tenuglymen
-
Posts
57 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by tenuglymen
-
Marice - i appreciate the time that you have put into this. I may have to do another clean install of XP? Should i upgrade to Windows 7, the CD just came from UPS?
-
I attached the OTL.txt file because of its size. OTL.Txt
-
OTL Extras logfile created on: 7/30/2012 3:35:31 PM - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Michael\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 81.65% Memory free 3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.56% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 127.99 Gb Total Space | 103.52 Gb Free Space | 80.88% Space Free | Partition Type: NTFS Computer Name: HARTMAN4FAMILY | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\Steam\steamapps\common\specops_theline\Binaries\Win32\SpecOpsTheLine.exe" = C:\Program Files\Steam\steamapps\common\specops_theline\Binaries\Win32\SpecOpsTheLine.exe:*:Enabled:Spec Ops: The Line -- (Take-Two Interactive Software, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0807E67B-DACB-1739-A87E-3046FF40BA23}" = CCC Help Chinese Traditional "{0DF310E3-6C01-99DC-296F-1D021BA36C2D}" = CCC Help English "{1E8E87B5-4531-CEE3-4791-6AD9E72076EC}" = CCC Help Danish "{27596347-C945-B113-EF47-169D471CEB05}" = CCC Help Turkish "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3666DE18-A4CC-4E1E-8165-0D78758C2209}" = CCC Help Russian "{479826D5-FE36-711F-8BE3-AB7B44440F66}" = ccc-utility "{532669C6-3139-E755-B3B8-95F184EB27EB}" = CCC Help German "{577F4DD2-ED68-690F-6328-8A8CAC8FCA75}" = CCC Help Polish "{637A3EC2-4299-67B2-E0D2-C25572F4D37A}" = CCC Help Thai "{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager "{702F39B4-05FB-22F4-8426-E5FFFA330FF3}" = CCC Help Chinese Standard "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{73FB391E-E800-CC82-D9BA-EF9CB8A939F3}" = CCC Help French "{747E2E56-A68B-15C6-BB77-31BFE0C031EF}" = CCC Help Spanish "{7A37A44B-968E-6CA3-278C-878D4D08B226}" = CCC Help Czech "{7C0FB04E-5A40-C63D-CC1B-B6C1B60FDDA3}" = CCC Help Japanese "{7D94796D-007E-45DE-CEAD-8E616D78E95B}" = CCC Help Dutch "{7E7C98D1-4F44-21D4-C351-25E2367027F3}" = Catalyst Control Center "{87A91A66-1566-714D-E1BE-1F3B040E65D5}" = CCC Help Swedish "{92F63D17-2A32-7184-B8D7-905E0E1BC2A9}" = CCC Help Hungarian "{95CEF602-B837-0C37-F5E6-49C8F3196998}" = CCC Help Greek "{97E1A4DE-82AB-0448-0AEA-77DC1DD9A492}" = Catalyst Control Center Localization All "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{9DFD861E-2692-873F-BA2C-E4788648D966}" = CCC Help Italian "{B50676DC-AAE9-20DF-01A5-DABCDECD6DFC}" = Catalyst Control Center Graphics Previews Common "{D6346B4B-FDD6-C406-06FE-0CF77F561E78}" = AMD Catalyst Install Manager "{D9C7FB0D-B233-1B2E-E9DC-543911F6D94A}" = Catalyst Control Center InstallProxy "{DD9F821E-7B8D-210F-A4AE-47C60870DEBE}" = CCC Help Norwegian "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E6F42010-AA5A-B862-9620-8CBD23ACDED4}" = CCC Help Portuguese "{EAAE7669-947C-26DD-563D-863B63FFC1EA}" = CCC Help Finnish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F296A4CD-54A2-1EEE-CE14-8F88A1D97083}" = CCC Help Korean "Avira AntiVir Desktop" = Avira Free Antivirus "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Origin" = Origin "Steam App 102600" = Orcs Must Die! "Steam App 50300" = Spec Ops: The Line "Windows XP Service Pack" = Windows XP Service Pack 3 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/30/2012 10:31:08 AM | Computer Name = HARTMAN4FAMILY | Source = Avira Antivirus | ID = 4106 Description = The virus definition file has been modified or destroyed! Returned error code: 0x5 Error - 7/30/2012 10:33:20 AM | Computer Name = HARTMAN4FAMILY | Source = Application Error | ID = 1000 Description = Faulting application mbam.exe, version 1.62.0.87, faulting module mbamcore.dll, version 1.62.0.0, fault address 0x00093604. Error - 7/30/2012 11:53:58 AM | Computer Name = HARTMAN4FAMILY | Source = Avira Antivirus | ID = 4106 Description = The virus definition file has been modified or destroyed! Returned error code: 0x5 Error - 7/30/2012 1:24:23 PM | Computer Name = HARTMAN4FAMILY | Source = Avira Antivirus | ID = 4106 Description = The virus definition file has been modified or destroyed! Returned error code: 0x5 Error - 7/30/2012 1:30:11 PM | Computer Name = HARTMAN4FAMILY | Source = Avira Antivirus | ID = 4106 Description = The virus definition file has been modified or destroyed! Returned error code: 0x5 Error - 7/30/2012 1:58:07 PM | Computer Name = HARTMAN4FAMILY | Source = Avira Antivirus | ID = 4106 Description = The virus definition file has been modified or destroyed! Returned error code: 0x5 Error - 7/30/2012 3:11:25 PM | Computer Name = HARTMAN4FAMILY | Source = Application Error | ID = 1000 Description = Faulting application chrome.exe, version 20.0.1132.57, faulting module chrome.dll, version 20.0.1132.57, fault address 0x00048974. Error - 7/30/2012 3:23:00 PM | Computer Name = HARTMAN4FAMILY | Source = Avira Antivirus | ID = 4106 Description = The virus definition file has been modified or destroyed! Returned error code: 0x5 Error - 7/30/2012 3:30:56 PM | Computer Name = HARTMAN4FAMILY | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module comctl32.dll, version 6.0.2900.6028, fault address 0x0007d8bb. Error - 7/30/2012 3:31:09 PM | Computer Name = HARTMAN4FAMILY | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. [ System Events ] Error - 7/30/2012 9:35:16 AM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). Error - 7/30/2012 9:39:17 AM | Computer Name = HARTMAN4FAMILY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 7/30/2012 9:40:23 AM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Fips intelppm ssmdrv Error - 7/30/2012 10:29:28 AM | Computer Name = HARTMAN4FAMILY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 7/30/2012 10:31:08 AM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). Error - 7/30/2012 11:53:59 AM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). Error - 7/30/2012 1:24:23 PM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). Error - 7/30/2012 1:30:11 PM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). Error - 7/30/2012 1:58:07 PM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). Error - 7/30/2012 3:23:00 PM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). < End of report >
-
I know what you are referring to with AVIRA. The red Umbrella is not in the tray, what I see is the the red up pointing arrow.
-
are you asking me to copy just these lines to OTL ? /md5start themeui.dll beep.sys userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %USERPROFILE%\..|smtmp;true;true;true /FP
-
Regarding Avira - when i hover over the icon what i see is - Realtime Protection Stopped When i open the application what i see is a red X next to PC protection, I see the green block with an arrow through it under Internet Protection.
-
checkmark by Realtime protection enabled - is greyed out.
-
Yes it shows up in the tray. It says "Realtime Protection Stopped" PC Protection is red and internet protection is green.
-
I went into Avira Realtime Protection to create a report and it locked up "not responding" so i am hving to restart my computer. I will see if I can create a report.
-
I have Avira Free - i am looking at the updater and it is for Avira Free Antivirus. it will download the files but then when it goes to install them, i get an error message.
-
Avira is telling me to do the following: Please post here the HJT log and also open Avira -> Realtime Protection -> click Display report file -> copy/paste the last ~ 50-100 lines in your next reply.
-
I followed your instructions and it did not update the application. PC Protection will not activate only Internet protection is live.
-
I just tried updaing Avira and it starts the process until it gets to the end where I get a message that says "Error loading system components". Avira was working fine up until yesterday? I have Avira internet protection working but real time protection will not turn on?
-
Issues today: computer crashes every couple of hours, Chrome, IE and Firefox constantly crash. Let me try your latest remedy and i will let you know if Avira was able to update. Thanks
-
OK - I will stay off the computer - no more surfing. 10:59:00.0312 0512 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 10:59:00.0546 0512 ============================================================ 10:59:00.0546 0512 Current date / time: 2012/07/30 10:59:00.0546 10:59:00.0546 0512 SystemInfo: 10:59:00.0546 0512 10:59:00.0546 0512 OS Version: 5.1.2600 ServicePack: 3.0 10:59:00.0546 0512 Product type: Workstation 10:59:00.0546 0512 ComputerName: HARTMAN4FAMILY 10:59:00.0546 0512 Windows directory: C:\WINDOWS 10:59:00.0546 0512 System windows directory: C:\WINDOWS 10:59:00.0546 0512 Processor architecture: Intel x86 10:59:00.0546 0512 Number of processors: 2 10:59:00.0546 0512 Page size: 0x1000 10:59:00.0546 0512 Boot type: Normal boot 10:59:00.0546 0512 ============================================================ 10:59:01.0687 0512 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054 10:59:01.0687 0512 ============================================================ 10:59:01.0687 0512 \Device\Harddisk0\DR0: 10:59:01.0687 0512 MBR partitions: 10:59:01.0687 0512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFF9D41 10:59:01.0687 0512 ============================================================ 10:59:01.0703 0512 C: <-> \Device\Harddisk0\DR0\Partition0 10:59:01.0703 0512 ============================================================ 10:59:01.0703 0512 Initialize success 10:59:01.0703 0512 ============================================================ 10:59:03.0953 1304 ============================================================ 10:59:03.0953 1304 Scan started 10:59:03.0953 1304 Mode: Manual; 10:59:03.0953 1304 ============================================================ 10:59:04.0625 1304 Abiosdsk - ok 10:59:04.0625 1304 abp480n5 - ok 10:59:04.0656 1304 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:59:04.0671 1304 ACPI - ok 10:59:04.0687 1304 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 10:59:04.0687 1304 ACPIEC - ok 10:59:04.0687 1304 adpu160m - ok 10:59:04.0718 1304 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:59:04.0718 1304 aec - ok 10:59:04.0765 1304 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 10:59:04.0765 1304 AFD - ok 10:59:04.0765 1304 Aha154x - ok 10:59:04.0765 1304 aic78u2 - ok 10:59:04.0765 1304 aic78xx - ok 10:59:04.0781 1304 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 10:59:04.0781 1304 Alerter - ok 10:59:04.0812 1304 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 10:59:04.0812 1304 ALG - ok 10:59:04.0812 1304 AliIde - ok 10:59:04.0890 1304 Ambfilt (4e4eb7fe9fdb8adba5fb46f35ee77f40) C:\WINDOWS\system32\drivers\Ambfilt.sys 10:59:04.0906 1304 Suspicious file (Forged): C:\WINDOWS\system32\drivers\Ambfilt.sys. Real md5: 4e4eb7fe9fdb8adba5fb46f35ee77f40, Fake md5: 7a8e406056dcbe5558766d6d6ac9bc73 10:59:04.0906 1304 Ambfilt ( ForgedFile.Multi.Generic ) - warning 10:59:04.0906 1304 Ambfilt - detected ForgedFile.Multi.Generic (1) 10:59:04.0953 1304 amsint - ok 10:59:05.0093 1304 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe 10:59:05.0093 1304 AntiVirSchedulerService - ok 10:59:05.0125 1304 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 10:59:05.0125 1304 AntiVirService - ok 10:59:05.0140 1304 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 10:59:05.0140 1304 AppMgmt - ok 10:59:05.0156 1304 asc - ok 10:59:05.0156 1304 asc3350p - ok 10:59:05.0156 1304 asc3550 - ok 10:59:05.0375 1304 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 10:59:05.0375 1304 aspnet_state - ok 10:59:05.0390 1304 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:59:05.0390 1304 AsyncMac - ok 10:59:05.0421 1304 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:59:05.0421 1304 atapi - ok 10:59:05.0437 1304 Atdisk - ok 10:59:05.0484 1304 Ati HotKey Poller (8fdb05aff463cb36be0fd3bc779121cd) C:\WINDOWS\system32\Ati2evxx.exe 10:59:05.0500 1304 Ati HotKey Poller - ok 10:59:05.0906 1304 ati2mtag (175ddf9ae328cb0d8696094fa1346361) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 10:59:05.0953 1304 ati2mtag - ok 10:59:06.0062 1304 AtiHDAudioService (924971a182e07463765ef9fa8876f24f) C:\WINDOWS\system32\drivers\AtihdXP3.sys 10:59:06.0062 1304 AtiHDAudioService - ok 10:59:06.0093 1304 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:59:06.0093 1304 Atmarpc - ok 10:59:06.0125 1304 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 10:59:06.0125 1304 AudioSrv - ok 10:59:06.0156 1304 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:59:06.0156 1304 audstub - ok 10:59:06.0187 1304 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 10:59:06.0187 1304 avgntflt - ok 10:59:06.0218 1304 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys 10:59:06.0218 1304 avipbb - ok 10:59:06.0218 1304 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 10:59:06.0218 1304 avkmgr - ok 10:59:06.0250 1304 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:59:06.0250 1304 Beep - ok 10:59:06.0578 1304 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 10:59:06.0578 1304 BITS - ok 10:59:06.0609 1304 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 10:59:06.0609 1304 Browser - ok 10:59:06.0625 1304 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:59:06.0625 1304 cbidf2k - ok 10:59:06.0625 1304 cd20xrnt - ok 10:59:06.0640 1304 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:59:06.0640 1304 Cdaudio - ok 10:59:06.0671 1304 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:59:06.0671 1304 Cdfs - ok 10:59:06.0687 1304 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:59:06.0687 1304 Cdrom - ok 10:59:06.0687 1304 Changer - ok 10:59:06.0687 1304 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\System32\cisvc.exe 10:59:06.0687 1304 cisvc - ok 10:59:06.0703 1304 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 10:59:06.0703 1304 ClipSrv - ok 10:59:06.0921 1304 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:59:06.0921 1304 clr_optimization_v2.0.50727_32 - ok 10:59:06.0921 1304 CmdIde - ok 10:59:06.0921 1304 COMSysApp - ok 10:59:06.0921 1304 Cpqarray - ok 10:59:06.0953 1304 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 10:59:06.0953 1304 CryptSvc - ok 10:59:06.0953 1304 dac2w2k - ok 10:59:06.0968 1304 dac960nt - ok 10:59:07.0000 1304 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 10:59:07.0015 1304 DcomLaunch - ok 10:59:07.0046 1304 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 10:59:07.0046 1304 Dhcp - ok 10:59:07.0062 1304 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:59:07.0062 1304 Disk - ok 10:59:07.0062 1304 dmadmin - ok 10:59:07.0125 1304 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 10:59:07.0125 1304 dmboot - ok 10:59:07.0140 1304 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 10:59:07.0140 1304 dmio - ok 10:59:07.0140 1304 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:59:07.0140 1304 dmload - ok 10:59:07.0171 1304 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 10:59:07.0171 1304 dmserver - ok 10:59:07.0203 1304 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:59:07.0203 1304 DMusic - ok 10:59:07.0234 1304 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 10:59:07.0234 1304 Dnscache - ok 10:59:07.0281 1304 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 10:59:07.0281 1304 Dot3svc - ok 10:59:07.0281 1304 dpti2o - ok 10:59:07.0312 1304 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:59:07.0312 1304 drmkaud - ok 10:59:07.0359 1304 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 10:59:07.0359 1304 EapHost - ok 10:59:07.0359 1304 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 10:59:07.0359 1304 ERSvc - ok 10:59:07.0390 1304 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 10:59:07.0390 1304 Eventlog - ok 10:59:07.0421 1304 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll 10:59:07.0421 1304 EventSystem - ok 10:59:07.0468 1304 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:59:07.0468 1304 Fastfat - ok 10:59:07.0515 1304 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:59:07.0515 1304 FastUserSwitchingCompatibility - ok 10:59:07.0531 1304 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 10:59:07.0531 1304 Fdc - ok 10:59:07.0531 1304 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 10:59:07.0531 1304 Fips - ok 10:59:07.0562 1304 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 10:59:07.0562 1304 Flpydisk - ok 10:59:07.0578 1304 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 10:59:07.0578 1304 FltMgr - ok 10:59:07.0593 1304 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:59:07.0593 1304 Fs_Rec - ok 10:59:07.0593 1304 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:59:07.0593 1304 Ftdisk - ok 10:59:07.0609 1304 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:59:07.0609 1304 Gpc - ok 10:59:07.0625 1304 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:59:07.0625 1304 HDAudBus - ok 10:59:07.0703 1304 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:59:07.0703 1304 helpsvc - ok 10:59:07.0703 1304 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 10:59:07.0703 1304 HidServ - ok 10:59:07.0718 1304 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:59:07.0718 1304 hidusb - ok 10:59:07.0718 1304 hitmanpro36 - ok 10:59:07.0828 1304 HitmanPro36Crusader - ok 10:59:07.0859 1304 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 10:59:07.0859 1304 hkmsvc - ok 10:59:07.0859 1304 hpn - ok 10:59:07.0859 1304 hpt3xx - ok 10:59:07.0906 1304 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:59:07.0906 1304 HTTP - ok 10:59:07.0921 1304 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 10:59:07.0921 1304 HTTPFilter - ok 10:59:07.0921 1304 i2omgmt - ok 10:59:07.0921 1304 i2omp - ok 10:59:07.0937 1304 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys 10:59:07.0937 1304 i8042prt - ok 10:59:07.0937 1304 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys 10:59:07.0937 1304 Imapi - ok 10:59:07.0968 1304 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe 10:59:07.0968 1304 ImapiService - ok 10:59:07.0968 1304 ini910u - ok 10:59:08.0234 1304 IntcAzAudAddService (b85975d052527418d843aaa0eb49624f) C:\WINDOWS\system32\drivers\RtkHDAud.sys 10:59:08.0265 1304 Suspicious file (Forged): C:\WINDOWS\system32\drivers\RtkHDAud.sys. Real md5: b85975d052527418d843aaa0eb49624f, Fake md5: 063dd51cbdc37b8668e09148e0a118bc 10:59:08.0281 1304 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning 10:59:08.0281 1304 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1) 10:59:08.0359 1304 IntelIde - ok 10:59:08.0375 1304 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:59:08.0375 1304 intelppm - ok 10:59:08.0390 1304 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 10:59:08.0406 1304 ip6fw - ok 10:59:08.0421 1304 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:59:08.0421 1304 IpFilterDriver - ok 10:59:08.0437 1304 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:59:08.0437 1304 IpInIp - ok 10:59:08.0453 1304 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:59:08.0453 1304 IpNat - ok 10:59:08.0468 1304 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:59:08.0468 1304 IPSec - ok 10:59:08.0484 1304 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:59:08.0484 1304 IRENUM - ok 10:59:08.0500 1304 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:59:08.0500 1304 isapnp - ok 10:59:08.0500 1304 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:59:08.0500 1304 Kbdclass - ok 10:59:08.0500 1304 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:59:08.0500 1304 kbdhid - ok 10:59:08.0546 1304 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:59:08.0546 1304 kmixer - ok 10:59:08.0562 1304 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:59:08.0562 1304 KSecDD - ok 10:59:08.0609 1304 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 10:59:08.0609 1304 lanmanserver - ok 10:59:08.0640 1304 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 10:59:08.0640 1304 lanmanworkstation - ok 10:59:08.0640 1304 lbrtfdc - ok 10:59:08.0671 1304 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 10:59:08.0671 1304 LmHosts - ok 10:59:08.0703 1304 mbamchameleon (6c1b3c47915a8bf6bd752c9d476b1ca5) C:\WINDOWS\system32\drivers\mbamchameleon.sys 10:59:08.0703 1304 mbamchameleon - ok 10:59:08.0718 1304 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 10:59:08.0718 1304 Messenger - ok 10:59:08.0734 1304 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:59:08.0734 1304 mnmdd - ok 10:59:08.0750 1304 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe 10:59:08.0765 1304 mnmsrvc - ok 10:59:08.0781 1304 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 10:59:08.0781 1304 Modem - ok 10:59:08.0859 1304 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys 10:59:08.0859 1304 Monfilt - ok 10:59:08.0875 1304 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:59:08.0875 1304 Mouclass - ok 10:59:08.0875 1304 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:59:08.0875 1304 mouhid - ok 10:59:08.0875 1304 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:59:08.0890 1304 MountMgr - ok 10:59:08.0890 1304 mraid35x - ok 10:59:08.0890 1304 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:59:08.0890 1304 MRxDAV - ok 10:59:08.0937 1304 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:59:08.0937 1304 MRxSmb - ok 10:59:08.0937 1304 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe 10:59:08.0937 1304 MSDTC - ok 10:59:08.0937 1304 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:59:08.0937 1304 Msfs - ok 10:59:08.0953 1304 MSIServer - ok 10:59:08.0968 1304 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:59:08.0968 1304 MSKSSRV - ok 10:59:09.0000 1304 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:59:09.0000 1304 MSPCLOCK - ok 10:59:09.0000 1304 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:59:09.0000 1304 MSPQM - ok 10:59:09.0015 1304 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:59:09.0015 1304 mssmbios - ok 10:59:09.0046 1304 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:59:09.0046 1304 Mup - ok 10:59:09.0093 1304 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 10:59:09.0093 1304 napagent - ok 10:59:09.0109 1304 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:59:09.0109 1304 NDIS - ok 10:59:09.0125 1304 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:59:09.0125 1304 NdisTapi - ok 10:59:09.0125 1304 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:59:09.0125 1304 Ndisuio - ok 10:59:09.0125 1304 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:59:09.0125 1304 NdisWan - ok 10:59:09.0156 1304 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:59:09.0156 1304 NDProxy - ok 10:59:09.0156 1304 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:59:09.0156 1304 NetBIOS - ok 10:59:09.0171 1304 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:59:09.0171 1304 NetBT - ok 10:59:09.0203 1304 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 10:59:09.0203 1304 NetDDE - ok 10:59:09.0203 1304 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 10:59:09.0203 1304 NetDDEdsdm - ok 10:59:09.0218 1304 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe 10:59:09.0218 1304 Netlogon - ok 10:59:09.0265 1304 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 10:59:09.0265 1304 Netman - ok 10:59:09.0281 1304 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 10:59:09.0281 1304 Nla - ok 10:59:09.0281 1304 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:59:09.0281 1304 Npfs - ok 10:59:09.0312 1304 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:59:09.0328 1304 Ntfs - ok 10:59:09.0328 1304 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe 10:59:09.0328 1304 NtLmSsp - ok 10:59:09.0390 1304 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 10:59:09.0390 1304 NtmsSvc - ok 10:59:09.0437 1304 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:59:09.0437 1304 Null - ok 10:59:09.0468 1304 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:59:09.0468 1304 NwlnkFlt - ok 10:59:09.0468 1304 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:59:09.0468 1304 NwlnkFwd - ok 10:59:09.0484 1304 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 10:59:09.0484 1304 Parport - ok 10:59:09.0500 1304 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:59:09.0500 1304 PartMgr - ok 10:59:09.0531 1304 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 10:59:09.0531 1304 ParVdm - ok 10:59:09.0531 1304 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 10:59:09.0531 1304 PCI - ok 10:59:09.0531 1304 PCIDump - ok 10:59:09.0546 1304 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:59:09.0546 1304 PCIIde - ok 10:59:09.0562 1304 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:59:09.0562 1304 Pcmcia - ok 10:59:09.0562 1304 PDCOMP - ok 10:59:09.0562 1304 PDFRAME - ok 10:59:09.0578 1304 PDRELI - ok 10:59:09.0578 1304 PDRFRAME - ok 10:59:09.0578 1304 perc2 - ok 10:59:09.0578 1304 perc2hib - ok 10:59:09.0609 1304 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 10:59:09.0609 1304 PlugPlay - ok 10:59:09.0609 1304 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe 10:59:09.0609 1304 PolicyAgent - ok 10:59:09.0625 1304 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:59:09.0625 1304 PptpMiniport - ok 10:59:09.0625 1304 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 10:59:09.0625 1304 Processor - ok 10:59:09.0625 1304 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:59:09.0625 1304 ProtectedStorage - ok 10:59:09.0625 1304 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:59:09.0625 1304 PSched - ok 10:59:09.0625 1304 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:59:09.0625 1304 Ptilink - ok 10:59:09.0640 1304 ql1080 - ok 10:59:09.0640 1304 Ql10wnt - ok 10:59:09.0640 1304 ql12160 - ok 10:59:09.0640 1304 ql1240 - ok 10:59:09.0640 1304 ql1280 - ok 10:59:09.0640 1304 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:59:09.0640 1304 RasAcd - ok 10:59:09.0671 1304 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 10:59:09.0671 1304 RasAuto - ok 10:59:09.0687 1304 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:59:09.0687 1304 Rasl2tp - ok 10:59:09.0734 1304 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 10:59:09.0734 1304 RasMan - ok 10:59:09.0734 1304 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:59:09.0734 1304 RasPppoe - ok 10:59:09.0734 1304 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:59:09.0734 1304 Raspti - ok 10:59:09.0750 1304 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:59:09.0765 1304 Rdbss - ok 10:59:09.0765 1304 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:59:09.0765 1304 RDPCDD - ok 10:59:09.0765 1304 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:59:09.0765 1304 rdpdr - ok 10:59:09.0796 1304 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 10:59:09.0796 1304 RDPWD - ok 10:59:09.0828 1304 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 10:59:09.0828 1304 RDSessMgr - ok 10:59:09.0843 1304 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:59:09.0843 1304 redbook - ok 10:59:09.0875 1304 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 10:59:09.0875 1304 RemoteAccess - ok 10:59:09.0890 1304 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 10:59:09.0890 1304 RemoteRegistry - ok 10:59:09.0906 1304 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe 10:59:09.0906 1304 RpcLocator - ok 10:59:09.0921 1304 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 10:59:09.0921 1304 RpcSs - ok 10:59:09.0937 1304 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe 10:59:09.0937 1304 RSVP - ok 10:59:09.0968 1304 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 10:59:09.0968 1304 rtl8139 - ok 10:59:09.0968 1304 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:59:09.0968 1304 SamSs - ok 10:59:09.0984 1304 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 10:59:09.0984 1304 SCardSvr - ok 10:59:10.0000 1304 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 10:59:10.0000 1304 Schedule - ok 10:59:10.0015 1304 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:59:10.0015 1304 Secdrv - ok 10:59:10.0015 1304 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 10:59:10.0015 1304 seclogon - ok 10:59:10.0031 1304 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 10:59:10.0031 1304 SENS - ok 10:59:10.0046 1304 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 10:59:10.0046 1304 serenum - ok 10:59:10.0046 1304 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 10:59:10.0046 1304 Serial - ok 10:59:10.0046 1304 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:59:10.0046 1304 Sfloppy - ok 10:59:10.0078 1304 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 10:59:10.0078 1304 SharedAccess - ok 10:59:10.0109 1304 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:59:10.0109 1304 ShellHWDetection - ok 10:59:10.0109 1304 Simbad - ok 10:59:10.0109 1304 Sparrow - ok 10:59:10.0140 1304 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:59:10.0140 1304 splitter - ok 10:59:10.0171 1304 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 10:59:10.0171 1304 Spooler - ok 10:59:10.0187 1304 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 10:59:10.0187 1304 sr - ok 10:59:10.0203 1304 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll 10:59:10.0203 1304 srservice - ok 10:59:10.0234 1304 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:59:10.0234 1304 Srv - ok 10:59:10.0265 1304 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 10:59:10.0265 1304 SSDPSRV - ok 10:59:10.0296 1304 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 10:59:10.0296 1304 ssmdrv - ok 10:59:10.0343 1304 Steam Client Service - ok 10:59:10.0390 1304 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 10:59:10.0390 1304 Suspicious file (Forged): C:\WINDOWS\system32\wiaservc.dll. Real md5: 8bad69cbac032d4bbacfce0306174c30, Fake md5: 6a680d3f5720574f3f9eeb88e19dab17 10:59:10.0390 1304 stisvc ( ForgedFile.Multi.Generic ) - warning 10:59:10.0390 1304 stisvc - detected ForgedFile.Multi.Generic (1) 10:59:10.0406 1304 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:59:10.0406 1304 swenum - ok 10:59:10.0421 1304 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:59:10.0421 1304 swmidi - ok 10:59:10.0421 1304 SwPrv - ok 10:59:10.0421 1304 symc810 - ok 10:59:10.0421 1304 symc8xx - ok 10:59:10.0437 1304 sym_hi - ok 10:59:10.0437 1304 sym_u3 - ok 10:59:10.0437 1304 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:59:10.0453 1304 sysaudio - ok 10:59:10.0468 1304 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 10:59:10.0468 1304 SysmonLog - ok 10:59:10.0531 1304 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 10:59:10.0531 1304 TapiSrv - ok 10:59:10.0562 1304 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:59:10.0562 1304 Tcpip - ok 10:59:10.0578 1304 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:59:10.0578 1304 TDPIPE - ok 10:59:10.0593 1304 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:59:10.0593 1304 TDTCP - ok 10:59:10.0609 1304 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:59:10.0609 1304 TermDD - ok 10:59:10.0656 1304 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 10:59:10.0656 1304 TermService - ok 10:59:10.0687 1304 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:59:10.0703 1304 Themes - ok 10:59:10.0718 1304 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe 10:59:10.0718 1304 TlntSvr - ok 10:59:10.0718 1304 TosIde - ok 10:59:10.0734 1304 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 10:59:10.0734 1304 TrkWks - ok 10:59:10.0765 1304 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:59:10.0781 1304 Udfs - ok 10:59:10.0781 1304 ultra - ok 10:59:10.0812 1304 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:59:10.0812 1304 Update - ok 10:59:10.0828 1304 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 10:59:10.0828 1304 upnphost - ok 10:59:10.0828 1304 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 10:59:10.0828 1304 UPS - ok 10:59:10.0828 1304 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:59:10.0828 1304 usbccgp - ok 10:59:10.0828 1304 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:59:10.0843 1304 usbhub - ok 10:59:10.0843 1304 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 10:59:10.0843 1304 usbohci - ok 10:59:10.0859 1304 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:59:10.0859 1304 usbstor - ok 10:59:10.0859 1304 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:59:10.0859 1304 VgaSave - ok 10:59:10.0859 1304 ViaIde - ok 10:59:10.0859 1304 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 10:59:10.0859 1304 VolSnap - ok 10:59:10.0921 1304 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 10:59:10.0921 1304 VSS - ok 10:59:10.0937 1304 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll 10:59:10.0953 1304 W32Time - ok 10:59:10.0953 1304 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:59:10.0953 1304 Wanarp - ok 10:59:10.0953 1304 WDICA - ok 10:59:10.0984 1304 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:59:10.0984 1304 wdmaud - ok 10:59:11.0000 1304 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 10:59:11.0000 1304 WebClient - ok 10:59:11.0046 1304 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 10:59:11.0046 1304 winmgmt - ok 10:59:11.0078 1304 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll 10:59:11.0078 1304 WmdmPmSN - ok 10:59:11.0125 1304 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 10:59:11.0125 1304 Wmi - ok 10:59:11.0140 1304 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 10:59:11.0140 1304 WmiAcpi - ok 10:59:11.0140 1304 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe 10:59:11.0140 1304 WmiApSrv - ok 10:59:11.0171 1304 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 10:59:11.0171 1304 wscsvc - ok 10:59:11.0203 1304 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 10:59:11.0203 1304 wuauserv - ok 10:59:11.0234 1304 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 10:59:11.0234 1304 WZCSVC - ok 10:59:11.0265 1304 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 10:59:11.0265 1304 xmlprov - ok 10:59:11.0281 1304 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 10:59:11.0546 1304 \Device\Harddisk0\DR0 - ok 10:59:11.0546 1304 Boot (0x1200) (8edc99c902a8ce7f3a063d1f8cffb38d) \Device\Harddisk0\DR0\Partition0 10:59:11.0562 1304 \Device\Harddisk0\DR0\Partition0 - ok 10:59:11.0562 1304 ============================================================ 10:59:11.0562 1304 Scan finished 10:59:11.0562 1304 ============================================================ 10:59:11.0562 3632 Detected object count: 3 10:59:11.0562 3632 Actual detected object count: 3 11:01:20.0703 3632 Ambfilt ( ForgedFile.Multi.Generic ) - skipped by user 11:01:20.0703 3632 Ambfilt ( ForgedFile.Multi.Generic ) - User select action: Skip 11:01:20.0703 3632 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped by user 11:01:20.0703 3632 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip 11:01:20.0703 3632 stisvc ( ForgedFile.Multi.Generic ) - skipped by user 11:01:20.0703 3632 stisvc ( ForgedFile.Multi.Generic ) - User select action: Skip 11:01:39.0406 3504 Deinitialize success
-
Here is the log from MBAM Avira tried updating and was unsuccessful? Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.30.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 :: HARTMAN4FAMILY [administrator] 7/30/2012 10:37:05 AM mbam-log-2012-07-30 (10-37-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 170054 Time elapsed: 1 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0
-
Something very bad is happening! Avira realtime protection stopped working and I using Chrome as my browser constantly crashes. With the tools you had me utilize could they have corrupted my system?
-
Thanks again and I am back - Logfile of random's system information tool 1.09 (written by random/random) Run by Michael at 2012-07-29 19:01:34 Microsoft Windows XP Professional Service Pack 3 System drive C: has 107 GB (81%) free of 131 GB Total RAM: 2046 MB (70% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:01:37 PM, on 7/29/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Steam\Steam.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Michael\My Documents\Downloads\RSIT (1).exe C:\Program Files\trend micro\Michael.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343481156125 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 4772 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1563985344-839522115-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1563985344-839522115-1003UA.job C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Avira SearchFree Toolbar plus Web Protection - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-20 1519824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Avira SearchFree Toolbar plus Web Protection - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-20 1519824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-06-20 1568976] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-05-02 348624] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-03 98304] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-06-06 20065936] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Google Update"=C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-28 116648] "Steam"=C:\Program Files\Steam\Steam.exe [2012-07-28 1242448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2012-07-04 192512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam" "C:\Program Files\Steam\steamapps\common\specops_theline\Binaries\Win32\SpecOpsTheLine.exe"="C:\Program Files\Steam\steamapps\common\specops_theline\Binaries\Win32\SpecOpsTheLine.exe:*:Enabled:Spec Ops: The Line" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2012-07-29 11:24:13 ----D---- C:\WINDOWS\Minidump 2012-07-29 11:15:30 ----D---- C:\TDSSKiller_Quarantine 2012-07-29 11:12:53 ----A---- C:\TDSSKiller.2.7.48.0_29.07.2012_11.12.53_log.txt 2012-07-29 10:37:21 ----A---- C:\TDSSKiller.2.7.48.0_29.07.2012_10.37.21_log.txt 2012-07-29 10:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$ 2012-07-29 10:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2012-07-29 10:28:23 ----D---- C:\WINDOWS\system32\appmgmt 2012-07-29 09:28:02 ----D---- C:\WINDOWS\system32\Lang 2012-07-29 08:57:57 ----D---- C:\Documents and Settings\Michael\Application Data\QuickScan 2012-07-29 08:50:21 ----D---- C:\rsit 2012-07-29 08:50:21 ----D---- C:\Program Files\trend micro 2012-07-29 08:47:45 ----D---- C:\WINDOWS\ERDNT 2012-07-29 08:47:17 ----D---- C:\Program Files\ERUNT 2012-07-28 14:18:36 ----D---- C:\Documents and Settings\Michael\Application Data\SPORE 2012-07-28 14:18:27 ----RHD---- C:\Documents and Settings\Michael\Application Data\SecuROM 2012-07-28 14:18:26 ----A---- C:\WINDOWS\system32\CmdLineExt.dll 2012-07-28 14:17:49 ----D---- C:\WINDOWS\system32\RTCOM 2012-07-28 14:17:43 ----A---- C:\WINDOWS\vncutil.exe 2012-07-28 14:17:43 ----A---- C:\WINDOWS\SOUNDMAN.EXE 2012-07-28 14:17:43 ----A---- C:\WINDOWS\SkyTel.exe 2012-07-28 14:17:42 ----A---- C:\WINDOWS\system32\RtkCoLDRXP.dll 2012-07-28 14:17:42 ----A---- C:\WINDOWS\system32\RtkCoInstIIXP.dll 2012-07-28 14:17:42 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys 2012-07-28 14:17:42 ----A---- C:\WINDOWS\RtlUpd.exe 2012-07-28 14:17:42 ----A---- C:\WINDOWS\RTLCPL.EXE 2012-07-28 14:17:41 ----A---- C:\WINDOWS\system32\drivers\RTAIODAT.DAT 2012-07-28 14:17:41 ----A---- C:\WINDOWS\system32\drivers\Monfilt.sys 2012-07-28 14:17:41 ----A---- C:\WINDOWS\RtkAudioService.exe 2012-07-28 14:17:41 ----A---- C:\WINDOWS\RTHDCPL.EXE 2012-07-28 14:17:41 ----A---- C:\WINDOWS\MicCal.exe 2012-07-28 14:17:40 ----D---- C:\Program Files\Realtek 2012-07-28 14:17:40 ----A---- C:\WINDOWS\system32\drivers\Ambfilt.sys 2012-07-28 14:17:40 ----A---- C:\WINDOWS\ALCWZRD.EXE 2012-07-28 14:17:40 ----A---- C:\WINDOWS\ALCMTR.EXE 2012-07-28 14:17:35 ----A---- C:\WINDOWS\RtlExUpd.dll 2012-07-28 14:17:32 ----D---- C:\Program Files\Common Files\InstallShield 2012-07-28 13:44:00 ----A---- C:\WINDOWS\system32\mucltui.dll 2012-07-28 11:57:38 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2012-07-28 11:57:22 ----HD---- C:\Program Files\InstallShield Installation Information 2012-07-28 11:16:54 ----D---- C:\Program Files\Origin Games 2012-07-28 11:16:53 ----D---- C:\Documents and Settings\All Users\Application Data\Origin 2012-07-28 11:15:53 ----D---- C:\Documents and Settings\Michael\Application Data\Origin 2012-07-28 11:15:52 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts 2012-07-28 11:15:49 ----D---- C:\Program Files\Origin 2012-07-28 10:55:36 ----D---- C:\Program Files\Common Files\Steam 2012-07-28 10:55:35 ----D---- C:\Program Files\Steam 2012-07-28 10:49:38 ----D---- C:\Documents and Settings\Michael\Application Data\ATI 2012-07-28 10:49:38 ----D---- C:\Documents and Settings\All Users\Application Data\ATI 2012-07-28 10:46:14 ----A---- C:\WINDOWS\system32\drivers\splitter.sys 2012-07-28 10:46:13 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys 2012-07-28 10:46:12 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys 2012-07-28 10:46:11 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys 2012-07-28 10:46:09 ----A---- C:\WINDOWS\system32\drivers\aec.sys 2012-07-28 10:46:08 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys 2012-07-28 10:46:07 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys 2012-07-28 10:46:06 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys 2012-07-28 10:46:05 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys 2012-07-28 10:46:04 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys 2012-07-28 10:46:02 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2012-07-28 10:45:59 ----A---- C:\WINDOWS\system32\ksuser.dll 2012-07-28 10:45:59 ----A---- C:\WINDOWS\system32\drivers\portcls.sys 2012-07-28 10:45:59 ----A---- C:\WINDOWS\system32\drivers\drmk.sys 2012-07-28 10:45:58 ----A---- C:\WINDOWS\system32\drivers\AtihdXP3.sys 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\Oemdspif.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\drivers\ati2erec.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ativvamv.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ativva6x.dat 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ativva5x.dat 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ativcoxx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atitvo32.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atipdlxx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atiok3x2.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atioglxx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ATIODE.exe 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ATIODCLI.exe 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atimpc32.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atikvmag.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atiiiexx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atiicdxx.dat 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ATIDDC.DLL 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atibtmon.exe 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atiapfxx.exe 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\atiadlxx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ati2evxx.exe 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ati2evxx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\ati2edxx.dll 2012-07-28 10:45:45 ----A---- C:\WINDOWS\system32\amdpcom32.dll 2012-07-28 10:45:44 ----DC---- C:\WINDOWS\system32\DRVSTORE 2012-07-28 10:44:40 ----RSD---- C:\WINDOWS\assembly 2012-07-28 10:44:28 ----D---- C:\WINDOWS\Microsoft.NET 2012-07-28 10:44:15 ----D---- C:\Program Files\ATI Technologies 2012-07-28 10:44:12 ----D---- C:\Program Files\ATI 2012-07-28 10:43:09 ----D---- C:\AMD 2012-07-28 10:36:46 ----D---- C:\Documents and Settings\Michael\Application Data\Macromedia 2012-07-28 10:36:46 ----D---- C:\Documents and Settings\Michael\Application Data\Adobe 2012-07-28 10:36:08 ----A---- C:\WINDOWS\system32\d3d9caps.dat 2012-07-28 10:17:32 ----D---- C:\Documents and Settings\Michael\Application Data\Malwarebytes 2012-07-28 10:17:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2012-07-28 10:17:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2012-07-28 10:17:20 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2012-07-28 10:16:35 ----D---- C:\Documents and Settings\Michael\Application Data\Avira 2012-07-28 10:12:48 ----D---- C:\Documents and Settings\Michael\Application Data\AskToolbar 2012-07-28 10:05:47 ----D---- C:\Program Files\Ask.com 2012-07-28 10:05:35 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys 2012-07-28 10:05:33 ----D---- C:\Program Files\Avira 2012-07-28 10:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2012-07-28 10:05:33 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys 2012-07-28 10:05:33 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys 2012-07-28 10:05:33 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys 2012-07-28 10:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2012-07-28 09:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$ 2012-07-28 09:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$ 2012-07-28 09:32:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$ 2012-07-28 09:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$ 2012-07-28 09:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$ 2012-07-28 09:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$ 2012-07-28 09:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2699988$ 2012-07-28 09:32:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$ 2012-07-28 09:32:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$ 2012-07-28 09:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$ 2012-07-28 09:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$ 2012-07-28 09:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$ 2012-07-28 09:32:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2695962$ 2012-07-28 09:32:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$ 2012-07-28 09:32:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$ 2012-07-28 09:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$ 2012-07-28 09:31:53 ----D---- C:\WINDOWS\ie8updates 2012-07-28 09:31:45 ----D---- C:\WINDOWS\WBEM 2012-07-28 09:31:01 ----HDC---- C:\WINDOWS\ie8 2012-07-28 09:30:08 ----A---- C:\WINDOWS\system32\MRT.exe 2012-07-28 09:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$ 2012-07-28 09:29:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$ 2012-07-28 09:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$ 2012-07-28 09:29:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$ 2012-07-28 09:29:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$ 2012-07-28 09:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$ 2012-07-28 09:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$ 2012-07-28 09:28:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$ 2012-07-28 09:28:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$ 2012-07-28 09:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$ 2012-07-28 09:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$ 2012-07-28 09:28:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$ 2012-07-28 09:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$ 2012-07-28 09:28:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$ 2012-07-28 09:28:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$ 2012-07-28 09:28:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$ 2012-07-28 09:28:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$ 2012-07-28 09:28:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$ 2012-07-28 09:28:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2544521$ 2012-07-28 09:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$ 2012-07-28 09:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$ 2012-07-28 09:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$ 2012-07-28 09:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$ 2012-07-28 09:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$ 2012-07-28 09:28:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$ 2012-07-28 09:28:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$ 2012-07-28 09:28:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$ 2012-07-28 09:28:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$ 2012-07-28 09:27:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$ 2012-07-28 09:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$ 2012-07-28 09:27:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$ 2012-07-28 09:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$ 2012-07-28 09:27:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$ 2012-07-28 09:27:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$ 2012-07-28 09:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$ 2012-07-28 09:27:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$ 2012-07-28 09:27:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$ 2012-07-28 09:27:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$ 2012-07-28 09:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$ 2012-07-28 09:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$ 2012-07-28 09:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$ 2012-07-28 09:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$ 2012-07-28 09:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$ 2012-07-28 09:27:12 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$ 2012-07-28 09:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$ 2012-07-28 09:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$ 2012-07-28 09:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$ 2012-07-28 09:27:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$ 2012-07-28 09:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$ 2012-07-28 09:26:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$ 2012-07-28 09:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2012-07-28 09:26:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2012-07-28 09:26:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$ 2012-07-28 09:26:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2012-07-28 09:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2012-07-28 09:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2012-07-28 09:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$ 2012-07-28 09:26:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2012-07-28 09:26:33 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2012-07-28 09:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2012-07-28 09:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2012-07-28 09:26:25 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2012-07-28 09:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2012-07-28 09:26:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2012-07-28 09:26:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2012-07-28 09:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2012-07-28 09:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2012-07-28 09:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2012-07-28 09:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2012-07-28 09:26:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2012-07-28 09:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2012-07-28 09:25:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2012-07-28 09:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2012-07-28 09:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2012-07-28 09:25:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2012-07-28 09:25:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2012-07-28 09:25:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2012-07-28 09:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2012-07-28 09:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2012-07-28 09:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2012-07-28 09:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2012-07-28 09:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2012-07-28 09:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2012-07-28 09:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2012-07-28 09:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2012-07-28 09:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2012-07-28 09:25:11 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2012-07-28 09:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2012-07-28 09:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2012-07-28 09:25:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2012-07-28 09:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2012-07-28 09:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2012-07-28 09:24:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2012-07-28 09:24:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2012-07-28 09:24:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2012-07-28 09:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2012-07-28 09:23:24 ----N---- C:\WINDOWS\system32\iacenc.dll 2012-07-28 09:17:25 ----A---- C:\WINDOWS\system32\xpsp4res.dll 2012-07-28 09:16:32 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2012-07-28 09:16:23 ----D---- C:\WINDOWS\system32\PreInstall 2012-07-28 09:16:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2012-07-28 09:16:22 ----HD---- C:\WINDOWS\$hf_mig$ 2012-07-28 09:12:00 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2012-07-28 09:12:00 ----A---- C:\WINDOWS\system32\wups2.dll 2012-07-28 09:09:53 ----D---- C:\WINDOWS\Prefetch 2012-07-28 09:05:57 ----N---- C:\WINDOWS\system32\msxml6r.dll 2012-07-28 09:05:57 ----A---- C:\WINDOWS\system32\msxml6.dll 2012-07-28 09:05:50 ----N---- C:\WINDOWS\system32\smtpapi.dll 2012-07-28 09:05:50 ----N---- C:\WINDOWS\system32\rwnh.dll 2012-07-28 09:05:49 ----N---- C:\WINDOWS\system32\aaclient.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eapsvc.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eapqec.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eappprxy.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eapphost.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eappgnui.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eappcfg.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\eapolqec.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3ui.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3svc.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3msm.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dot3api.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dimsroam.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\credssp.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2012-07-28 09:05:48 ----N---- C:\WINDOWS\system32\azroles.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\mmcperf.exe 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\mmcex.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\kmsvc.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\kbdpash.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2012-07-28 09:05:47 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\verclsid.exe 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\tzchange.exe 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\tspkg.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\tsgqec.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\setupn.exe 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\rasqec.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\qutil.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\qcliprov.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\qagentrt.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\qagent.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\onex.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\napstat.exe 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\napmontr.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\napipsec.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2012-07-28 09:05:46 ----N---- C:\WINDOWS\system32\mssha.dll 2012-07-28 09:05:45 ----N---- C:\WINDOWS\system32\wmphoto.dll 2012-07-28 09:05:45 ----N---- C:\WINDOWS\system32\wlanapi.dll 2012-07-28 09:05:45 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2012-07-28 09:05:45 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2012-07-28 09:05:44 ----N---- C:\WINDOWS\system32\xpsp3res.dll 2012-07-28 09:05:44 ----D---- C:\WINDOWS\system32\scripting 2012-07-28 09:05:44 ----D---- C:\WINDOWS\system32\en-us 2012-07-28 09:05:44 ----A---- C:\WINDOWS\system32\xmllite.dll 2012-07-28 09:05:43 ----D---- C:\WINDOWS\system32\en 2012-07-28 09:05:43 ----D---- C:\WINDOWS\system32\bits 2012-07-28 09:05:43 ----D---- C:\WINDOWS\l2schemas 2012-07-28 09:03:10 ----D---- C:\WINDOWS\network diagnostic 2012-07-28 09:03:09 ----N---- C:\WINDOWS\system32\drivers\hdaudbus.sys 2012-07-28 09:03:08 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys 2012-07-28 09:02:43 ----A---- C:\WINDOWS\005317_.tmp 2012-07-28 08:55:29 ----D---- C:\Program Files\Microsoft Download Manager 2012-07-28 08:43:04 ----D---- C:\WINDOWS\SoftwareDistribution 2012-07-28 08:43:02 ----SD---- C:\WINDOWS\system32\Microsoft 2012-07-28 08:39:13 ----N---- C:\WINDOWS\system32\spiisupd.exe 2012-07-28 08:39:13 ----N---- C:\WINDOWS\system32\drivers\irbus.sys 2012-07-28 08:39:13 ----N---- C:\WINDOWS\system32\comsdupd.exe 2012-07-28 08:39:13 ----N---- C:\WINDOWS\system32\asr_pfu.exe 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\usbehci.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\tunmp.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\smbali.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\siint5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\sffp_sd.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\sffdisk.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\sdbus.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\recagent.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\mssmbios.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ip6fw.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\intelppm.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\http.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\hidir.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\fltmgr.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\bthport.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\amdk7.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\agp440.sys 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2012-07-28 08:39:11 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2012-07-28 08:39:11 ----A---- C:\WINDOWS\system32\drivers\ati2mtag.sys 2012-07-28 08:39:11 ----A---- C:\WINDOWS\system32\ativvaxx.dll 2012-07-28 08:39:11 ----A---- C:\WINDOWS\system32\ati3duag.dll 2012-07-28 08:39:11 ----A---- C:\WINDOWS\system32\ati2dvag.dll 2012-07-28 08:39:11 ----A---- C:\WINDOWS\system32\ati2cqag.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\nv4_disp.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\mssap.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\mspmsnsv.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\msftedit.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\msdadiag.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\mp4sdmod.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\mp43dmod.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\mdmxsdk.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdukx.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdsmsno.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdno1.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdmlt48.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdmlt47.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdmaori.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdinmal.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdinben.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdinbe1.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\kbdfi1.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\hccoin.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\fwcfg.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\fsquirt.exe 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\fltmc.exe 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\fltlib.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\extmgr.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\encdec.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\encapi.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\dxdiagn.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\dsprpres.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\d3d9.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\cmsetacl.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\btpanui.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\bthserv.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\bthci.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\blastcln.exe 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\bitsprx3.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\bitsprx2.dll 2012-07-28 08:39:10 ----N---- C:\WINDOWS\system32\auditusr.exe 2012-07-28 08:39:10 ----A---- C:\WINDOWS\system32\httpapi.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wshbth.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmvdmoe2.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmspdmoe.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmspdmod.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmsdmoe2.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmpdxm.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmpasf.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmp.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmidx.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\wmerror.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\winshfhc.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\winbrand.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\w3ssl.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\twext.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\smbinst.exe 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\slserv.exe 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\slrundll.exe 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\slgen.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\slextspk.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\slcoinst.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\sdhcinst.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\sbeio.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\sbe.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\s3gnb.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\powercfg.exe 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\pnrpnsp.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\p2psvc.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\p2pnetsh.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\p2pgraph.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\p2pgasvc.dll 2012-07-28 08:39:09 ----N---- C:\WINDOWS\system32\p2p.dll 2012-07-28 08:39:09 ----A---- C:\WINDOWS\system32\wscsvc.dll 2012-07-28 08:39:09 ----A---- C:\WINDOWS\system32\wscntfy.exe 2012-07-28 08:39:09 ----A---- C:\WINDOWS\system32\winhttp.dll 2012-07-28 08:39:09 ----A---- C:\WINDOWS\system32\strmfilt.dll 2012-07-28 08:39:08 ----N---- C:\WINDOWS\system32\xpsp1res.dll 2012-07-28 08:39:08 ----N---- C:\WINDOWS\system32\xmlprovi.dll 2012-07-28 08:39:08 ----N---- C:\WINDOWS\system32\xmlprov.dll 2012-07-28 08:39:08 ----N---- C:\WINDOWS\system32\wuaueng1.dll 2012-07-28 08:39:08 ----N---- C:\WINDOWS\system32\wuauclt1.exe 2012-07-28 08:39:08 ----N---- C:\WINDOWS\slrundll.exe 2012-07-28 08:39:08 ----A---- C:\WINDOWS\system32\xpob2res.dll 2012-07-28 08:39:08 ----A---- C:\WINDOWS\system32\wuweb.dll 2012-07-28 08:39:08 ----A---- C:\WINDOWS\system32\wups.dll 2012-07-28 08:39:08 ----A---- C:\WINDOWS\system32\wucltui.dll 2012-07-28 08:39:08 ----A---- C:\WINDOWS\system32\wuapi.dll 2012-07-28 08:39:07 ----D---- C:\WINDOWS\peernet 2012-07-28 08:39:06 ----D---- C:\WINDOWS\provisioning 2012-07-28 08:38:34 ----D---- C:\WINDOWS\ServicePackFiles 2012-07-28 08:37:59 ----N---- C:\WINDOWS\system32\xpsp2res.dll 2012-07-28 08:37:11 ----N---- C:\WINDOWS\system32\spmsg.dll 2012-07-28 08:37:10 ----D---- C:\WINDOWS\system32\ReinstallBackups 2012-07-28 08:37:10 ----A---- C:\WINDOWS\002241_.tmp 2012-07-28 08:37:07 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2012-07-28 08:36:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2012-07-28 08:36:23 ----D---- C:\WINDOWS\EHome 2012-07-28 08:22:27 ----D---- C:\Documents and Settings\Michael\Application Data\U3 2012-07-28 08:22:07 ----SHD---- C:\WINDOWS\Installer 2012-07-28 08:22:05 ----D---- C:\Documents and Settings\Michael\Application Data\Identities 2012-07-28 08:22:04 ----HD---- C:\Program Files\Uninstall Information 2012-07-28 08:22:01 ----SD---- C:\Documents and Settings\Michael\Application Data\Microsoft 2012-07-28 08:22:01 ----ASH---- C:\Documents and Settings\Michael\Application Data\desktop.ini 2012-07-28 08:19:36 ----SHD---- C:\System Volume Information 2012-07-28 08:19:35 ----A---- C:\WINDOWS\SchedLgU.Txt 2012-07-28 08:18:19 ----AS---- C:\WINDOWS\bootstat.dat 2012-07-28 08:17:29 ----D---- C:\WINDOWS\system32\xircom 2012-07-28 08:17:29 ----D---- C:\Program Files\xerox 2012-07-28 08:17:29 ----D---- C:\Program Files\microsoft frontpage 2012-07-28 08:17:21 ----RASH---- C:\MSDOS.SYS 2012-07-28 08:17:21 ----RASH---- C:\IO.SYS 2012-07-28 08:17:21 ----A---- C:\WINDOWS\control.ini 2012-07-28 08:17:21 ----A---- C:\CONFIG.SYS 2012-07-28 08:17:21 ----A---- C:\AUTOEXEC.BAT 2012-07-28 08:17:17 ----A---- C:\WINDOWS\OEWABLog.txt 2012-07-28 08:17:15 ----A---- C:\WINDOWS\system32\mapi32.dll 2012-07-28 08:16:49 ----SD---- C:\WINDOWS\Downloaded Program Files 2012-07-28 08:16:49 ----RD---- C:\WINDOWS\Offline Web Pages 2012-07-28 08:16:35 ----D---- C:\WINDOWS\srchasst 2012-07-28 08:16:30 ----D---- C:\WINDOWS\system32\DirectX 2012-07-28 08:16:29 ----D---- C:\WINDOWS\system32\Macromed 2012-07-28 08:16:20 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2012-07-28 08:16:19 ----A---- C:\WINDOWS\system32\qmgr.dll 2012-07-28 08:16:18 ----D---- C:\Program Files\Movie Maker 2012-07-28 08:16:05 ----A---- C:\WINDOWS\system32\safrslv.dll 2012-07-28 08:16:05 ----A---- C:\WINDOWS\system32\safrdm.dll 2012-07-28 08:16:05 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2012-07-28 08:16:05 ----A---- C:\WINDOWS\system32\racpldlg.dll 2012-07-28 08:16:05 ----A---- C:\WINDOWS\system32\atrace.dll 2012-07-28 08:16:01 ----A---- C:\WINDOWS\system32\desktop.ini 2012-07-28 08:16:01 ----A---- C:\WINDOWS\desktop.ini 2012-07-28 08:15:56 ----D---- C:\WINDOWS\system32\Restore 2012-07-28 08:15:56 ----A---- C:\WINDOWS\system32\srsvc.dll 2012-07-28 08:15:56 ----A---- C:\WINDOWS\system32\srrstr.dll 2012-07-28 08:15:56 ----A---- C:\WINDOWS\system32\srclient.dll 2012-07-28 08:15:56 ----A---- C:\WINDOWS\system32\drivers\sr.sys 2012-07-28 08:15:55 ----D---- C:\Program Files\Windows Media Player 2012-07-28 08:15:55 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2012-07-28 08:15:55 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2012-07-28 08:15:55 ----A---- C:\WINDOWS\system32\ils.dll 2012-07-28 08:15:54 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2012-07-28 08:15:54 ----A---- C:\WINDOWS\system32\msconf.dll 2012-07-28 08:15:54 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2012-07-28 08:15:54 ----A---- C:\WINDOWS\system32\mnmdd.dll 2012-07-28 08:15:51 ----D---- C:\Program Files\NetMeeting 2012-07-28 08:15:50 ----D---- C:\WINDOWS\PCHEALTH 2012-07-28 08:15:50 ----A---- C:\WINDOWS\system32\msoert2.dll 2012-07-28 08:15:50 ----A---- C:\WINDOWS\system32\msoeacct.dll 2012-07-28 08:15:50 ----A---- C:\WINDOWS\system32\acctres.dll 2012-07-28 08:15:49 ----D---- C:\Program Files\Common Files\Services 2012-07-28 08:15:48 ----A---- C:\WINDOWS\system32\inetres.dll 2012-07-28 08:15:48 ----A---- C:\WINDOWS\system32\inetcomm.dll 2012-07-28 08:15:44 ----SD---- C:\WINDOWS\Tasks 2012-07-28 08:15:44 ----D---- C:\Program Files\Outlook Express 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\schedsvc.dll 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\mstinit.exe 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\mstask.dll 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\isign32.dll 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\inetcfg.dll 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\icwphbk.dll 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\icwdial.dll 2012-07-28 08:15:44 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2012-07-28 08:15:42 ----D---- C:\Program Files\Common Files\MSSoap 2012-07-28 08:15:39 ----D---- C:\Program Files\Common Files\System 2012-07-28 08:15:35 ----D---- C:\Program Files\Internet Explorer 2012-07-28 08:15:25 ----A---- C:\WINDOWS\system32\emptyregdb.dat 2012-07-28 08:15:17 ----D---- C:\Program Files\ComPlus Applications 2012-07-28 08:15:16 ----A---- C:\WINDOWS\vbaddin.ini 2012-07-28 08:15:16 ----A---- C:\WINDOWS\vb.ini 2012-07-28 08:15:13 ----D---- C:\WINDOWS\Registration 2012-07-28 08:15:08 ----HD---- C:\Program Files\WindowsUpdate 2012-07-28 08:15:08 ----D---- C:\Program Files\Online Services 2012-07-28 08:15:04 ----D---- C:\Program Files\Messenger 2012-07-28 08:14:53 ----D---- C:\Program Files\MSN 2012-07-28 08:14:44 ----D---- C:\Program Files\MSN Gaming Zone 2012-07-28 08:14:44 ----A---- C:\WINDOWS\system32\write.exe 2012-07-28 08:14:30 ----A---- C:\WINDOWS\system32\accwiz.exe 2012-07-28 08:14:29 ----A---- C:\WINDOWS\system32\sndvol32.exe 2012-07-28 08:14:29 ----A---- C:\WINDOWS\system32\sndrec32.exe 2012-07-28 08:14:29 ----A---- C:\WINDOWS\system32\mplay32.exe 2012-07-28 08:14:28 ----A---- C:\WINDOWS\system32\hypertrm.dll 2012-07-28 08:14:28 ----A---- C:\WINDOWS\system32\hticons.dll 2012-07-28 08:14:27 ----A---- C:\WINDOWS\system32\avwav.dll 2012-07-28 08:14:27 ----A---- C:\WINDOWS\system32\avtapi.dll 2012-07-28 08:14:27 ----A---- C:\WINDOWS\system32\avmeter.dll 2012-07-28 08:14:26 ----D---- C:\Program Files\Windows NT 2012-07-28 08:14:26 ----A---- C:\WINDOWS\system32\winchat.exe 2012-07-28 08:14:23 ----A---- C:\WINDOWS\system32\mspaint.exe 2012-07-28 08:14:15 ----A---- C:\WINDOWS\system32\clipbrd.exe 2012-07-28 08:14:13 ----A---- C:\WINDOWS\system32\getuname.dll 2012-07-28 08:14:12 ----A---- C:\WINDOWS\system32\charmap.exe 2012-07-28 08:14:12 ----A---- C:\WINDOWS\system32\calc.exe 2012-07-28 08:14:11 ----A---- C:\WINDOWS\system32\winmine.exe 2012-07-28 08:14:11 ----A---- C:\WINDOWS\system32\spider.exe 2012-07-28 08:14:11 ----A---- C:\WINDOWS\system32\sol.exe 2012-07-28 08:14:10 ----A---- C:\WINDOWS\system32\mshearts.exe 2012-07-28 08:14:10 ----A---- C:\WINDOWS\system32\freecell.exe 2012-07-28 08:14:09 ----A---- C:\WINDOWS\system32\wuauserv.dll 2012-07-28 08:14:09 ----A---- C:\WINDOWS\system32\wuaueng.dll 2012-07-28 08:14:09 ----A---- C:\WINDOWS\system32\wuauclt.exe 2012-07-28 08:14:09 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys 2012-07-28 08:14:09 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys 2012-07-28 08:14:08 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2012-07-28 08:14:08 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\sessmgr.exe 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\reset.exe 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\remotepg.dll 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\rdshost.exe 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\mstscax.dll 2012-07-28 08:14:07 ----A---- C:\WINDOWS\system32\mstsc.exe 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\tslabels.ini 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\tskill.exe 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\tscupgrd.exe 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\tscon.exe 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\termsrv.dll 2012-07-28 08:14:06 ----A---- C:\WINDOWS\system32\rdchost.dll 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\shadow.exe 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\rwinsta.exe 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\regini.exe 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\rdpclip.exe 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\qwinsta.exe 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\qprocess.exe 2012-07-28 08:14:05 ----A---- C:\WINDOWS\system32\qappsrv.exe 2012-07-28 08:14:04 ----A---- C:\WINDOWS\system32\msg.exe 2012-07-28 08:14:04 ----A---- C:\WINDOWS\system32\logoff.exe 2012-07-28 08:14:04 ----A---- C:\WINDOWS\system32\icaapi.dll 2012-07-28 08:14:03 ----D---- C:\WINDOWS\system32\MsDtc 2012-07-28 08:14:03 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2012-07-28 08:14:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2012-07-28 08:14:03 ----A---- C:\WINDOWS\system32\cdmodem.dll 2012-07-28 08:14:02 ----A---- C:\WINDOWS\system32\mtxoci.dll 2012-07-28 08:14:02 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2012-07-28 08:14:01 ----A---- C:\WINDOWS\system32\xolehlp.dll 2012-07-28 08:14:01 ----A---- C:\WINDOWS\system32\msdtctm.dll 2012-07-28 08:14:01 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2012-07-28 08:14:01 ----A---- C:\WINDOWS\system32\msdtclog.dll 2012-07-28 08:14:01 ----A---- C:\WINDOWS\system32\msdtc.exe 2012-07-28 08:13:58 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2012-07-28 08:13:58 ----A---- C:\WINDOWS\system32\mtxex.dll 2012-07-28 08:13:58 ----A---- C:\WINDOWS\system32\mtxdm.dll 2012-07-28 08:13:58 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2012-07-28 08:13:57 ----D---- C:\WINDOWS\system32\Com 2012-07-28 08:13:57 ----A---- C:\WINDOWS\system32\comrepl.dll 2012-07-28 08:13:57 ----A---- C:\WINDOWS\system32\comaddin.dll 2012-07-28 08:13:57 ----A---- C:\WINDOWS\system32\colbact.dll 2012-07-28 08:13:56 ----A---- C:\WINDOWS\system32\stclient.dll 2012-07-28 08:13:56 ----A---- C:\WINDOWS\system32\clbcatex.dll 2012-07-28 08:13:56 ----A---- C:\WINDOWS\system32\catsrvps.dll 2012-07-28 08:13:55 ----A---- C:\WINDOWS\system32\comsvcs.dll 2012-07-28 08:13:55 ----A---- C:\WINDOWS\system32\catsrvut.dll 2012-07-28 08:13:55 ----A---- C:\WINDOWS\system32\catsrv.dll 2012-07-28 08:13:54 ----A---- C:\WINDOWS\system32\comuid.dll 2012-07-28 08:13:54 ----A---- C:\WINDOWS\system32\comsnap.dll 2012-07-28 08:13:54 ----A---- C:\WINDOWS\system32\clbcatq.dll 2012-07-28 08:13:39 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2012-07-28 08:13:39 ----A---- C:\WINDOWS\system32\servdeps.dll 2012-07-28 08:13:38 ----A---- C:\WINDOWS\system32\mmfutil.dll 2012-07-28 08:13:38 ----A---- C:\WINDOWS\system32\licwmi.dll 2012-07-28 08:13:38 ----A---- C:\WINDOWS\system32\cmprops.dll 2012-07-28 08:13:25 ----A---- C:\WINDOWS\system32\drivers\termdd.sys 2012-07-28 08:13:25 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys 2012-07-28 04:12:13 ----A---- C:\WINDOWS\system32\h323log.txt 2012-07-28 04:09:52 ----A---- C:\WINDOWS\system32\drivers\audstub.sys 2012-07-28 04:09:44 ----A---- C:\WINDOWS\system32\hidserv.dll 2012-07-28 04:09:30 ----A---- C:\WINDOWS\system32\drivers\redbook.sys 2012-07-28 04:09:11 ----A---- C:\WINDOWS\system32\drivers\rtl8139.sys 2012-07-28 04:08:51 ----A---- C:\WINDOWS\system32\usbui.dll 2012-07-28 04:08:50 ----A---- C:\WINDOWS\system32\drivers\wmiacpi.sys 2012-07-28 04:08:20 ----A---- C:\WINDOWS\imsins.BAK 2012-07-28 04:08:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2012-07-28 04:08:17 ----D---- C:\Program Files\Common Files\ODBC 2012-07-28 04:08:17 ----A---- C:\WINDOWS\ODBCINST.INI 2012-07-28 04:08:13 ----D---- C:\Program Files\Common Files\SpeechEngines 2012-07-28 04:08:12 ----RD---- C:\Program Files 2012-07-28 04:08:12 ----D---- C:\Program Files\Common Files\Microsoft Shared 2012-07-28 04:08:12 ----D---- C:\Program Files\Common Files 2012-07-28 04:08:08 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2012-07-28 04:08:08 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2012-07-28 04:08:08 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdur.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdru.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2012-07-28 04:08:04 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2012-07-28 04:08:03 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2012-07-28 04:08:03 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2012-07-28 04:07:59 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2012-07-28 04:07:56 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2012-07-28 04:07:56 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2012-07-28 04:07:55 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2012-07-28 04:07:55 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2012-07-28 04:07:55 ----RA---- C:\WINDOWS\system32\kbdest.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdycl.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdsl1.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdsl.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdro.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdpl1.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdpl.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdhu1.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdhu.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdcz2.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdcz1.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdcz.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\kbdcr.dll 2012-07-28 04:07:51 ----RA---- C:\WINDOWS\system32\KBDAL.DLL 2012-07-28 04:07:47 ----A---- C:\WINDOWS\system32\irclass.dll 2012-07-28 04:07:47 ----A---- C:\WINDOWS\system32\drivers\irenum.sys 2012-07-28 04:07:47 ----A---- C:\WINDOWS\system32\dgsetup.dll 2012-07-28 04:07:47 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2012-07-28 04:07:46 ----A---- C:\WINDOWS\system32\spxcoins.dll 2012-07-28 04:07:46 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2012-07-28 04:07:45 ----A---- C:\WINDOWS\system32\batt.dll 2012-07-28 04:07:41 ----A---- C:\WINDOWS\TASKMAN.EXE 2012-07-28 04:07:41 ----A---- C:\WINDOWS\notepad.exe 2012-07-28 04:07:40 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2012-07-28 04:07:39 ----A---- C:\WINDOWS\system32\storprop.dll 2012-07-28 04:07:35 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2012-07-28 04:07:32 ----RA---- C:\WINDOWS\SET7.tmp 2012-07-28 04:07:29 ----RA---- C:\WINDOWS\SET3.tmp 2012-07-28 04:07:21 ----D---- C:\WINDOWS\system32\CatRoot2 2012-07-28 04:07:21 ----D---- C:\WINDOWS\system32\CatRoot 2012-07-28 04:07:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2012-07-28 04:00:55 ----A---- C:\WINDOWS\setuplog.txt 2012-07-28 04:00:52 ----D---- C:\Documents and Settings 2012-07-28 04:00:51 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT 2012-07-28 03:59:37 ----RASH---- C:\boot.ini 2012-07-28 03:56:52 ----RSHDC---- C:\WINDOWS\system32\dllcache 2012-07-28 03:56:52 ----RSD---- C:\WINDOWS\Fonts 2012-07-28 03:56:52 ----RD---- C:\WINDOWS\Web 2012-07-28 03:56:52 ----HD---- C:\WINDOWS\inf 2012-07-28 03:56:52 ----D---- C:\WINDOWS\WinSxS 2012-07-28 03:56:52 ----D---- C:\WINDOWS\twain_32 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Temp 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\wins 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\wbem 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\usmt 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\spool 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\ShellExt 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\Setup 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\ras 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\oobe 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\npp 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\mui 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\inetsrv 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\IME 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\icsxml 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\ias 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\export 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\drivers\etc 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\drivers\disdn 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\drivers 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\dhcp 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\config 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\3com_dmi 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\3076 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\2052 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1054 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1042 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1041 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1037 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1033 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1031 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1028 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32\1025 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system32 2012-07-28 03:56:52 ----D---- C:\WINDOWS\system 2012-07-28 03:56:52 ----D---- C:\WINDOWS\security 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Resources 2012-07-28 03:56:52 ----D---- C:\WINDOWS\repair 2012-07-28 03:56:52 ----D---- C:\WINDOWS\mui 2012-07-28 03:56:52 ----D---- C:\WINDOWS\msapps 2012-07-28 03:56:52 ----D---- C:\WINDOWS\msagent 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Media 2012-07-28 03:56:52 ----D---- C:\WINDOWS\java 2012-07-28 03:56:52 ----D---- C:\WINDOWS\ime 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Help 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Driver Cache 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Debug 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Cursors 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Connection Wizard 2012-07-28 03:56:52 ----D---- C:\WINDOWS\Config 2012-07-28 03:56:52 ----D---- C:\WINDOWS\AppPatch 2012-07-28 03:56:52 ----D---- C:\WINDOWS\addins 2012-07-28 03:56:52 ----D---- C:\WINDOWS 2012-07-28 03:56:52 ----ASH---- C:\pagefile.sys ======List of files/folders modified in the last 1 month====== 2012-07-28 08:39:30 ----A---- C:\WINDOWS\win.ini 2012-07-28 08:37:54 ----RASH---- C:\NTDETECT.COM 2012-07-28 08:17:09 ----ASH---- C:\WINDOWS\fonts\desktop.ini 2012-07-28 04:08:12 ----A---- C:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-04-27 137928] R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-04-16 36000] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-04-25 83392] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-07-04 7874560] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2012-05-14 103040] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-06-19 6141584] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160] R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 67586287;67586287; C:\WINDOWS\system32\drivers\67586287.sys [] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800] S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224] R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-02 110032] R2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-02 465360] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-07-04 643072] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336] -----------------EOF-----------------
-
FYI - tried to update Windows and got this message "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
-
Sorry - my bad, I did delete the file.
-
Delete is not an option - i can quarantine them?
-
Farbar Service Scanner Version: 26-07-2012 Ran by Michael (administrator) on 29-07-2012 at 11:02:22 Running from "C:\Documents and Settings\Michael\My Documents\Downloads" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. netman Service is not running. Checking service configuration: The start type of netman service is OK. The ImagePath of netman service is OK. The ServiceDll of netman service is OK. Firewall Disabled Policy: ================== ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist. ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist. System Restore: ============ Srservice Service is not running. Checking service configuration: The start type of Srservice service is OK. The ImagePath of Srservice service is OK. The ServiceDll of Srservice: "C:\WINDOWS\System32\srsvc.dll". System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 0x0700000005000000010000000200000003000000040000000600000007000000 IpSec Tag value is correct. **** End of log ****
-
Nothing Found Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.28.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Michael :: HARTMAN4FAMILY [administrator] 7/29/2012 10:51:59 AM mbam-log-2012-07-29 (10-51-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 171312 Time elapsed: 2 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0
-
Got it - here it is: 10:37:21.0796 1788 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 10:37:22.0031 1788 ============================================================ 10:37:22.0031 1788 Current date / time: 2012/07/29 10:37:22.0031 10:37:22.0031 1788 SystemInfo: 10:37:22.0031 1788 10:37:22.0031 1788 OS Version: 5.1.2600 ServicePack: 3.0 10:37:22.0031 1788 Product type: Workstation 10:37:22.0031 1788 ComputerName: HARTMAN4FAMILY 10:37:22.0031 1788 UserName: Michael 10:37:22.0031 1788 Windows directory: C:\WINDOWS 10:37:22.0031 1788 System windows directory: C:\WINDOWS 10:37:22.0031 1788 Processor architecture: Intel x86 10:37:22.0031 1788 Number of processors: 2 10:37:22.0031 1788 Page size: 0x1000 10:37:22.0031 1788 Boot type: Normal boot 10:37:22.0031 1788 ============================================================ 10:37:23.0484 1788 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054 10:37:23.0484 1788 ============================================================ 10:37:23.0484 1788 \Device\Harddisk0\DR0: 10:37:23.0500 1788 MBR partitions: 10:37:23.0500 1788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFF9D41 10:37:23.0500 1788 ============================================================ 10:37:23.0515 1788 C: <-> \Device\Harddisk0\DR0\Partition0 10:37:23.0515 1788 ============================================================ 10:37:23.0515 1788 Initialize success 10:37:23.0515 1788 ============================================================ 10:37:54.0359 0172 ============================================================ 10:37:54.0359 0172 Scan started 10:37:54.0359 0172 Mode: Manual; SigCheck; TDLFS; 10:37:54.0359 0172 ============================================================ 10:37:54.0937 0172 Abiosdsk - ok 10:37:54.0937 0172 abp480n5 - ok 10:37:54.0968 0172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:37:55.0187 0172 ACPI - ok 10:37:55.0203 0172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 10:37:55.0265 0172 ACPIEC - ok 10:37:55.0265 0172 adpu160m - ok 10:37:55.0296 0172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:37:55.0375 0172 aec - ok 10:37:55.0406 0172 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 10:37:55.0437 0172 AFD - ok 10:37:55.0437 0172 Aha154x - ok 10:37:55.0437 0172 aic78u2 - ok 10:37:55.0437 0172 aic78xx - ok 10:37:55.0453 0172 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 10:37:55.0515 0172 Alerter - ok 10:37:55.0546 0172 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 10:37:55.0625 0172 ALG - ok 10:37:55.0625 0172 AliIde - ok 10:37:55.0718 0172 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys 10:37:55.0781 0172 Ambfilt - ok 10:37:55.0843 0172 amsint - ok 10:37:56.0031 0172 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe 10:37:56.0031 0172 AntiVirSchedulerService - ok 10:37:56.0062 0172 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 10:37:56.0062 0172 AntiVirService - ok 10:37:56.0093 0172 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 10:37:56.0093 0172 AntiVirWebService - ok 10:37:56.0140 0172 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 10:37:56.0203 0172 AppMgmt - ok 10:37:56.0203 0172 asc - ok 10:37:56.0203 0172 asc3350p - ok 10:37:56.0203 0172 asc3550 - ok 10:37:56.0390 0172 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 10:37:56.0406 0172 aspnet_state - ok 10:37:56.0421 0172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:37:56.0500 0172 AsyncMac - ok 10:37:56.0531 0172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:37:56.0609 0172 atapi - ok 10:37:56.0609 0172 Atdisk - ok 10:37:56.0671 0172 Ati HotKey Poller (8fdb05aff463cb36be0fd3bc779121cd) C:\WINDOWS\system32\Ati2evxx.exe 10:37:56.0687 0172 Ati HotKey Poller - ok 10:37:57.0062 0172 ati2mtag (175ddf9ae328cb0d8696094fa1346361) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 10:37:57.0234 0172 ati2mtag - ok 10:37:57.0375 0172 AtiHDAudioService (924971a182e07463765ef9fa8876f24f) C:\WINDOWS\system32\drivers\AtihdXP3.sys 10:37:57.0390 0172 AtiHDAudioService - ok 10:37:57.0421 0172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:37:57.0484 0172 Atmarpc - ok 10:37:57.0515 0172 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 10:37:57.0578 0172 AudioSrv - ok 10:37:57.0593 0172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:37:57.0656 0172 audstub - ok 10:37:57.0671 0172 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 10:37:57.0687 0172 avgntflt - ok 10:37:57.0703 0172 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys 10:37:57.0718 0172 avipbb - ok 10:37:57.0734 0172 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 10:37:57.0734 0172 avkmgr - ok 10:37:57.0765 0172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:37:57.0843 0172 Beep - ok 10:37:57.0921 0172 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 10:37:58.0015 0172 BITS - ok 10:37:58.0046 0172 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 10:37:58.0109 0172 Browser - ok 10:37:58.0125 0172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:37:58.0203 0172 cbidf2k - ok 10:37:58.0203 0172 cd20xrnt - ok 10:37:58.0234 0172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:37:58.0312 0172 Cdaudio - ok 10:37:58.0343 0172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:37:58.0406 0172 Cdfs - ok 10:37:58.0406 0172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:37:58.0468 0172 Cdrom - ok 10:37:58.0468 0172 Changer - ok 10:37:58.0468 0172 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\System32\cisvc.exe 10:37:58.0546 0172 cisvc - ok 10:37:58.0546 0172 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 10:37:58.0609 0172 ClipSrv - ok 10:37:58.0796 0172 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:37:58.0812 0172 clr_optimization_v2.0.50727_32 - ok 10:37:58.0812 0172 CmdIde - ok 10:37:58.0812 0172 COMSysApp - ok 10:37:58.0812 0172 Cpqarray - ok 10:37:58.0859 0172 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 10:37:58.0921 0172 CryptSvc - ok 10:37:58.0921 0172 dac2w2k - ok 10:37:58.0921 0172 dac960nt - ok 10:37:58.0968 0172 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 10:37:59.0000 0172 DcomLaunch - ok 10:37:59.0031 0172 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 10:37:59.0093 0172 Dhcp - ok 10:37:59.0125 0172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:37:59.0203 0172 Disk - ok 10:37:59.0203 0172 dmadmin - ok 10:37:59.0265 0172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 10:37:59.0375 0172 dmboot - ok 10:37:59.0375 0172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 10:37:59.0437 0172 dmio - ok 10:37:59.0437 0172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:37:59.0515 0172 dmload - ok 10:37:59.0546 0172 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 10:37:59.0609 0172 dmserver - ok 10:37:59.0625 0172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:37:59.0687 0172 DMusic - ok 10:37:59.0718 0172 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 10:37:59.0734 0172 Dnscache - ok 10:37:59.0812 0172 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 10:37:59.0890 0172 Dot3svc - ok 10:37:59.0890 0172 dpti2o - ok 10:37:59.0906 0172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:37:59.0968 0172 drmkaud - ok 10:38:00.0015 0172 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 10:38:00.0078 0172 EapHost - ok 10:38:00.0093 0172 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 10:38:00.0156 0172 ERSvc - ok 10:38:00.0171 0172 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 10:38:00.0187 0172 Eventlog - ok 10:38:00.0234 0172 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll 10:38:00.0250 0172 EventSystem - ok 10:38:00.0281 0172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:38:00.0359 0172 Fastfat - ok 10:38:00.0390 0172 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:38:00.0406 0172 FastUserSwitchingCompatibility - ok 10:38:00.0421 0172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 10:38:00.0468 0172 Fdc - ok 10:38:00.0484 0172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 10:38:00.0531 0172 Fips - ok 10:38:00.0562 0172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 10:38:00.0640 0172 Flpydisk - ok 10:38:00.0656 0172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 10:38:00.0718 0172 FltMgr - ok 10:38:00.0734 0172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:38:00.0796 0172 Fs_Rec - ok 10:38:00.0796 0172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:38:00.0875 0172 Ftdisk - ok 10:38:00.0906 0172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:38:00.0953 0172 Gpc - ok 10:38:00.0968 0172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:38:01.0046 0172 HDAudBus - ok 10:38:01.0093 0172 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:38:01.0156 0172 helpsvc - ok 10:38:01.0187 0172 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 10:38:01.0234 0172 HidServ - ok 10:38:01.0250 0172 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:38:01.0296 0172 hidusb - ok 10:38:01.0328 0172 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 10:38:01.0390 0172 hkmsvc - ok 10:38:01.0406 0172 hpn - ok 10:38:01.0406 0172 hpt3xx - ok 10:38:01.0437 0172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:38:01.0453 0172 HTTP - ok 10:38:01.0484 0172 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 10:38:01.0562 0172 HTTPFilter - ok 10:38:01.0562 0172 i2omgmt - ok 10:38:01.0562 0172 i2omp - ok 10:38:01.0562 0172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys 10:38:01.0625 0172 i8042prt - ok 10:38:01.0625 0172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys 10:38:01.0687 0172 Imapi - ok 10:38:01.0718 0172 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe 10:38:01.0781 0172 ImapiService - ok 10:38:01.0781 0172 ini910u - ok 10:38:02.0046 0172 IntcAzAudAddService (2f0cc6932b89e5a731465aa5c1e0c785) C:\WINDOWS\system32\drivers\RtkHDAud.sys 10:38:02.0078 0172 Suspicious file (Forged): C:\WINDOWS\system32\drivers\RtkHDAud.sys. Real md5: 2f0cc6932b89e5a731465aa5c1e0c785, Fake md5: 063dd51cbdc37b8668e09148e0a118bc 10:38:02.0093 0172 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning 10:38:02.0093 0172 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1) 10:38:02.0171 0172 IntelIde - ok 10:38:02.0187 0172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:38:02.0250 0172 intelppm - ok 10:38:02.0265 0172 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 10:38:02.0328 0172 ip6fw - ok 10:38:02.0343 0172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:38:02.0421 0172 IpFilterDriver - ok 10:38:02.0437 0172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:38:02.0500 0172 IpInIp - ok 10:38:02.0515 0172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:38:02.0593 0172 IpNat - ok 10:38:02.0625 0172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:38:02.0687 0172 IPSec - ok 10:38:02.0703 0172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:38:02.0765 0172 IRENUM - ok 10:38:02.0796 0172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:38:02.0859 0172 isapnp - ok 10:38:02.0875 0172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:38:02.0953 0172 Kbdclass - ok 10:38:02.0984 0172 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:38:03.0031 0172 kbdhid - ok 10:38:03.0078 0172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:38:03.0140 0172 kmixer - ok 10:38:03.0156 0172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:38:03.0171 0172 KSecDD - ok 10:38:03.0203 0172 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 10:38:03.0218 0172 lanmanserver - ok 10:38:03.0250 0172 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 10:38:03.0281 0172 lanmanworkstation - ok 10:38:03.0281 0172 lbrtfdc - ok 10:38:03.0296 0172 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 10:38:03.0375 0172 LmHosts - ok 10:38:03.0406 0172 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 10:38:03.0468 0172 Messenger - ok 10:38:03.0484 0172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:38:03.0546 0172 mnmdd - ok 10:38:03.0578 0172 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe 10:38:03.0640 0172 mnmsrvc - ok 10:38:03.0656 0172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 10:38:03.0718 0172 Modem - ok 10:38:03.0796 0172 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys 10:38:03.0828 0172 Monfilt - ok 10:38:03.0859 0172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:38:03.0906 0172 Mouclass - ok 10:38:03.0921 0172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:38:04.0000 0172 mouhid - ok 10:38:04.0000 0172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:38:04.0078 0172 MountMgr - ok 10:38:04.0078 0172 mraid35x - ok 10:38:04.0078 0172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:38:04.0140 0172 MRxDAV - ok 10:38:04.0187 0172 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:38:04.0203 0172 MRxSmb - ok 10:38:04.0218 0172 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe 10:38:04.0281 0172 MSDTC - ok 10:38:04.0281 0172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:38:04.0343 0172 Msfs - ok 10:38:04.0343 0172 MSIServer - ok 10:38:04.0375 0172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:38:04.0437 0172 MSKSSRV - ok 10:38:04.0453 0172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:38:04.0515 0172 MSPCLOCK - ok 10:38:04.0515 0172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:38:04.0578 0172 MSPQM - ok 10:38:04.0609 0172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:38:04.0671 0172 mssmbios - ok 10:38:04.0687 0172 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:38:04.0703 0172 Mup - ok 10:38:04.0750 0172 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 10:38:04.0828 0172 napagent - ok 10:38:04.0843 0172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:38:04.0906 0172 NDIS - ok 10:38:04.0921 0172 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:38:04.0953 0172 NdisTapi - ok 10:38:04.0968 0172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:38:05.0015 0172 Ndisuio - ok 10:38:05.0031 0172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:38:05.0078 0172 NdisWan - ok 10:38:05.0093 0172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:38:05.0109 0172 NDProxy - ok 10:38:05.0109 0172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:38:05.0171 0172 NetBIOS - ok 10:38:05.0187 0172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:38:05.0265 0172 NetBT - ok 10:38:05.0296 0172 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 10:38:05.0359 0172 NetDDE - ok 10:38:05.0359 0172 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 10:38:05.0421 0172 NetDDEdsdm - ok 10:38:05.0421 0172 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe 10:38:05.0484 0172 Netlogon - ok 10:38:05.0515 0172 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 10:38:05.0578 0172 Netman - ok 10:38:05.0593 0172 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 10:38:05.0609 0172 Nla - ok 10:38:05.0609 0172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:38:05.0671 0172 Npfs - ok 10:38:05.0703 0172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:38:05.0765 0172 Ntfs - ok 10:38:05.0765 0172 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe 10:38:05.0828 0172 NtLmSsp - ok 10:38:05.0890 0172 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 10:38:05.0968 0172 NtmsSvc - ok 10:38:05.0984 0172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:38:06.0046 0172 Null - ok 10:38:06.0078 0172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:38:06.0140 0172 NwlnkFlt - ok 10:38:06.0156 0172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:38:06.0218 0172 NwlnkFwd - ok 10:38:06.0234 0172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 10:38:06.0312 0172 Parport - ok 10:38:06.0312 0172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:38:06.0375 0172 PartMgr - ok 10:38:06.0390 0172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 10:38:06.0453 0172 ParVdm - ok 10:38:06.0468 0172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 10:38:06.0515 0172 PCI - ok 10:38:06.0515 0172 PCIDump - ok 10:38:06.0531 0172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:38:06.0609 0172 PCIIde - ok 10:38:06.0640 0172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:38:06.0703 0172 Pcmcia - ok 10:38:06.0703 0172 PDCOMP - ok 10:38:06.0703 0172 PDFRAME - ok 10:38:06.0703 0172 PDRELI - ok 10:38:06.0703 0172 PDRFRAME - ok 10:38:06.0703 0172 perc2 - ok 10:38:06.0703 0172 perc2hib - ok 10:38:06.0734 0172 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 10:38:06.0734 0172 PlugPlay - ok 10:38:06.0750 0172 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe 10:38:06.0796 0172 PolicyAgent - ok 10:38:06.0796 0172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:38:06.0859 0172 PptpMiniport - ok 10:38:06.0875 0172 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 10:38:06.0937 0172 Processor - ok 10:38:06.0937 0172 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:38:07.0000 0172 ProtectedStorage - ok 10:38:07.0000 0172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:38:07.0078 0172 PSched - ok 10:38:07.0078 0172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:38:07.0156 0172 Ptilink - ok 10:38:07.0156 0172 ql1080 - ok 10:38:07.0156 0172 Ql10wnt - ok 10:38:07.0171 0172 ql12160 - ok 10:38:07.0171 0172 ql1240 - ok 10:38:07.0171 0172 ql1280 - ok 10:38:07.0187 0172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:38:07.0234 0172 RasAcd - ok 10:38:07.0265 0172 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 10:38:07.0328 0172 RasAuto - ok 10:38:07.0343 0172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:38:07.0421 0172 Rasl2tp - ok 10:38:07.0453 0172 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 10:38:07.0515 0172 RasMan - ok 10:38:07.0515 0172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:38:07.0578 0172 RasPppoe - ok 10:38:07.0578 0172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:38:07.0640 0172 Raspti - ok 10:38:07.0671 0172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:38:07.0734 0172 Rdbss - ok 10:38:07.0750 0172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:38:07.0812 0172 RDPCDD - ok 10:38:07.0828 0172 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:38:07.0890 0172 rdpdr - ok 10:38:07.0937 0172 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 10:38:07.0953 0172 RDPWD - ok 10:38:07.0984 0172 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 10:38:08.0062 0172 RDSessMgr - ok 10:38:08.0093 0172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:38:08.0156 0172 redbook - ok 10:38:08.0187 0172 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 10:38:08.0265 0172 RemoteAccess - ok 10:38:08.0281 0172 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 10:38:08.0328 0172 RemoteRegistry - ok 10:38:08.0343 0172 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe 10:38:08.0390 0172 RpcLocator - ok 10:38:08.0453 0172 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 10:38:08.0453 0172 RpcSs - ok 10:38:08.0484 0172 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe 10:38:08.0562 0172 RSVP - ok 10:38:08.0593 0172 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 10:38:08.0640 0172 rtl8139 - ok 10:38:08.0640 0172 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:38:08.0703 0172 SamSs - ok 10:38:08.0703 0172 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 10:38:08.0765 0172 SCardSvr - ok 10:38:08.0781 0172 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 10:38:08.0843 0172 Schedule - ok 10:38:08.0859 0172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:38:08.0921 0172 Secdrv - ok 10:38:08.0953 0172 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 10:38:09.0015 0172 seclogon - ok 10:38:09.0031 0172 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 10:38:09.0109 0172 SENS - ok 10:38:09.0125 0172 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 10:38:09.0171 0172 serenum - ok 10:38:09.0187 0172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 10:38:09.0265 0172 Serial - ok 10:38:09.0281 0172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:38:09.0328 0172 Sfloppy - ok 10:38:09.0359 0172 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 10:38:09.0421 0172 SharedAccess - ok 10:38:09.0437 0172 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:38:09.0453 0172 ShellHWDetection - ok 10:38:09.0453 0172 Simbad - ok 10:38:09.0453 0172 Sparrow - ok 10:38:09.0468 0172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:38:09.0546 0172 splitter - ok 10:38:09.0562 0172 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 10:38:09.0578 0172 Spooler - ok 10:38:09.0593 0172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 10:38:09.0656 0172 sr - ok 10:38:09.0671 0172 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll 10:38:09.0734 0172 srservice - ok 10:38:09.0750 0172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:38:09.0765 0172 Srv - ok 10:38:09.0781 0172 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 10:38:09.0843 0172 SSDPSRV - ok 10:38:09.0859 0172 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 10:38:09.0875 0172 ssmdrv - ok 10:38:09.0921 0172 Steam Client Service - ok 10:38:09.0984 0172 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 10:38:10.0078 0172 stisvc - ok 10:38:10.0093 0172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:38:10.0171 0172 swenum - ok 10:38:10.0187 0172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:38:10.0250 0172 swmidi - ok 10:38:10.0250 0172 SwPrv - ok 10:38:10.0265 0172 symc810 - ok 10:38:10.0265 0172 symc8xx - ok 10:38:10.0265 0172 sym_hi - ok 10:38:10.0265 0172 sym_u3 - ok 10:38:10.0281 0172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:38:10.0328 0172 sysaudio - ok 10:38:10.0343 0172 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 10:38:10.0421 0172 SysmonLog - ok 10:38:10.0484 0172 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 10:38:10.0531 0172 TapiSrv - ok 10:38:10.0562 0172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:38:10.0578 0172 Tcpip - ok 10:38:10.0609 0172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:38:10.0671 0172 TDPIPE - ok 10:38:10.0671 0172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:38:10.0734 0172 TDTCP - ok 10:38:10.0750 0172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:38:10.0812 0172 TermDD - ok 10:38:10.0875 0172 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 10:38:10.0937 0172 TermService - ok 10:38:10.0984 0172 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:38:10.0984 0172 Themes - ok 10:38:11.0015 0172 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe 10:38:11.0078 0172 TlntSvr - ok 10:38:11.0078 0172 TosIde - ok 10:38:11.0093 0172 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 10:38:11.0156 0172 TrkWks - ok 10:38:11.0187 0172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:38:11.0265 0172 Udfs - ok 10:38:11.0265 0172 ultra - ok 10:38:11.0296 0172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:38:11.0359 0172 Update - ok 10:38:11.0390 0172 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 10:38:11.0468 0172 upnphost - ok 10:38:11.0484 0172 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 10:38:11.0546 0172 UPS - ok 10:38:11.0562 0172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:38:11.0625 0172 usbccgp - ok 10:38:11.0625 0172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:38:11.0687 0172 usbhub - ok 10:38:11.0703 0172 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 10:38:11.0781 0172 usbohci - ok 10:38:11.0796 0172 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:38:11.0859 0172 usbstor - ok 10:38:11.0859 0172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:38:11.0921 0172 VgaSave - ok 10:38:11.0921 0172 ViaIde - ok 10:38:11.0937 0172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 10:38:12.0000 0172 VolSnap - ok 10:38:12.0062 0172 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 10:38:12.0156 0172 VSS - ok 10:38:12.0171 0172 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll 10:38:12.0250 0172 W32Time - ok 10:38:12.0265 0172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:38:12.0343 0172 Wanarp - ok 10:38:12.0343 0172 WDICA - ok 10:38:12.0375 0172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:38:12.0437 0172 wdmaud - ok 10:38:12.0453 0172 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 10:38:12.0515 0172 WebClient - ok 10:38:12.0578 0172 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 10:38:12.0640 0172 winmgmt - ok 10:38:12.0671 0172 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll 10:38:12.0734 0172 WmdmPmSN - ok 10:38:12.0781 0172 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 10:38:12.0828 0172 Wmi - ok 10:38:12.0843 0172 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 10:38:12.0890 0172 WmiAcpi - ok 10:38:12.0906 0172 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe 10:38:12.0984 0172 WmiApSrv - ok 10:38:13.0015 0172 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 10:38:13.0078 0172 wscsvc - ok 10:38:13.0093 0172 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 10:38:13.0156 0172 wuauserv - ok 10:38:13.0203 0172 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 10:38:13.0281 0172 WZCSVC - ok 10:38:13.0296 0172 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 10:38:13.0359 0172 xmlprov - ok 10:38:13.0375 0172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 10:38:13.0656 0172 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 10:38:13.0656 0172 \Device\Harddisk0\DR0 - detected TDSS File System (1) 10:38:13.0656 0172 Boot (0x1200) (8edc99c902a8ce7f3a063d1f8cffb38d) \Device\Harddisk0\DR0\Partition0 10:38:13.0671 0172 \Device\Harddisk0\DR0\Partition0 - ok 10:38:13.0671 0172 ============================================================ 10:38:13.0671 0172 Scan finished 10:38:13.0671 0172 ============================================================ 10:38:13.0781 3352 Detected object count: 2 10:38:13.0781 3352 Actual detected object count: 2 10:42:36.0578 3352 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped by user 10:42:36.0578 3352 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip 10:42:36.0578 3352 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 10:42:36.0578 3352 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
-
Why wont TDSS allow me to copy the report? I can view but cannot do a right click on it to copy it.