc;ByakkoSvc;d:\ng3ng0k\cabal\byakko.exe --> d:\ng3ng0k\cabal\Byakko.exe [?] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-18 78136] S3 dpti930;dpti930;\??\c:\windows\system32\drivers\kvrmqt.sys --> c:\windows\system32\drivers\kvrmqt.sys [?] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?] S3 GUCI_AVS;USB2.0 VGA Video Device;c:\windows\system32\drivers\guci_avs.sys --> c:\windows\system32\drivers\GUCI_AVS.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-23 136176] S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\d:\ng3ng0k\hala ka diha\me1320.sys --> d:\ng3ng0k\hala ka diha\ME1320.sys [?] S3 LcAgent;LC Remote Agent;c:\windows\temp\lcagent.exe --> c:\windows\temp\lcagent.exe [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-10-18 181432] S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2010-12-3 428160] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 XDva346;XDva346;\??\c:\windows\system32\xdva346.sys --> c:\windows\system32\XDva346.sys [?] S3 XDva365;XDva365;\??\c:\windows\system32\xdva365.sys --> c:\windows\system32\XDva365.sys [?] S3 XDva369;XDva369;\??\c:\windows\system32\xdva369.sys --> c:\windows\system32\XDva369.sys [?] S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?] S3 XDva388;XDva388;\??\c:\windows\system32\xdva388.sys --> c:\windows\system32\XDva388.sys [?] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056] S4 Da12prp;Da12prp; [x] S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-20 114144] . =============== Created Last 30 ================ . 2012-08-31 07:04:37 -------- dc----w- C:\TDSSKiller_Quarantine 2012-08-30 09:58:16 -------- dc----w- c:\documents and settings\administrator\application data\DonationCoder 2012-08-30 09:58:12 -------- d-----w- c:\documents and settings\all users\application data\DonationCoder 2012-08-30 09:58:10 -------- d-----w- c:\program files\ProcessTamer 2012-08-30 09:05:22 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-08-29 07:59:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-29 07:11:26 -------- d-----w- c:\documents and settings\all users\application data\Ask 2012-08-24 08:08:45 0 -c--a-w- c:\documents and settings\administrator\windbg.exe 2012-08-24 07:47:18 -------- d-----w- c:\program files\Microsoft Help Viewer 2012-08-24 07:43:43 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2012-08-21 06:04:55 15612896 ----a-w- c:\program files\mozilla firefox\xul.dll 2012-08-16 22:07:05 2829 ----a-w- c:\windows\War3Unin.pif 2012-08-16 22:07:05 139264 ----a-w- c:\windows\War3Unin.exe 2012-08-16 21:29:58 477240 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-08-16 21:15:39 -------- dc----w- c:\documents and settings\administrator\application data\DAEMON Tools Pro 2012-08-11 08:18:40 34312 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2012-08-11 08:18:39 53256 ----a-w- c:\windows\system32\drivers\easdrv.sys 2012-08-11 08:18:39 39944 ----a-w- c:\windows\system32\drivers\eamon.sys 2012-08-11 08:01:25 -------- d-----w- c:\documents and settings\administrator\local settings\application data\CRE 2012-08-09 01:48:33 -------- d-----w- c:\windows\system32\CatRoot2 2012-08-09 01:16:15 19569 ----a-w- c:\windows\005931_.tmp 2012-08-09 00:44:11 19569 ----a-w- c:\windows\006001_.tmp . ==================== Find3M ==================== . 2012-08-31 07:05:29 57472 ----a-w- c:\windows\system32\drivers\redbook.sys 2012-08-23 23:25:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-23 23:25:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-03-23 17:21:55 3993600 ----a-w- c:\program files\GUT35F.tmp . ============= FINISH: 1:00:00.34 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 11/17/2009 7:38:00 AM System Uptime: 8/31/2012 12:57:30 AM (1 hours ago) . Motherboard: Dell Inc. | | 0G216H Processor: Intel® Core2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1181/200mhz Processor: Intel® Core2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1181/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 68 GiB total, 36.3 GiB free. D: is FIXED (NTFS) - 81 GiB total, 63.129 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {00000000-0000-0000-0000-000000000000} Description: Network Controller Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_01121A32&REV_01\4&AB208E&0&00E1 Manufacturer: Name: Network Controller PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_01121A32&REV_01\4&AB208E&0&00E1 Service: . ==== System Restore Points =================== . RP297: 10/17/2011 4:12:54 AM - Software Distribution Service 3.0 RP298: 10/17/2011 9:22:12 AM - Software Distribution Service 3.0 RP299: 10/21/2011 3:06:49 AM - Software Distribution Service 3.0 RP300: 10/24/2011 11:43:34 PM - Software Distribution Service 3.0 RP301: 10/25/2011 8:36:09 AM - Software Distribution Service 3.0 RP302: 10/28/2011 11:02:46 AM - Removed AVG Free 9.0 RP303: 10/30/2011 5:19:57 AM - Software Distribution Service 3.0 RP304: 11/6/2011 9:23:00 AM - Software Distribution Service 3.0 RP305: 11/6/2011 7:42:27 PM - Software Distribution Service 3.0 RP306: 11/7/2011 2:10:34 AM - Software Distribution Service 3.0 RP307: 11/7/2011 6:31:10 AM - Software Distribution Service 3.0 RP308: 11/13/2011 8:51:20 AM - Software Distribution Service 3.0 RP309: 11/20/2011 7:00:17 AM - Software Distribution Service 3.0 RP310: 11/20/2011 7:18:47 PM - Software Distribution Service 3.0 RP311: 11/21/2011 2:47:10 AM - Software Distribution Service 3.0 RP312: 11/21/2011 7:34:16 PM - Software Distribution Service 3.0 RP313: 11/27/2011 5:31:49 AM - Software Distribution Service 3.0 RP314: 11/27/2011 6:31:40 AM - Software Distribution Service 3.0 RP315: 11/27/2011 11:24:49 PM - Software Distribution Service 3.0 RP316: 12/4/2011 8:16:37 AM - Software Distribution Service 3.0 RP317: 12/4/2011 1:31:22 PM - Software Distribution Service 3.0 RP318: 12/5/2011 12:16:21 AM - Software Distribution Service 3.0 RP319: 12/5/2011 7:57:16 AM - Software Distribution Service 3.0 RP320: 12/5/2011 9:55:29 AM - Software Distribution Service 3.0 RP321: 12/6/2011 1:48:29 AM - Software Distribution Service 3.0 RP322: 12/6/2011 9:09:41 PM - Software Distribution Service 3.0 RP323: 12/11/2011 7:52:30 AM - Software Distribution Service 3.0 RP324: 12/18/2011 6:06:52 PM - Software Distribution Service 3.0 RP325: 12/18/2011 6:41:07 PM - Software Distribution Service 3.0 RP326: 12/19/2011 8:07:56 AM - Software Distribution Service 3.0 RP327: 12/19/2011 8:33:36 AM - Software Distribution Service 3.0 RP328: 12/20/2011 12:33:11 AM - Software Distribution Service 3.0 RP329: 12/20/2011 4:06:44 AM - Software Distribution Service 3.0 RP330: 12/25/2011 2:26:55 PM - Software Distribution Service 3.0 RP331: 12/25/2011 11:54:22 PM - Software Distribution Service 3.0 RP332: 12/26/2011 2:10:22 AM - Software Distribution Service 3.0 RP333: 12/26/2011 10:04:50 AM - Software Distribution Service 3.0 RP334: 12/26/2011 11:16:26 PM - Software Distribution Service 3.0 RP335: 12/26/2011 11:21:44 PM - Software Distribution Service 3.0 RP336: 12/27/2011 12:14:47 AM - Software Distribution Service 3.0 RP337: 12/27/2011 12:24:28 PM - Software Distribution Service 3.0 RP338: 12/27/2011 5:38:42 PM - Software Distribution Service 3.0 RP339: 1/1/2012 10:06:10 PM - Software Distribution Service 3.0 RP340: 1/8/2012 9:03:10 AM - Software Distribution Service 3.0 RP341: 1/15/2012 8:02:35 PM - Software Distribution Service 3.0 RP342: 1/15/2012 8:30:17 PM - Software Distribution Service 3.0 RP343: 1/22/2012 10:48:54 AM - Software Distribution Service 3.0 RP344: 1/22/2012 4:20:51 PM - Software Distribution Service 3.0 RP345: 1/23/2012 12:48:51 AM - Software Distribution Service 3.0 RP346: 1/23/2012 11:02:40 AM - Software Distribution Service 3.0 RP347: 1/29/2012 6:11:17 AM - Software Distribution Service 3.0 RP348: 2/5/2012 12:38:00 PM - Software Distribution Service 3.0 RP349: 2/6/2012 2:07:44 AM - Software Distribution Service 3.0 RP350: 2/6/2012 9:59:56 AM - Software Distribution Service 3.0 RP351: 2/7/2012 3:56:20 PM - Software Distribution Service 3.0 RP352: 2/8/2012 10:56:06 AM - Software Distribution Service 3.0 RP353: 2/8/2012 11:08:18 PM - Software Distribution Service 3.0 RP354: 2/9/2012 8:48:25 AM - Software Distribution Service 3.0 RP355: 2/9/2012 1:40:48 PM - Software Distribution Service 3.0 RP356: 2/10/2012 4:51:13 AM - Software Distribution Service 3.0 RP357: 2/10/2012 8:15:48 AM - Software Distribution Service 3.0 RP358: 2/12/2012 4:36:31 PM - Software Distribution Service 3.0 RP359: 2/13/2012 12:45:13 AM - Software Distribution Service 3.0 RP360: 2/16/2012 7:41:49 PM - Software Distribution Service 3.0 RP361: 2/16/2012 9:49:54 PM - Software Distribution Service 3.0 RP362: 2/17/2012 4:34:36 PM - Software Distribution Service 3.0 RP363: 2/19/2012 6:53:44 AM - Software Distribution Service 3.0 RP364: 2/20/2012 11:35:29 AM - Software Distribution Service 3.0 RP365: 2/20/2012 4:48:25 PM - Software Distribution Service 3.0 RP366: 2/20/2012 5:34:25 PM - Software Distribution Service 3.0 RP367: 2/22/2012 5:17:07 PM - Software Distribution Service 3.0 RP368: 2/22/2012 8:11:57 PM - Software Distribution Service 3.0 RP369: 3/4/2012 8:17:19 AM - Software Distribution Service 3.0 RP370: 3/4/2012 11:38:49 AM - Hitman 2: Silent Assassin Demo RP371: 3/4/2012 11:39:40 AM - Software Distribution Service 3.0 RP372: 3/6/2012 12:06:21 AM - Software Distribution Service 3.0 RP373: 3/6/2012 5:00:17 AM - Software Distribution Service 3.0 RP374: 3/7/2012 7:58:01 PM - Software Distribution Service 3.0 RP375: 3/14/2012 9:32:38 PM - Software Distribution Service 3.0 RP376: 3/15/2012 12:15:42 PM - Software Distribution Service 3.0 RP377: 3/15/2012 7:02:54 PM - Software Distribution Service 3.0 RP378: 3/16/2012 11:26:52 AM - Software Distribution Service 3.0 RP379: 3/16/2012 12:30:45 PM - Software Distribution Service 3.0 RP380: 3/16/2012 3:55:26 PM - Software Distribution Service 3.0 RP381: 3/18/2012 9:43:02 AM - Software Distribution Service 3.0 RP382: 3/18/2012 3:54:29 PM - Software Distribution Service 3.0 RP383: 3/18/2012 7:43:16 PM - Software Distribution Service 3.0 RP384: 3/19/2012 2:57:36 PM - Software Distribution Service 3.0 RP385: 3/27/2012 12:30:03 AM - Software Distribution Service 3.0 RP386: 3/27/2012 10:47:56 AM - Software Distribution Service 3.0 RP387: 4/1/2012 6:26:16 AM - Software Distribution Service 3.0 RP388: 4/1/2012 6:40:49 AM - Software Distribution Service 3.0 RP389: 4/1/2012 11:47:31 PM - Software Distribution Service 3.0 RP390: 4/3/2012 12:11:19 AM - Software Distribution Service 3.0 RP391: 4/8/2012 12:46:43 PM - Software Distribution Service 3.0 RP392: 4/14/2012 9:33:38 PM - Software Distribution Service 3.0 RP393: 4/15/2012 12:21:46 PM - Software Distribution Service 3.0 RP394: 4/17/2012 10:35:07 PM - Software Distribution Service 3.0 RP395: 4/19/2012 8:28:29 PM - Software Distribution Service 3.0 RP396: 4/22/2012 11:34:00 AM - Software Distribution Service 3.0 RP397: 4/22/2012 5:21:24 PM - Software Distribution Service 3.0 RP398: 4/22/2012 10:57:30 PM - Software Distribution Service 3.0 RP399: 4/23/2012 10:35:44 AM - Software Distribution Service 3.0 RP400: 5/24/2012 12:30:31 AM - Restore Operation . ==== Installed Programs ====================== . A4 TECH PC Camera H Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.3.4 Adobe Shockwave Player 11.5 Akamai NetSession Interface Akamai NetSession Interface Service Atheros Wireless LAN Client Adapter Bluetooth Stack for Windows by Toshiba CCleaner Conexant HD Audio Dealio Toolbar v4.0.2 Dell Resource CD Dell Touchpad DivX Setup Facebook Plug-In Facebook Video Calling 1.2.0.159 FormatFactory 2.80 Google Chrome Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® Graphics Media Accelerator Driver Java Auto Updater Java 6 Update 21 Kalydo Player 3.09.00 LightScribe 1.8.13.1 Mabry Volume Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Help Viewer 1.0 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Silverlight Microsoft SQL Server Compact 3.5 Design Tools ENU Microsoft SQL Server Compact 3.5 ENU Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual Basic 2008 Express Edition - ENU Microsoft Visual C++ Compilers 2010 Standard - enu - x86 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 Mozilla Embedded Browser version 3.5 Mozilla Firefox 15.0 (x86 en-US) Mozilla Maintenance Service MSN MSXML 6 Service Pack 2 (KB973686) Pando Media Booster PhotoScape Process Tamer 2.11.01 PunkBuster Services REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05 Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB944338-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971032) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) System Requirements Lab for Intel Unity Web Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB898461) Update for Windows XP (KB925720) Update for Windows XP (KB932823-v3) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) Update for Windows XP (KB980182) VC80CRTRedist - 8.0.50727.4053 VLC media player 1.0.5 Warcraft III: All Products WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 WinRAR 4.01 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 8/31/2012 12:51:33 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 8/31/2012 12:21:36 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 8/31/2012 12:03:10 AM, error: System Error [1003] - Error code 1000008e, parameter1 80000004, parameter2 806eaad1, parameter3 a9c1d570, parameter4 00000000. 8/29/2012 12:34:52 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running. 8/29/2012 1:11:00 PM, error: System Error [1003] - Error code 000000ea, parameter1 8717cda8, parameter2 86a60328, parameter3 864da380, parameter4 00000001. 8/28/2012 9:03:21 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio service, but this action failed with the following error: An instance of the service is already running. 8/27/2012 3:44:03 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 8/27/2012 3:43:37 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. . 8/27/2012 3:43:37 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\DivX\DivX Update\DivXUpdate.exe. Reference error message: The operation completed successfully. . 8/27/2012 3:43:37 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 8/27/2012 1:43:38 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 8/26/2012 3:31:31 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 8/26/2012 3:31:31 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 8/26/2012 3:31:31 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. . ==== End Of File ===========================
  14. When i try playing warcraft III frozen throne blue screen appears i cant even create a map its only up to the Local area network,, and i cant get to safe mode blue screen appears also when trying safe mode. and i cant install windows XP s3 weird errors appears like the "missing catalog files???" this is my Specs: Windows XP Pro SP2 Intel[R]core[tm]2 duo CPU T5470 @1.60GHz 1.18GHz, 0.99 GB oF RAM and i use Laptop Dell Vostro A840 [sorry for bad english] i already run DDS??? heres the result: Attach.txt:> . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 11/17/2009 7:38:00 AM System Uptime: 8/30/2012 11:03:24 AM (0 hours ago) . Motherboard: Dell Inc. | | 0G216H Processor: Intel® Core™2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1180/200mhz Processor: Intel® Core™2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1180/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 68 GiB total, 36.408 GiB free. D: is FIXED (NTFS) - 81 GiB total, 63.132 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {00000000-0000-0000-0000-000000000000} Description: Network Controller Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_01121A32&REV_01\4&AB208E&0&00E1 Manufacturer: Name: Network Controller PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_01121A32&REV_01\4&AB208E&0&00E1 Service: . ==== System Restore Points =================== . RP297: 10/17/2011 4:12:54 AM - Software Distribution Service 3.0 RP298: 10/17/2011 9:22:12 AM - Software Distribution Service 3.0 RP299: 10/21/2011 3:06:49 AM - Software Distribution Service 3.0 RP300: 10/24/2011 11:43:34 PM - Software Distribution Service 3.0 RP301: 10/25/2011 8:36:09 AM - Software Distribution Service 3.0 RP302: 10/28/2011 11:02:46 AM - Removed AVG Free 9.0 RP303: 10/30/2011 5:19:57 AM - Software Distribution Service 3.0 RP304: 11/6/2011 9:23:00 AM - Software Distribution Service 3.0 RP305: 11/6/2011 7:42:27 PM - Software Distribution Service 3.0 RP306: 11/7/2011 2:10:34 AM - Software Distribution Service 3.0 RP307: 11/7/2011 6:31:10 AM - Software Distribution Service 3.0 RP308: 11/13/2011 8:51:20 AM - Software Distribution Service 3.0 RP309: 11/20/2011 7:00:17 AM - Software Distribution Service 3.0 RP310: 11/20/2011 7:18:47 PM - Software Distribution Service 3.0 RP311: 11/21/2011 2:47:10 AM - Software Distribution Service 3.0 RP312: 11/21/2011 7:34:16 PM - Software Distribution Service 3.0 RP313: 11/27/2011 5:31:49 AM - Software Distribution Service 3.0 RP314: 11/27/2011 6:31:40 AM - Software Distribution Service 3.0 RP315: 11/27/2011 11:24:49 PM - Software Distribution Service 3.0 RP316: 12/4/2011 8:16:37 AM - Software Distribution Service 3.0 RP317: 12/4/2011 1:31:22 PM - Software Distribution Service 3.0 RP318: 12/5/2011 12:16:21 AM - Software Distribution Service 3.0 RP319: 12/5/2011 7:57:16 AM - Software Distribution Service 3.0 RP320: 12/5/2011 9:55:29 AM - Software Distribution Service 3.0 RP321: 12/6/2011 1:48:29 AM - Software Distribution Service 3.0 RP322: 12/6/2011 9:09:41 PM - Software Distribution Service 3.0 RP323: 12/11/2011 7:52:30 AM - Software Distribution Service 3.0 RP324: 12/18/2011 6:06:52 PM - Software Distribution Service 3.0 RP325: 12/18/2011 6:41:07 PM - Software Distribution Service 3.0 RP326: 12/19/2011 8:07:56 AM - Software Distribution Service 3.0 RP327: 12/19/2011 8:33:36 AM - Software Distribution Service 3.0 RP328: 12/20/2011 12:33:11 AM - Software Distribution Service 3.0 RP329: 12/20/2011 4:06:44 AM - Software Distribution Service 3.0 RP330: 12/25/2011 2:26:55 PM - Software Distribution Service 3.0 RP331: 12/25/2011 11:54:22 PM - Software Distribution Service 3.0 RP332: 12/26/2011 2:10:22 AM - Software Distribution Service 3.0 RP333: 12/26/2011 10:04:50 AM - Software Distribution Service 3.0 RP334: 12/26/2011 11:16:26 PM - Software Distribution Service 3.0 RP335: 12/26/2011 11:21:44 PM - Software Distribution Service 3.0 RP336: 12/27/2011 12:14:47 AM - Software Distribution Service 3.0 RP337: 12/27/2011 12:24:28 PM - Software Distribution Service 3.0 RP338: 12/27/2011 5:38:42 PM - Software Distribution Service 3.0 RP339: 1/1/2012 10:06:10 PM - Software Distribution Service 3.0 RP340: 1/8/2012 9:03:10 AM - Software Distribution Service 3.0 RP341: 1/15/2012 8:02:35 PM - Software Distribution Service 3.0 RP342: 1/15/2012 8:30:17 PM - Software Distribution Service 3.0 RP343: 1/22/2012 10:48:54 AM - Software Distribution Service 3.0 RP344: 1/22/2012 4:20:51 PM - Software Distribution Service 3.0 RP345: 1/23/2012 12:48:51 AM - Software Distribution Service 3.0 RP346: 1/23/2012 11:02:40 AM - Software Distribution Service 3.0 RP347: 1/29/2012 6:11:17 AM - Software Distribution Service 3.0 RP348: 2/5/2012 12:38:00 PM - Software Distribution Service 3.0 RP349: 2/6/2012 2:07:44 AM - Software Distribution Service 3.0 RP350: 2/6/2012 9:59:56 AM - Software Distribution Service 3.0 RP351: 2/7/2012 3:56:20 PM - Software Distribution Service 3.0 RP352: 2/8/2012 10:56:06 AM - Software Distribution Service 3.0 RP353: 2/8/2012 11:08:18 PM - Software Distribution Service 3.0 RP354: 2/9/2012 8:48:25 AM - Software Distribution Service 3.0 RP355: 2/9/2012 1:40:48 PM - Software Distribution Service 3.0 RP356: 2/10/2012 4:51:13 AM - Software Distribution Service 3.0 RP357: 2/10/2012 8:15:48 AM - Software Distribution Service 3.0 RP358: 2/12/2012 4:36:31 PM - Software Distribution Service 3.0 RP359: 2/13/2012 12:45:13 AM - Software Distribution Service 3.0 RP360: 2/16/2012 7:41:49 PM - Software Distribution Service 3.0 RP361: 2/16/2012 9:49:54 PM - Software Distribution Service 3.0 RP362: 2/17/2012 4:34:36 PM - Software Distribution Service 3.0 RP363: 2/19/2012 6:53:44 AM - Software Distribution Service 3.0 RP364: 2/20/2012 11:35:29 AM - Software Distribution Service 3.0 RP365: 2/20/2012 4:48:25 PM - Software Distribution Service 3.0 RP366: 2/20/2012 5:34:25 PM - Software Distribution Service 3.0 RP367: 2/22/2012 5:17:07 PM - Software Distribution Service 3.0 RP368: 2/22/2012 8:11:57 PM - Software Distribution Service 3.0 RP369: 3/4/2012 8:17:19 AM - Software Distribution Service 3.0 RP370: 3/4/2012 11:38:49 AM - Hitman 2: Silent Assassin Demo RP371: 3/4/2012 11:39:40 AM - Software Distribution Service 3.0 RP372: 3/6/2012 12:06:21 AM - Software Distribution Service 3.0 RP373: 3/6/2012 5:00:17 AM - Software Distribution Service 3.0 RP374: 3/7/2012 7:58:01 PM - Software Distribution Service 3.0 RP375: 3/14/2012 9:32:38 PM - Software Distribution Service 3.0 RP376: 3/15/2012 12:15:42 PM - Software Distribution Service 3.0 RP377: 3/15/2012 7:02:54 PM - Software Distribution Service 3.0 RP378: 3/16/2012 11:26:52 AM - Software Distribution Service 3.0 RP379: 3/16/2012 12:30:45 PM - Software Distribution Service 3.0 RP380: 3/16/2012 3:55:26 PM - Software Distribution Service 3.0 RP381: 3/18/2012 9:43:02 AM - Software Distribution Service 3.0 RP382: 3/18/2012 3:54:29 PM - Software Distribution Service 3.0 RP383: 3/18/2012 7:43:16 PM - Software Distribution Service 3.0 RP384: 3/19/2012 2:57:36 PM - Software Distribution Service 3.0 RP385: 3/27/2012 12:30:03 AM - Software Distribution Service 3.0 RP386: 3/27/2012 10:47:56 AM - Software Distribution Service 3.0 RP387: 4/1/2012 6:26:16 AM - Software Distribution Service 3.0 RP388: 4/1/2012 6:40:49 AM - Software Distribution Service 3.0 RP389: 4/1/2012 11:47:31 PM - Software Distribution Service 3.0 RP390: 4/3/2012 12:11:19 AM - Software Distribution Service 3.0 RP391: 4/8/2012 12:46:43 PM - Software Distribution Service 3.0 RP392: 4/14/2012 9:33:38 PM - Software Distribution Service 3.0 RP393: 4/15/2012 12:21:46 PM - Software Distribution Service 3.0 RP394: 4/17/2012 10:35:07 PM - Software Distribution Service 3.0 RP395: 4/19/2012 8:28:29 PM - Software Distribution Service 3.0 RP396: 4/22/2012 11:34:00 AM - Software Distribution Service 3.0 RP397: 4/22/2012 5:21:24 PM - Software Distribution Service 3.0 RP398: 4/22/2012 10:57:30 PM - Software Distribution Service 3.0 RP399: 4/23/2012 10:35:44 AM - Software Distribution Service 3.0 RP400: 5/24/2012 12:30:31 AM - Restore Operation . ==== Installed Programs ====================== . µTorrent A4 TECH PC Camera H Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.3.4 Adobe Shockwave Player 11.5 Akamai NetSession Interface Akamai NetSession Interface Service Atheros Wireless LAN Client Adapter Bluetooth Stack for Windows by Toshiba CCleaner Conduit Engine Conexant HD Audio Dealio Toolbar v4.0.2 Dell Resource CD Dell Touchpad DivX Setup Facebook Plug-In FormatFactory 2.80 Google Chrome Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® Graphics Media Accelerator Driver Java Auto Updater Java™ 6 Update 21 Kalydo Player 3.09.00 LightScribe 1.8.13.1 Mabry Volume Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Help Viewer 1.0 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Silverlight Microsoft SQL Server Compact 3.5 Design Tools ENU Microsoft SQL Server Compact 3.5 ENU Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual Basic 2008 Express Edition - ENU Microsoft Visual C++ Compilers 2010 Standard - enu - x86 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 Mozilla Embedded Browser version 3.5 Mozilla Firefox 15.0 (x86 en-US) Mozilla Maintenance Service MSN MSXML 6 Service Pack 2 (KB973686) Pando Media Booster PhotoScape Process Tamer 2.11.01 PunkBuster Services REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05 Search Settings v1.2.3 Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB944338-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971032) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Skype Toolbars Skype™ 5.3 System Requirements Lab for Intel Unity Web Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB898461) Update for Windows XP (KB925720) Update for Windows XP (KB932823-v3) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) Update for Windows XP (KB980182) VC80CRTRedist - 8.0.50727.4053 VLC media player 1.0.5 Warcraft III: All Products WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 WinRAR 4.01 (32-bit) Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 8/29/2012 12:34:52 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running. 8/29/2012 1:11:00 PM, error: System Error [1003] - Error code 000000ea, parameter1 8717cda8, parameter2 86a60328, parameter3 864da380, parameter4 00000001. 8/28/2012 9:03:21 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio service, but this action failed with the following error: An instance of the service is already running. 8/26/2012 8:09:45 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 8/26/2012 8:09:19 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. . 8/26/2012 8:09:19 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\DivX\DivX Update\DivXUpdate.exe. Reference error message: The operation completed successfully. . 8/26/2012 8:09:19 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 8/26/2012 3:31:31 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 8/26/2012 3:31:31 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 8/26/2012 3:31:31 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 8/26/2012 11:47:04 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 8/23/2012 5:20:33 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 8/23/2012 4:20:31 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 8/23/2012 3:50:30 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) . ==== End Of File =========================== DDS.txt:> . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Run by Administrator at 11:04:54 on 2012-08-30 . ============== Running Processes =============== . C:\WINDOWS\Explorer.EXE C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ProcessTamer\ProcessTamerTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Administrator\Desktop\dds.scr C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\dwwin.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k Akamai C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.starwebsearch.com/index.php?from=3 uSearch Page = uSearch Bar = uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4 uURLSearchHooks: H - No File uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uURLSearchHooks: H - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - d:\amfufu\updates\regtweaker\key.dll uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LClock] c:\program files\lclock\LClock.exe uRun: [Akamai NetSession Interface] "c:\documents and settings\administrator\local settings\application data\akamai\netsession_win.exe" mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Runonce] c:\windows\system32\runouce.exe mRun: [VMSnap3] c:\windows\VMSnap3.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [ProcessTamer] c:\program files\processtamer\ProcessTamerTray.exe mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRunOnce: [RunNarrator] Narrator.exe mExplorerRun: [13415tyhewr5234325] c:\documents and settings\administrator\application data\3T0F1VR85D.exe mPolicies-system: EnableLUA = 0 (0x0) dPolicies-explorer: NofolderOptions = 1 (0x1) dPolicies-system: DisableTaskMgr = 1 (0x1) dPolicies-system: DisableRegistryTools = 1 (0x1) IE: &Download All using 4shared Desktop - d:\4shared desktop\down_all.htm IE: &Search IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344411596125 DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab TCP: DhcpNameServer = 192.168.254.254 TCP: Interfaces\{3714AB7D-9B50-43E1-BBF5-298C78CFCE0E} : DhcpNameServer = 192.168.254.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 nwprovau mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ecitfnq6.default\ FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\administrator\application data\kalydo\kalydoplayer\npkalydo.dll FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll FF - plugin: c:\windows\system32\npOGPPlugin.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll . ============= SERVICES / DRIVERS =============== . R? 1394hub;1394 Enabled Hub R? abp470n5;abp470n5 R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service R? ByakkoDriver;ByakkoDriver R? ByakkoSvc;ByakkoSvc R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? Da12prp;Da12prp R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) R? dpti930;dpti930 R? EagleXNt;EagleXNt R? GGSAFERDriver;GGSAFER Driver R? GUCI_AVS;USB2.0 VGA Video Device R? gupdate;Google Update Service (gupdate) R? gupdatem;Google Update Service (gupdatem) R? IlvMoneyDRIVER53;IlvMoneyDRIVER53 R? LcAgent;LC Remote Agent R? MozillaMaintenance;Mozilla Maintenance Service R? npggsvc;nProtect GameGuard Service R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) R? vmfilter303;vmfilter303 R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 R? XDva346;XDva346 R? XDva365;XDva365 R? XDva369;XDva369 R? XDva386;XDva386 R? XDva388;XDva388 S? Akamai;Akamai NetSession Interface S? ElRawDisk;ElRawDisk S? MBAMProtector;MBAMProtector S? MBAMService;MBAMService . =============== Created Last 30 ================ . 2012-08-30 09:58:16 -------- dc----w- c:\documents and settings\administrator\application data\DonationCoder 2012-08-30 09:58:12 -------- d-----w- c:\documents and settings\all users\application data\DonationCoder 2012-08-30 09:58:10 -------- d-----w- c:\program files\ProcessTamer 2012-08-30 09:05:22 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-08-29 07:59:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-29 07:11:26 -------- d-----w- c:\documents and settings\all users\application data\Ask 2012-08-24 08:08:45 0 -c--a-w- c:\documents and settings\administrator\windbg.exe 2012-08-24 07:47:18 -------- d-----w- c:\program files\Microsoft Help Viewer 2012-08-24 07:43:43 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2012-08-21 06:04:55 15612896 ----a-w- c:\program files\mozilla firefox\xul.dll 2012-08-16 22:07:05 2829 ----a-w- c:\windows\War3Unin.pif 2012-08-16 22:07:05 139264 ----a-w- c:\windows\War3Unin.exe 2012-08-16 21:29:58 477240 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-08-16 21:15:39 -------- dc----w- c:\documents and settings\administrator\application data\DAEMON Tools Pro 2012-08-11 08:18:40 34312 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2012-08-11 08:18:39 53256 ----a-w- c:\windows\system32\drivers\easdrv.sys 2012-08-11 08:18:39 39944 ----a-w- c:\windows\system32\drivers\eamon.sys 2012-08-11 08:01:25 -------- d-----w- c:\documents and settings\administrator\local settings\application data\CRE 2012-08-11 08:01:01 -------- d-----w- c:\program files\Conduit 2012-08-09 01:48:33 -------- d-----w- c:\windows\system32\CatRoot2 2012-08-09 01:16:15 19569 ----a-w- c:\windows\005931_.tmp 2012-08-09 00:44:11 19569 ----a-w- c:\windows\006001_.tmp . ==================== Find3M ==================== . 2012-08-23 23:25:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-23 23:25:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-03-23 17:21:55 3993600 ----a-w- c:\program files\GUT35F.tmp . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST9160827AS rev.3.ADB -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87370EC5]<< _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x84f10872; SUB DWORD [EBP-0x4], 0x84f1012e; PUSH EDI; CALL 0xffffffffffffdf33; } 1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x874BDAB8] 3 CLASSPNP[0xF759E05B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x871FE2A0] [0x87476228] -> IRP_MJ_CREATE -> 0x87370EC5 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST9160827AS_____________________________3.ADB___#5&71b3819&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x87370AEA \Driver\atapi -> 0x8759e1e8 user & kernel MBR OK sectors 312581806 (+255): user != kernel Warning: possible TDL3 rootkit infection ! . ============= FINISH: 11:08:41.60 ===============
  15. Yes i still keep getting BSOD hmm from what I remember it was "Failed to install catalog files?" thanks for some advice.. ill post it now here Attach.txt:> . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 11/17/2009 7:38:00 AM System Uptime: 8/30/2012 11:03:24 AM (0 hours ago) . Motherboard: Dell Inc. | | 0G216H Processor: Intel® Core™2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1180/200mhz Processor: Intel® Core™2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1180/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 68 GiB total, 36.408 GiB free. D: is FIXED (NTFS) - 81 GiB total, 63.132 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {00000000-0000-0000-0000-000000000000} Description: Network Controller Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_01121A32&REV_01\4&AB208E&0&00E1 Manufacturer: Name: Network Controller PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_01121A32&REV_01\4&AB208E&0&00E1 Service: . ==== System Restore Points =================== . RP297: 10/17/2011 4:12:54 AM - Software Distribution Service 3.0 RP298: 10/17/2011 9:22:12 AM - Software Distribution Service 3.0 RP299: 10/21/2011 3:06:49 AM - Software Distribution Service 3.0 RP300: 10/24/2011 11:43:34 PM - Software Distribution Service 3.0 RP301: 10/25/2011 8:36:09 AM - Software Distribution Service 3.0 RP302: 10/28/2011 11:02:46 AM - Removed AVG Free 9.0 RP303: 10/30/2011 5:19:57 AM - Software Distribution Service 3.0 RP304: 11/6/2011 9:23:00 AM - Software Distribution Service 3.0 RP305: 11/6/2011 7:42:27 PM - Software Distribution Service 3.0 RP306: 11/7/2011 2:10:34 AM - Software Distribution Service 3.0 RP307: 11/7/2011 6:31:10 AM - Software Distribution Service 3.0 RP308: 11/13/2011 8:51:20 AM - Software Distribution Service 3.0 RP309: 11/20/2011 7:00:17 AM - Software Distribution Service 3.0 RP310: 11/20/2011 7:18:47 PM - Software Distribution Service 3.0 RP311: 11/21/2011 2:47:10 AM - Software Distribution Service 3.0 RP312: 11/21/2011 7:34:16 PM - Software Distribution Service 3.0 RP313: 11/27/2011 5:31:49 AM - Software Distribution Service 3.0 RP314: 11/27/2011 6:31:40 AM - Software Distribution Service 3.0 RP315: 11/27/2011 11:24:49 PM - Software Distribution Service 3.0 RP316: 12/4/2011 8:16:37 AM - Software Distribution Service 3.0 RP317: 12/4/2011 1:31:22 PM - Software Distribution Service 3.0 RP318: 12/5/2011 12:16:21 AM - Software Distribution Service 3.0 RP319: 12/5/2011 7:57:16 AM - Software Distribution Service 3.0 RP320: 12/5/2011 9:55:29 AM - Software Distribution Service 3.0 RP321: 12/6/2011 1:48:29 AM - Software Distribution Service 3.0 RP322: 12/6/2011 9:09:41 PM - Software Distribution Service 3.0 RP323: 12/11/2011 7:52:30 AM - Software Distribution Service 3.0 RP324: 12/18/2011 6:06:52 PM - Software Distribution Service 3.0 RP325: 12/18/2011 6:41:07 PM - Software Distribution Service 3.0 RP326: 12/19/2011 8:07:56 AM - Software Distribution Service 3.0 RP327: 12/19/2011 8:33:36 AM - Software Distribution Service 3.0 RP328: 12/20/2011 12:33:11 AM - Software Distribution Service 3.0 RP329: 12/20/2011 4:06:44 AM - Software Distribution Service 3.0 RP330: 12/25/2011 2:26:55 PM - Software Distribution Service 3.0 RP331: 12/25/2011 11:54:22 PM - Software Distribution Service 3.0 RP332: 12/26/2011 2:10:22 AM - Software Distribution Service 3.0 RP333: 12/26/2011 10:04:50 AM - Software Distribution Service 3.0 RP334: 12/26/2011 11:16:26 PM - Software Distribution Service 3.0 RP335: 12/26/2011 11:21:44 PM - Software Distribution Service 3.0 RP336: 12/27/2011 12:14:47 AM - Software Distribution Service 3.0 RP337: 12/27/2011 12:24:28 PM - Software Distribution Service 3.0 RP338: 12/27/2011 5:38:42 PM - Software Distribution Service 3.0 RP339: 1/1/2012 10:06:10 PM - Software Distribution Service 3.0 RP340: 1/8/2012 9:03:10 AM - Software Distribution Service 3.0 RP341: 1/15/2012 8:02:35 PM - Software Distribution Service 3.0 RP342: 1/15/2012 8:30:17 PM - Software Distribution Service 3.0 RP343: 1/22/2012 10:48:54 AM - Software Distribution Service 3.0 RP344: 1/22/2012 4:20:51 PM - Software Distribution Service 3.0 RP345: 1/23/2012 12:48:51 AM - Software Distribution Service 3.0 RP346: 1/23/2012 11:02:40 AM - Software Distribution Service 3.0 RP347: 1/29/2012 6:11:17 AM - Software Distribution Service 3.0 RP348: 2/5/2012 12:38:00 PM - Software Distribution Service 3.0 RP349: 2/6/2012 2:07:44 AM - Software Distribution Service 3.0 RP350: 2/6/2012 9:59:56 AM - Software Distribution Service 3.0 RP351: 2/7/2012 3:56:20 PM - Software Distribution Service 3.0 RP352: 2/8/2012 10:56:06 AM - Software Distribution Service 3.0 RP353: 2/8/2012 11:08:18 PM - Software Distribution Service 3.0 RP354: 2/9/2012 8:48:25 AM - Software Distribution Service 3.0 RP355: 2/9/2012 1:40:48 PM - Software Distribution Service 3.0 RP356: 2/10/2012 4:51:13 AM - Software Distribution Service 3.0 RP357: 2/10/2012 8:15:48 AM - Software Distribution Service 3.0 RP358: 2/12/2012 4:36:31 PM - Software Distribution Service 3.0 RP359: 2/13/2012 12:45:13 AM - Software Distribution Service 3.0 RP360: 2/16/2012 7:41:49 PM - Software Distribution Service 3.0 RP361: 2/16/2012 9:49:54 PM - Software Distribution Service 3.0 RP362: 2/17/2012 4:34:36 PM - Software Distribution Service 3.0 RP363: 2/19/2012 6:53:44 AM - Software Distribution Service 3.0 RP364: 2/20/2012 11:35:29 AM - Software Distribution Service 3.0 RP365: 2/20/2012 4:48:25 PM - Software Distribution Service 3.0 RP366: 2/20/2012 5:34:25 PM - Software Distribution Service 3.0 RP367: 2/22/2012 5:17:07 PM - Software Distribution Service 3.0 RP368: 2/22/2012 8:11:57 PM - Software Distribution Service 3.0 RP369: 3/4/2012 8:17:19 AM - Software Distribution Service 3.0 RP370: 3/4/2012 11:38:49 AM - Hitman 2: Silent Assassin Demo RP371: 3/4/2012 11:39:40 AM - Software Distribution Service 3.0 RP372: 3/6/2012 12:06:21 AM - Software Distribution Service 3.0 RP373: 3/6/2012 5:00:17 AM - Software Distribution Service 3.0 RP374: 3/7/2012 7:58:01 PM - Software Distribution Service 3.0 RP375: 3/14/2012 9:32:38 PM - Software Distribution Service 3.0 RP376: 3/15/2012 12:15:42 PM - Software Distribution Service 3.0 RP377: 3/15/2012 7:02:54 PM - Software Distribution Service 3.0 RP378: 3/16/2012 11:26:52 AM - Software Distribution Service 3.0 RP379: 3/16/2012 12:30:45 PM - Software Distribution Service 3.0 RP380: 3/16/2012 3:55:26 PM - Software Distribution Service 3.0 RP381: 3/18/2012 9:43:02 AM - Software Distribution Service 3.0 RP382: 3/18/2012 3:54:29 PM - Software Distribution Service 3.0 RP383: 3/18/2012 7:43:16 PM - Software Distribution Service 3.0 RP384: 3/19/2012 2:57:36 PM - Software Distribution Service 3.0 RP385: 3/27/2012 12:30:03 AM - Software Distribution Service 3.0 RP386: 3/27/2012 10:47:56 AM - Software Distribution Service 3.0 RP387: 4/1/2012 6:26:16 AM - Software Distribution Service 3.0 RP388: 4/1/2012 6:40:49 AM - Software Distribution Service 3.0 RP389: 4/1/2012 11:47:31 PM - Software Distribution Service 3.0 RP390: 4/3/2012 12:11:19 AM - Software Distribution Service 3.0 RP391: 4/8/2012 12:46:43 PM - Software Distribution Service 3.0 RP392: 4/14/2012 9:33:38 PM - Software Distribution Service 3.0 RP393: 4/15/2012 12:21:46 PM - Software Distribution Service 3.0 RP394: 4/17/2012 10:35:07 PM - Software Distribution Service 3.0 RP395: 4/19/2012 8:28:29 PM - Software Distribution Service 3.0 RP396: 4/22/2012 11:34:00 AM - Software Distribution Service 3.0 RP397: 4/22/2012 5:21:24 PM - Software Distribution Service 3.0 RP398: 4/22/2012 10:57:30 PM - Software Distribution Service 3.0 RP399: 4/23/2012 10:35:44 AM - Software Distribution Service 3.0 RP400: 5/24/2012 12:30:31 AM - Restore Operation . ==== Installed Programs ====================== . µTorrent A4 TECH PC Camera H Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.3.4 Adobe Shockwave Player 11.5 Akamai NetSession Interface Akamai NetSession Interface Service Atheros Wireless LAN Client Adapter Bluetooth Stack for Windows by Toshiba CCleaner Conduit Engine Conexant HD Audio Dealio Toolbar v4.0.2 Dell Resource CD Dell Touchpad DivX Setup Facebook Plug-In FormatFactory 2.80 Google Chrome Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® Graphics Media Accelerator Driver Java Auto Updater Java™ 6 Update 21 Kalydo Player 3.09.00 LightScribe 1.8.13.1 Mabry Volume Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Help Viewer 1.0 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Silverlight Microsoft SQL Server Compact 3.5 Design Tools ENU Microsoft SQL Server Compact 3.5 ENU Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual Basic 2008 Express Edition - ENU Microsoft Visual C++ Compilers 2010 Standard - enu - x86 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 Mozilla Embedded Browser version 3.5 Mozilla Firefox 15.0 (x86 en-US) Mozilla Maintenance Service MSN MSXML 6 Service Pack 2 (KB973686) Pando Media Booster PhotoScape Process Tamer 2.11.01 PunkBuster Services REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05 Search Settings v1.2.3 Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB944338-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971032) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Skype Toolbars Skype™ 5.3 System Requirements Lab for Intel Unity Web Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB898461) Update for Windows XP (KB925720) Update for Windows XP (KB932823-v3) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) Update for Windows XP (KB980182) VC80CRTRedist - 8.0.50727.4053 VLC media player 1.0.5 Warcraft III: All Products WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 WinRAR 4.01 (32-bit) Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 8/29/2012 12:34:52 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running. 8/29/2012 1:11:00 PM, error: System Error [1003] - Error code 000000ea, parameter1 8717cda8, parameter2 86a60328, parameter3 864da380, parameter4 00000001. 8/28/2012 9:03:21 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio service, but this action failed with the following error: An instance of the service is already running. 8/26/2012 8:09:45 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 8/26/2012 8:09:19 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. . 8/26/2012 8:09:19 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\DivX\DivX Update\DivXUpdate.exe. Reference error message: The operation completed successfully. . 8/26/2012 8:09:19 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 8/26/2012 3:31:31 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 8/26/2012 3:31:31 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 8/26/2012 3:31:31 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 8/26/2012 11:47:04 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 8/23/2012 5:20:33 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 8/23/2012 4:20:31 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 8/23/2012 3:50:30 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'http://www.timeanddate.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) . ==== End Of File =========================== DDS.txt:> . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Run by Administrator at 11:04:54 on 2012-08-30 . ============== Running Processes =============== . C:\WINDOWS\Explorer.EXE C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ProcessTamer\ProcessTamerTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Administrator\Desktop\dds.scr C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\dwwin.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k Akamai C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.starwebsearch.com/index.php?from=3 uSearch Page = uSearch Bar = uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4 uURLSearchHooks: H - No File uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uURLSearchHooks: H - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - d:\amfufu\updates\regtweaker\key.dll uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LClock] c:\program files\lclock\LClock.exe uRun: [Akamai NetSession Interface] "c:\documents and settings\administrator\local settings\application data\akamai\netsession_win.exe" mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Runonce] c:\windows\system32\runouce.exe mRun: [VMSnap3] c:\windows\VMSnap3.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [ProcessTamer] c:\program files\processtamer\ProcessTamerTray.exe mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRunOnce: [RunNarrator] Narrator.exe mExplorerRun: [13415tyhewr5234325] c:\documents and settings\administrator\application data\3T0F1VR85D.exe mPolicies-system: EnableLUA = 0 (0x0) dPolicies-explorer: NofolderOptions = 1 (0x1) dPolicies-system: DisableTaskMgr = 1 (0x1) dPolicies-system: DisableRegistryTools = 1 (0x1) IE: &Download All using 4shared Desktop - d:\4shared desktop\down_all.htm IE: &Search IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344411596125 DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab TCP: DhcpNameServer = 192.168.254.254 TCP: Interfaces\{3714AB7D-9B50-43E1-BBF5-298C78CFCE0E} : DhcpNameServer = 192.168.254.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 nwprovau mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ecitfnq6.default\ FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\administrator\application data\kalydo\kalydoplayer\npkalydo.dll FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll FF - plugin: c:\windows\system32\npOGPPlugin.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll . ============= SERVICES / DRIVERS =============== . R? 1394hub;1394 Enabled Hub R? abp470n5;abp470n5 R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service R? ByakkoDriver;ByakkoDriver R? ByakkoSvc;ByakkoSvc R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? Da12prp;Da12prp R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) R? dpti930;dpti930 R? EagleXNt;EagleXNt R? GGSAFERDriver;GGSAFER Driver R? GUCI_AVS;USB2.0 VGA Video Device R? gupdate;Google Update Service (gupdate) R? gupdatem;Google Update Service (gupdatem) R? IlvMoneyDRIVER53;IlvMoneyDRIVER53 R? LcAgent;LC Remote Agent R? MozillaMaintenance;Mozilla Maintenance Service R? npggsvc;nProtect GameGuard Service R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) R? vmfilter303;vmfilter303 R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 R? XDva346;XDva346 R? XDva365;XDva365 R? XDva369;XDva369 R? XDva386;XDva386 R? XDva388;XDva388 S? Akamai;Akamai NetSession Interface S? ElRawDisk;ElRawDisk S? MBAMProtector;MBAMProtector S? MBAMService;MBAMService . =============== Created Last 30 ================ . 2012-08-30 09:58:16 -------- dc----w- c:\documents and settings\administrator\application data\DonationCoder 2012-08-30 09:58:12 -------- d-----w- c:\documents and settings\all users\application data\DonationCoder 2012-08-30 09:58:10 -------- d-----w- c:\program files\ProcessTamer 2012-08-30 09:05:22 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-08-29 07:59:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-29 07:11:26 -------- d-----w- c:\documents and settings\all users\application data\Ask 2012-08-24 08:08:45 0 -c--a-w- c:\documents and settings\administrator\windbg.exe 2012-08-24 07:47:18 -------- d-----w- c:\program files\Microsoft Help Viewer 2012-08-24 07:43:43 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2012-08-21 06:04:55 15612896 ----a-w- c:\program files\mozilla firefox\xul.dll 2012-08-16 22:07:05 2829 ----a-w- c:\windows\War3Unin.pif 2012-08-16 22:07:05 139264 ----a-w- c:\windows\War3Unin.exe 2012-08-16 21:29:58 477240 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-08-16 21:15:39 -------- dc----w- c:\documents and settings\administrator\application data\DAEMON Tools Pro 2012-08-11 08:18:40 34312 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2012-08-11 08:18:39 53256 ----a-w- c:\windows\system32\drivers\easdrv.sys 2012-08-11 08:18:39 39944 ----a-w- c:\windows\system32\drivers\eamon.sys 2012-08-11 08:01:25 -------- d-----w- c:\documents and settings\administrator\local settings\application data\CRE 2012-08-11 08:01:01 -------- d-----w- c:\program files\Conduit 2012-08-09 01:48:33 -------- d-----w- c:\windows\system32\CatRoot2 2012-08-09 01:16:15 19569 ----a-w- c:\windows\005931_.tmp 2012-08-09 00:44:11 19569 ----a-w- c:\windows\006001_.tmp . ==================== Find3M ==================== . 2012-08-23 23:25:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-23 23:25:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-03-23 17:21:55 3993600 ----a-w- c:\program files\GUT35F.tmp . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST9160827AS rev.3.ADB -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87370EC5]<< _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x84f10872; SUB DWORD [EBP-0x4], 0x84f1012e; PUSH EDI; CALL 0xffffffffffffdf33; } 1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x874BDAB8] 3 CLASSPNP[0xF759E05B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x871FE2A0] [0x87476228] -> IRP_MJ_CREATE -> 0x87370EC5 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST9160827AS_____________________________3.ADB___#5&71b3819&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x87370AEA \Driver\atapi -> 0x8759e1e8 user & kernel MBR OK sectors 312581806 (+255): user != kernel Warning: possible TDL3 rootkit infection ! . ============= FINISH: 11:08:41.60 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.