Potentailly Malicious IP's blocked...

[metzgermcguire]

Hello,

I just bought a new computer two days ago and already I think its infeced... I need help... Malwarebytes is blocking access to IP's every few minutes to as much as 15 minutes apart... I included the protection logs from the last two days - Malwarebytes scan logs come up empty... but something is trying to access or run in the background...please advise what to do

protection-log-2010-10-07

11:24:40 Monica MESSAGE Protection started successfully

11:24:43 Monica MESSAGE IP Protection started successfully

11:25:36 Monica MESSAGE IP Protection stopped

11:25:37 Monica MESSAGE IP Protection started successfully

11:31:25 Monica MESSAGE Protection started successfully

11:31:28 Monica MESSAGE IP Protection started successfully

11:36:32 Monica IP-BLOCK 89.28.2.247

11:36:40 Monica IP-BLOCK 89.28.6.83

12:02:16 Monica IP-BLOCK 62.45.128.145

12:02:16 Monica IP-BLOCK 62.45.128.145

12:04:17 Monica IP-BLOCK 62.45.128.145

12:07:22 Monica IP-BLOCK 62.45.128.145

12:20:54 Monica MESSAGE Protection started successfully

12:20:57 Monica MESSAGE IP Protection started successfully

12:22:21 Monica MESSAGE IP Protection stopped

12:22:22 Monica MESSAGE IP Protection started successfully

12:22:48 Monica MESSAGE IP Protection stopped

12:22:49 Monica MESSAGE IP Protection started successfully

12:50:02 Monica IP-BLOCK 79.135.153.14

12:50:34 Monica IP-BLOCK 98.126.28.54

14:53:21 Monica IP-BLOCK 89.28.41.217

15:51:28 Monica IP-BLOCK 195.161.149.71

15:54:01 Monica IP-BLOCK 188.130.176.3

15:57:24 Monica IP-BLOCK 68.168.122.234

16:49:02 Monica IP-BLOCK 62.45.187.151

16:49:10 Monica IP-BLOCK 62.45.187.151

16:49:10 Monica IP-BLOCK 190.5.225.105

16:50:30 Monica IP-BLOCK 190.5.225.105

16:51:10 Monica IP-BLOCK 62.45.187.151

16:51:10 Monica IP-BLOCK 190.5.225.105

16:54:07 Monica IP-BLOCK 62.45.187.151

16:54:15 Monica IP-BLOCK 190.5.225.105

17:55:45 Monica IP-BLOCK 94.96.119.143

17:56:41 Monica IP-BLOCK 68.168.126.46

18:04:51 Monica IP-BLOCK 218.9.240.8

18:09:09 Monica IP-BLOCK 94.96.119.143

19:08:00 Monica IP-BLOCK 212.117.170.147

19:08:16 Monica IP-BLOCK 212.117.161.38

19:25:17 Monica MESSAGE Scheduled update executed successfully

19:25:20 Monica MESSAGE Scheduled scan executed successfully

19:25:20 Monica MESSAGE Scheduled scan executed successfully

19:25:46 Monica MESSAGE IP Protection stopped

19:25:49 Monica MESSAGE Database updated successfully

19:25:50 Monica MESSAGE IP Protection started successfully

20:18:33 Monica IP-BLOCK 94.96.62.244

20:23:46 Monica IP-BLOCK 94.96.233.36

21:25:16 Monica IP-BLOCK 218.7.204.15

21:35:45 Monica IP-BLOCK 94.96.38.65

21:36:33 Monica IP-BLOCK 94.96.217.46

21:37:21 Monica IP-BLOCK 89.28.84.248

22:33:29 Monica IP-BLOCK 94.96.110.128

22:33:46 Monica IP-BLOCK 94.96.110.128

22:35:38 Monica IP-BLOCK 94.96.110.128

22:38:50 Monica IP-BLOCK 94.96.110.128

23:25:05 Monica MESSAGE Scheduled update executed successfully

23:25:08 Monica MESSAGE Scheduled scan executed successfully

23:25:32 Monica MESSAGE IP Protection stopped

23:25:35 Monica MESSAGE Database updated successfully

23:25:36 Monica MESSAGE IP Protection started successfully

23:43:59 Monica IP-BLOCK 62.45.164.216

23:44:07 Monica IP-BLOCK 62.45.164.216

23:45:59 Monica IP-BLOCK 62.45.164.216

23:49:03 Monica IP-BLOCK 62.45.164.216

23:49:19 Monica IP-BLOCK 203.93.238.234

protection-log-2010-10-08

00:56:58 Monica IP-BLOCK 58.240.84.67

00:57:22 Monica IP-BLOCK 222.186.223.77

00:57:30 Monica IP-BLOCK 222.186.223.77

00:57:38 Monica IP-BLOCK 222.186.223.77

00:59:54 Monica IP-BLOCK 212.117.173.120

01:00:42 Monica IP-BLOCK 212.113.33.128

01:01:46 Monica IP-BLOCK 212.117.183.20

01:03:07 Monica IP-BLOCK 89.28.10.208

01:03:31 Monica IP-BLOCK 212.117.162.108

02:11:07 Monica IP-BLOCK 212.113.42.8

02:11:55 Monica IP-BLOCK 94.96.160.119

02:12:03 Monica IP-BLOCK 94.96.160.119

02:14:03 Monica IP-BLOCK 94.96.160.119

02:15:07 Monica IP-BLOCK 89.28.117.31

02:16:20 Monica IP-BLOCK 91.188.54.242

02:17:24 Monica IP-BLOCK 94.96.160.119

02:23:00 Monica IP-BLOCK 62.45.248.215

03:17:49 Monica IP-BLOCK 94.96.10.162

03:17:57 Monica IP-BLOCK 94.96.211.177

03:20:09 Monica IP-BLOCK 94.96.211.177

03:20:09 Monica IP-BLOCK 94.96.10.162

03:20:57 Monica IP-BLOCK 94.96.10.162

03:20:57 Monica IP-BLOCK 94.96.211.177

03:23:54 Monica IP-BLOCK 94.96.10.162

03:24:02 Monica IP-BLOCK 94.96.211.177

03:24:26 Monica IP-BLOCK 94.96.157.206

03:26:42 Monica IP-BLOCK 91.188.44.217

03:27:54 Monica IP-BLOCK 94.96.110.128

03:27:54 Monica IP-BLOCK 94.96.77.8

03:28:18 Monica IP-BLOCK 94.96.160.119

03:28:26 Monica IP-BLOCK 94.96.77.8

03:29:22 Monica IP-BLOCK 94.96.110.128

03:29:55 Monica IP-BLOCK 94.96.110.128

03:30:43 Monica IP-BLOCK 94.96.62.132

03:30:51 Monica IP-BLOCK 94.96.77.8

03:30:59 Monica IP-BLOCK 94.96.62.132

03:31:23 Monica IP-BLOCK 94.96.160.119

03:31:31 Monica IP-BLOCK 94.96.77.8

04:27:15 Monica IP-BLOCK 94.96.180.184

04:28:03 Monica IP-BLOCK 94.96.226.198

04:28:03 Monica IP-BLOCK 94.96.9.117

04:28:43 Monica IP-BLOCK 94.96.9.117

04:28:51 Monica IP-BLOCK 94.96.226.198

04:30:03 Monica IP-BLOCK 94.96.226.198

04:30:11 Monica IP-BLOCK 94.96.9.117

04:37:25 Monica IP-BLOCK 94.96.226.198

04:37:41 Monica IP-BLOCK 94.96.9.117

05:35:43 Monica IP-BLOCK 62.45.128.145

05:35:51 Monica IP-BLOCK 62.45.128.145

05:37:35 Monica IP-BLOCK 83.128.33.183

05:37:51 Monica IP-BLOCK 62.45.128.145

05:39:59 Monica IP-BLOCK 89.28.26.33

05:40:47 Monica IP-BLOCK 62.45.128.145

07:25:00 Monica ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007

08:59:04 Monica IP-BLOCK 58.241.135.215

08:59:12 Monica IP-BLOCK 188.65.50.88

08:59:12 Monica IP-BLOCK 212.117.168.131

08:59:45 Monica IP-BLOCK 213.231.5.134

09:13:51 Monica MESSAGE IP Protection stopped

09:13:54 Monica MESSAGE Database updated successfully

09:13:54 Monica MESSAGE IP Protection started successfully

09:59:43 Monica IP-BLOCK 212.117.161.79

10:02:15 Monica IP-BLOCK 95.154.230.76

10:07:51 Monica IP-BLOCK 94.96.93.195

10:57:48 Monica IP-BLOCK 89.28.108.17

11:03:40 Monica IP-BLOCK 222.70.179.204

11:07:08 Monica IP-BLOCK 58.241.141.70

11:13:49 Monica IP-BLOCK 206.53.54.46

protection_log_2010_10_08.txt

protection_log_2010_10_07.txt

[kahdah]

Hello metzgermcguire

Welcome to Malwarebytes.

=====================

• Download OTL to your desktop.
  
• Double click on OTL to run it.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Under Custom scan's and fixes section paste in the below in bold
  

  
  

  netsvcs
  
  
  %SYSTEMDRIVE%\*.*
  
  
  %systemroot%\system32\*.dll /lockedfiles
  
  
  %systemroot%\Tasks\*.job /lockedfiles
  
  
  %systemroot%\system32\drivers\*.sys /90
  
  
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  
  

• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

====================

Please download Rootkit Unhooker and save it to your desktop.

• Double-click RKUnhookerLE.exe to run it.
  
• Click the Report tab, then click Scan
  
• Check Drivers, Stealth Code, Files, and Code Hooks
  
• Uncheck the rest, then click OK
  
• When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  
• Wait till the scanner has finished then go File > Save Report
  
• Save the report somewhere you can find it, typically your desktop. Click Close
  
• Copy the entire contents of the report and paste it in your next reply.
  

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

[metzgermcguire]

Thank you for replying - below are the reports from OTL - I will post a 2nd reply with the 2nd tool's reports... Thanks again so much!

OTL logfile created on: 10/12/2010 8:56:38 AM - Run 1

OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Monica\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free

11.00 Gb Paging File | 9.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 919.43 Gb Total Space | 872.94 Gb Free Space | 94.94% Space Free | Partition Type: NTFS

Drive D: | 11.99 Gb Total Space | 1.43 Gb Free Space | 11.96% Space Free | Partition Type: NTFS

Computer Name: MONICA-WORK | User Name: Monica | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Monica\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Windows Live\Companion\companionuser.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe (BitDefender S.R.L.)

PRC - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)

PRC - C:\Program Files (x86)\FileMaker\FileMaker Pro 11 Advanced\FileMaker Pro Advanced.exe (FileMaker, Inc.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)

PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)

PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)

PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

========== Modules (SafeList) ==========

MOD - C:\Users\Monica\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00054_002\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)

MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00054_002\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)

MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00054_002\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)

MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00054_002\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)

MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00054_002\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)

MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00054_002\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)

MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00054_002\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)

MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00054_002\leaktests.m32 (BitDefender SRL)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (Updatesrv) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.)

SRV:64bit: - (Update Server) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)

SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)

DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)

DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)

DRV:64bit: - (Bdfndisf) -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys (BitDefender)

DRV:64bit: - (BDFM) -- C:\Windows\SysNative\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (Bdvedisk) -- C:\Windows\SysNative\drivers\bdvedisk.sys (BitDefender)

DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)

DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/07/30 20:23:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/06 16:45:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2010/10/07 11:02:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2010/10/07 10:49:02 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)

O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)

O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ietoolbar.dll (BitDefender S.R.L.)

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [bDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)

O4:64bit: - HKLM..\Run: [bitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)

O4 - HKLM..\Run: [bitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe (BitDefender S.R.L.)

O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()

O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)

O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.226 68.87.73.242

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/12 08:55:24 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Monica\Desktop\OTL.exe

[2010/10/07 19:12:05 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\HP Support Assistant

[2010/10/07 16:23:26 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\HpUpdate

[2010/10/07 14:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications

[2010/10/07 12:26:33 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\FileMaker Pro Advanced

[2010/10/07 12:24:02 | 000,000,000 | ---D | C] -- C:\Users\Monica\Desktop\FMPA_Updater

[2010/10/07 12:22:45 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\FileMaker

[2010/10/07 11:47:10 | 000,000,000 | ---D | C] -- C:\Users\Monica\Documents\My Received Files

[2010/10/07 11:40:43 | 000,000,000 | ---D | C] -- C:\Users\Monica\Desktop\pictures for database

[2010/10/07 11:39:45 | 000,000,000 | ---D | C] -- C:\Users\Monica\Desktop\PDF's

[2010/10/07 11:39:29 | 000,000,000 | ---D | C] -- C:\Users\Monica\Desktop\Monica

[2010/10/07 11:38:08 | 000,000,000 | R--D | C] -- C:\Users\Monica\Desktop\MASTER MM FILES

[2010/10/07 11:37:47 | 000,000,000 | ---D | C] -- C:\Users\Monica\Desktop\LasVegas2010

[2010/10/07 11:37:47 | 000,000,000 | ---D | C] -- C:\Users\Monica\Desktop\Kimball Jenkins

[2010/10/07 11:37:38 | 000,000,000 | ---D | C] -- C:\Users\Monica\Desktop\Excel Files

[2010/10/07 11:37:33 | 000,000,000 | ---D | C] -- C:\Users\Monica\Desktop\Sales Report 2010

[2010/10/07 11:36:58 | 000,000,000 | ---D | C] -- C:\Users\Monica\Desktop\Pref. Letters

[2010/10/07 11:33:21 | 000,000,000 | ---D | C] -- C:\Users\Monica\Desktop\ALL SPECS

[2010/10/07 11:22:39 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\Malwarebytes

[2010/10/07 11:22:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/10/07 11:22:32 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/10/07 11:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/10/07 11:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/10/07 11:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/10/07 11:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010/10/07 11:18:46 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\Apple

[2010/10/07 11:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2010/10/07 11:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2010/10/07 11:17:29 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\Leadertech

[2010/10/07 11:16:13 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\FileMaker

[2010/10/07 11:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileMaker

[2010/10/07 10:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch

[2010/10/07 10:57:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/10/07 10:49:01 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\BitDefender

[2010/10/07 10:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP

[2010/10/07 10:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap

[2010/10/07 10:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender

[2010/10/07 10:40:11 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\QuickScan

[2010/10/07 10:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender

[2010/10/07 10:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender

[2010/10/07 10:40:00 | 000,388,168 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys

[2010/10/07 09:39:36 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2010/10/07 09:34:32 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\SoftGrid Client

[2010/10/07 09:34:32 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\SoftGrid Client

[2010/10/07 09:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/10/07 09:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client

[2010/10/07 09:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2010/10/07 09:33:46 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\TP

[2010/10/07 09:09:26 | 000,000,000 | ---D | C] -- C:\Users\Monica\Tracing

[2010/10/07 09:08:37 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\Windows Live Writer

[2010/10/07 09:08:37 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\Windows Live Writer

[2010/10/07 09:04:43 | 000,000,000 | ---D | C] -- C:\Windows\en

[2010/10/07 09:02:21 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys

[2010/10/07 09:02:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2010/10/07 09:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/10/07 09:01:04 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll

[2010/10/07 09:01:04 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll

[2010/10/07 09:01:03 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll

[2010/10/07 09:01:03 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll

[2010/10/07 09:00:02 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll

[2010/10/07 09:00:02 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll

[2010/10/07 09:00:02 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll

[2010/10/07 09:00:02 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll

[2010/10/07 08:59:21 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2010/10/07 08:59:21 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2010/10/07 08:59:21 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2010/10/07 08:59:21 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll

[2010/10/07 08:59:21 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2010/10/07 08:59:20 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll

[2010/10/07 08:59:20 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll

[2010/10/07 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\Windows Live

[2010/10/07 04:01:29 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/10/07 04:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\AppData\Local\Temporary Internet Files

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\Templates

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\Start Menu

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\SendTo

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\Recent

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\PrintHood

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\NetHood

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\Documents\My Videos

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\Documents\My Pictures

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\Documents\My Music

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\My Documents

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\Local Settings

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\AppData\Local\History

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\Cookies

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\Application Data

[2010/10/07 04:00:17 | 000,000,000 | -HSD | C] -- C:\Users\Monica\AppData\Local\Application Data

[2010/10/07 04:00:16 | 000,000,000 | --SD | C] -- C:\Users\Monica\AppData\Roaming\Microsoft

[2010/10/07 04:00:16 | 000,000,000 | R--D | C] -- C:\Users\Monica\Videos

[2010/10/07 04:00:16 | 000,000,000 | R--D | C] -- C:\Users\Monica\Saved Games

[2010/10/07 04:00:16 | 000,000,000 | R--D | C] -- C:\Users\Monica\Pictures

[2010/10/07 04:00:16 | 000,000,000 | R--D | C] -- C:\Users\Monica\Music

[2010/10/07 04:00:16 | 000,000,000 | R--D | C] -- C:\Users\Monica\Links

[2010/10/07 04:00:16 | 000,000,000 | R--D | C] -- C:\Users\Monica\Favorites

[2010/10/07 04:00:16 | 000,000,000 | R--D | C] -- C:\Users\Monica\Downloads

[2010/10/07 04:00:16 | 000,000,000 | R--D | C] -- C:\Users\Monica\My Documents

[2010/10/07 04:00:16 | 000,000,000 | R--D | C] -- C:\Users\Monica\Desktop

[2010/10/07 04:00:16 | 000,000,000 | -H-D | C] -- C:\Users\Monica\AppData

[2010/10/07 04:00:16 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\Temp

[2010/10/07 04:00:16 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\Microsoft

[2010/10/07 04:00:16 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\Media Center Programs

[2010/10/07 04:00:16 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\Macromedia

[2010/10/07 04:00:16 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\HuluDesktop

[2010/10/06 16:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2010/10/06 16:49:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2010/10/06 16:49:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2010/10/06 16:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2010/10/06 16:43:46 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\WindowsUpdate

[2010/10/06 16:23:11 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2010/10/06 16:23:11 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2010/10/06 16:23:11 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe

[2010/10/06 16:23:11 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe

[2010/10/06 16:23:11 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/10/06 16:23:11 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll

[2010/10/06 16:23:11 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll

[2010/10/06 16:23:11 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll

[2010/10/06 16:20:29 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2010/10/06 16:20:23 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010/10/06 16:20:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010/10/06 16:20:22 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2010/10/06 16:20:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2010/10/06 16:20:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2010/10/06 16:20:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2010/10/06 16:20:21 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2010/10/06 16:20:18 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2010/10/06 16:20:18 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2010/10/06 16:20:18 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2010/10/06 16:20:17 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010/10/06 16:20:17 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010/10/06 16:20:17 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2010/10/06 16:20:17 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010/10/06 16:20:17 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2010/10/06 16:20:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010/10/06 16:20:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2010/10/06 16:20:04 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2010/10/06 16:20:03 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2010/10/06 16:20:03 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll

[2010/10/06 16:20:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll

[2010/10/06 16:20:02 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll

[2010/10/06 16:18:11 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2010/10/06 16:18:11 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2010/10/06 16:18:11 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2010/10/06 16:18:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2010/10/06 16:14:22 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\Adobe

[2010/10/06 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\ATI

[2010/10/06 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\ATI

[2010/10/06 16:11:39 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\PictureMover

[2010/10/06 16:10:39 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\PDFC

[2010/10/06 16:10:29 | 000,000,000 | R--D | C] -- C:\Users\Monica\Searches

[2010/10/06 16:10:29 | 000,000,000 | -H-D | C] -- C:\Users\Monica\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2010/10/06 16:10:23 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\Identities

[2010/10/06 16:10:22 | 000,000,000 | R--D | C] -- C:\Users\Monica\Contacts

[2010/10/06 16:10:20 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\VirtualStore

[2010/10/06 16:09:42 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Local\Hewlett-Packard

[2010/10/06 16:02:43 | 000,000,000 | ---D | C] -- C:\Users\Monica\AppData\Roaming\Hewlett-Packard

[2010/10/06 16:01:54 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll

[2010/10/06 16:01:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll

[2010/10/06 16:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2010/09/23 00:32:56 | 000,301,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

========== Files - Modified Within 30 Days ==========

[2010/10/12 08:55:34 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Monica\Desktop\OTL.exe

[2010/10/12 08:53:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/12 08:53:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/12 08:52:43 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/10/12 08:52:43 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/10/12 08:52:43 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/10/12 08:51:06 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMonica.job

[2010/10/12 08:46:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/12 08:46:14 | 334,979,071 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/10 01:59:41 | 000,000,570 | ---- | M] () -- C:\Windows\tasks\BitDefender Online Backup - monicamckinney@metzgermcguire.com.job

[2010/10/08 15:26:59 | 000,123,757 | ---- | M] () -- C:\Users\Monica\Documents\articlestilloct8.docx

[2010/10/07 11:16:57 | 000,001,438 | ---- | M] () -- C:\Users\Public\Desktop\FileMaker Pro Advanced.lnk

[2010/10/07 11:16:57 | 000,001,358 | ---- | M] () -- C:\Users\Monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch FileMaker Pro Advanced.lnk

[2010/10/07 10:58:04 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/10/07 10:53:28 | 000,112,871 | ---- | M] () -- C:\ProgramData\bdinstall.bin

[2010/10/07 10:50:02 | 000,000,415 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml

[2010/10/07 10:49:04 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Total Security 2011.lnk

[2010/10/07 09:38:43 | 000,013,180 | ---- | M] () -- C:\Users\Monica\Documents\Monica McKinneysignature.docx

[2010/10/07 06:59:07 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2010/10/07 06:59:07 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2010/10/07 04:00:22 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_53316J G D_p6620f_Y53316J G D_0U_Q4CE031_E1007301550 DPS_4A_I2AB1_SFOXCONN_VDVT_6.02_T100721_WU3-0_L409_M5888_J1000_7AMD_8F42_92.80_#101007_N18143090;10EC8136_(BM419AA#ABA)_X_CD

3_Z_2_G10029710.MRK

[2010/10/07 04:00:22 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_53316J G D_p6620f_Y53316J G D_0U_Q4CE031_E1007301550 DPS_4A_I2AB1_SFOXCONN_VDVT_6.02_T100721_WU3-0_L409_M5888_J1000_7AMD_8F42_92.80_#101007_N18143090;10EC8136_(BM419AA#ABA)_X_CD

3_Z_2_G10029710.MRK

[2010/10/06 16:33:05 | 000,285,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/10/06 16:14:18 | 000,001,435 | ---- | M] () -- C:\Users\Monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/06 16:01:51 | 000,000,020 | ---- | M] () -- C:\Windows\

[metzgermcguire]

I cant get the Rootkit tool to install... it keeps telling me error in loading driver NTSTATUS 0xC000036B, program integrity damaged... not sure what to do from here... please help!

-MetzgerMcGuire

Hello metzgermcguire

Welcome to Malwarebytes.

=====================

• Download OTL to your desktop.
  
• Double click on OTL to run it.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Under Custom scan's and fixes section paste in the below in bold
  

  
  

  netsvcs
  
  
  %SYSTEMDRIVE%\*.*
  
  
  %systemroot%\system32\*.dll /lockedfiles
  
  
  %systemroot%\Tasks\*.job /lockedfiles
  
  
  %systemroot%\system32\drivers\*.sys /90
  
  
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  
  

• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

====================

Please download Rootkit Unhooker and save it to your desktop.

• Double-click RKUnhookerLE.exe to run it.
  
• Click the Report tab, then click Scan
  
• Check Drivers, Stealth Code, Files, and Code Hooks
  
• Uncheck the rest, then click OK
  
• When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  
• Wait till the scanner has finished then go File > Save Report
  
• Save the report somewhere you can find it, typically your desktop. Click Close
  
• Copy the entire contents of the report and paste it in your next reply.
  

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

[kahdah]

That is ok it is because it is a x64 bit operating system.

Are you connected via a router?

[metzgermcguire]

Yes, I am connected via router....

-MM

That is ok it is because it is a x64 bit operating system.

Are you connected via a router?

[metzgermcguire]

Yes, I am connected via router....

-MM

That is ok it is because it is a x64 bit operating system.

Are you connected via a router?

[kahdah]

Can you temporarily disconnect from the router and plug directly into the modem and see if the alerts stop?

If so give that a shot and let me know.

[metzgermcguire]

Hello again,

Sorry I did not respond yesterday, I was not with my computer. This morning I disconnected the router, however the computer is still blocking potentially malicious IP's... If I am not mistaken, my computer is networked in thru a direct line to the wall (no more router in my office) but when I go and look at our network infrastructure, all ethernet lines from within our network go into a linksys router, and then to the modem (comcast)....

-MM

Can you temporarily disconnect from the router and plug directly into the modem and see if the alerts stop?

If so give that a shot and let me know.

[metzgermcguire]

Also, I am not sure if this makes a difference or not but the IP's being blocked are from Chinca, Luxemborg, Moldova, Canada, Ukraine, Netherlands, Panama, etc....

MM

Can you temporarily disconnect from the router and plug directly into the modem and see if the alerts stop?

If so give that a shot and let me know.

[kahdah]

Ok.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[metzgermcguire]

No infection found.....

2010/10/14 14:19:28.0168 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/14 14:19:28.0168 ================================================================================

2010/10/14 14:19:28.0168 SystemInfo:

2010/10/14 14:19:28.0168

2010/10/14 14:19:28.0168 OS Version: 6.1.7600 ServicePack: 0.0

2010/10/14 14:19:28.0168 Product type: Workstation

2010/10/14 14:19:28.0168 ComputerName: MONICA-WORK

2010/10/14 14:19:28.0168 UserName: Monica

2010/10/14 14:19:28.0168 Windows directory: C:\Windows

2010/10/14 14:19:28.0168 System windows directory: C:\Windows

2010/10/14 14:19:28.0168 Running under WOW64

2010/10/14 14:19:28.0168 Processor architecture: Intel x64

2010/10/14 14:19:28.0168 Number of processors: 4

2010/10/14 14:19:28.0168 Page size: 0x1000

2010/10/14 14:19:28.0168 Boot type: Normal boot

2010/10/14 14:19:28.0168 ================================================================================

2010/10/14 14:19:28.0168 Utility is running under WOW64

2010/10/14 14:19:28.0355 Initialize success

Ok.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[kahdah]

Hi that did not complete please run it once more and post the new log.

[metzgermcguire]

okay, will do

[metzgermcguire]

Sorry about that... here is the completed scan results

2010/10/14 14:27:49.0334 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/14 14:27:49.0334 ================================================================================

2010/10/14 14:27:49.0334 SystemInfo:

2010/10/14 14:27:49.0334

2010/10/14 14:27:49.0334 OS Version: 6.1.7600 ServicePack: 0.0

2010/10/14 14:27:49.0334 Product type: Workstation

2010/10/14 14:27:49.0334 ComputerName: MONICA-WORK

2010/10/14 14:27:49.0334 UserName: Monica

2010/10/14 14:27:49.0334 Windows directory: C:\Windows

2010/10/14 14:27:49.0334 System windows directory: C:\Windows

2010/10/14 14:27:49.0334 Running under WOW64

2010/10/14 14:27:49.0334 Processor architecture: Intel x64

2010/10/14 14:27:49.0334 Number of processors: 4

2010/10/14 14:27:49.0334 Page size: 0x1000

2010/10/14 14:27:49.0334 Boot type: Normal boot

2010/10/14 14:27:49.0334 ================================================================================

2010/10/14 14:27:49.0334 Utility is running under WOW64

2010/10/14 14:27:49.0521 Initialize success

2010/10/14 14:27:51.0221 ================================================================================

2010/10/14 14:27:51.0221 Scan started

2010/10/14 14:27:51.0221 Mode: Manual;

2010/10/14 14:27:51.0221 ================================================================================

2010/10/14 14:27:52.0407 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/10/14 14:27:52.0469 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2010/10/14 14:27:52.0485 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/10/14 14:27:52.0547 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/10/14 14:27:52.0578 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2010/10/14 14:27:52.0594 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2010/10/14 14:27:52.0625 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2010/10/14 14:27:52.0688 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2010/10/14 14:27:52.0703 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2010/10/14 14:27:52.0766 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2010/10/14 14:27:52.0812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2010/10/14 14:27:53.0000 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/10/14 14:27:53.0046 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys

2010/10/14 14:27:53.0062 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2010/10/14 14:27:53.0093 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys

2010/10/14 14:27:53.0109 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/10/14 14:27:53.0140 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys

2010/10/14 14:27:53.0156 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2010/10/14 14:27:53.0171 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2010/10/14 14:27:53.0187 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2010/10/14 14:27:53.0202 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/10/14 14:27:53.0265 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2010/10/14 14:27:53.0327 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys

2010/10/14 14:27:53.0390 avc3 (d6ad5a019a914616c7a702c00149283a) C:\Windows\system32\DRIVERS\avc3.sys

2010/10/14 14:27:53.0452 avckf (4598404e09f7bc80c53100c560b8c67e) C:\Windows\system32\DRIVERS\avckf.sys

2010/10/14 14:27:53.0499 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2010/10/14 14:27:53.0514 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/10/14 14:27:53.0592 BDFM (57a812537b752e2b0409576120183e4f) C:\Windows\system32\DRIVERS\bdfm.sys

2010/10/14 14:27:53.0717 Bdfndisf (d177dd0cd545808f53373683e90b1450) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys

2010/10/14 14:27:53.0780 bdfsfltr (fd25d9e7054a422bd9a4c6540b2b8290) C:\Windows\system32\DRIVERS\bdfsfltr.sys

2010/10/14 14:27:53.0811 bdfwfpf (fe0fd0fe565cde7df9b7b4109b926ea1) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys

2010/10/14 14:27:53.0842 Bdvedisk (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys

2010/10/14 14:27:53.0873 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2010/10/14 14:27:53.0936 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/10/14 14:27:53.0998 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2010/10/14 14:27:54.0045 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/10/14 14:27:54.0060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/10/14 14:27:54.0107 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2010/10/14 14:27:54.0123 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/10/14 14:27:54.0154 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/10/14 14:27:54.0170 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/10/14 14:27:54.0201 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/10/14 14:27:54.0232 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/10/14 14:27:54.0279 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2010/10/14 14:27:54.0326 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2010/10/14 14:27:54.0357 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2010/10/14 14:27:54.0388 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/10/14 14:27:54.0404 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2010/10/14 14:27:54.0419 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2010/10/14 14:27:54.0435 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2010/10/14 14:27:54.0450 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/10/14 14:27:54.0466 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/10/14 14:27:54.0528 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2010/10/14 14:27:54.0544 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2010/10/14 14:27:54.0560 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2010/10/14 14:27:54.0591 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2010/10/14 14:27:54.0622 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2010/10/14 14:27:54.0716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2010/10/14 14:27:54.0794 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2010/10/14 14:27:54.0809 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2010/10/14 14:27:54.0856 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2010/10/14 14:27:54.0872 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2010/10/14 14:27:54.0903 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2010/10/14 14:27:54.0965 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2010/10/14 14:27:54.0996 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2010/10/14 14:27:55.0028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/10/14 14:27:55.0059 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2010/10/14 14:27:55.0090 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2010/10/14 14:27:55.0152 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

2010/10/14 14:27:55.0168 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2010/10/14 14:27:55.0215 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2010/10/14 14:27:55.0246 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/10/14 14:27:55.0277 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2010/10/14 14:27:55.0340 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2010/10/14 14:27:55.0355 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/10/14 14:27:55.0371 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/10/14 14:27:55.0371 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2010/10/14 14:27:55.0386 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2010/10/14 14:27:55.0402 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2010/10/14 14:27:55.0464 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/10/14 14:27:55.0496 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2010/10/14 14:27:55.0511 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2010/10/14 14:27:55.0527 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/10/14 14:27:55.0558 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/10/14 14:27:55.0605 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2010/10/14 14:27:55.0667 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys

2010/10/14 14:27:55.0698 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2010/10/14 14:27:55.0745 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2010/10/14 14:27:55.0761 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/10/14 14:27:55.0792 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/10/14 14:27:55.0808 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2010/10/14 14:27:55.0839 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2010/10/14 14:27:55.0870 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2010/10/14 14:27:55.0901 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/10/14 14:27:55.0917 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/10/14 14:27:55.0917 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/10/14 14:27:55.0948 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2010/10/14 14:27:55.0995 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2010/10/14 14:27:56.0010 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2010/10/14 14:27:56.0073 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2010/10/14 14:27:56.0120 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/10/14 14:27:56.0151 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/10/14 14:27:56.0182 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/10/14 14:27:56.0229 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/10/14 14:27:56.0244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2010/10/14 14:27:56.0307 MBAMProtector (e330051cce41eb4522e5dcebc15adcea) C:\Windows\system32\drivers\mbam.sys

2010/10/14 14:27:56.0354 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2010/10/14 14:27:56.0400 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/10/14 14:27:56.0416 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2010/10/14 14:27:56.0478 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2010/10/14 14:27:56.0494 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2010/10/14 14:27:56.0525 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2010/10/14 14:27:56.0556 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2010/10/14 14:27:56.0603 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2010/10/14 14:27:56.0650 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2010/10/14 14:27:56.0681 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2010/10/14 14:27:56.0712 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/10/14 14:27:56.0744 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/10/14 14:27:56.0759 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/10/14 14:27:56.0790 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2010/10/14 14:27:56.0837 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2010/10/14 14:27:56.0853 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2010/10/14 14:27:56.0884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2010/10/14 14:27:56.0884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/10/14 14:27:56.0915 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2010/10/14 14:27:56.0931 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/10/14 14:27:56.0946 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2010/10/14 14:27:56.0962 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2010/10/14 14:27:56.0978 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/10/14 14:27:56.0993 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2010/10/14 14:27:56.0993 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/10/14 14:27:57.0009 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2010/10/14 14:27:57.0056 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2010/10/14 14:27:57.0087 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2010/10/14 14:27:57.0102 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/10/14 14:27:57.0149 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/10/14 14:27:57.0196 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/10/14 14:27:57.0258 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/10/14 14:27:57.0290 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2010/10/14 14:27:57.0305 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2010/10/14 14:27:57.0336 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2010/10/14 14:27:57.0414 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys

2010/10/14 14:27:57.0461 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/10/14 14:27:57.0524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2010/10/14 14:27:57.0555 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2010/10/14 14:27:57.0617 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys

2010/10/14 14:27:57.0633 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2010/10/14 14:27:57.0664 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys

2010/10/14 14:27:57.0680 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys

2010/10/14 14:27:57.0695 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/10/14 14:27:57.0742 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/10/14 14:27:57.0820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2010/10/14 14:27:57.0836 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2010/10/14 14:27:57.0898 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2010/10/14 14:27:57.0929 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2010/10/14 14:27:57.0960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/10/14 14:27:57.0976 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2010/10/14 14:27:58.0023 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2010/10/14 14:27:58.0116 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2010/10/14 14:27:58.0132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2010/10/14 14:27:58.0179 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2010/10/14 14:27:58.0226 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2010/10/14 14:27:58.0241 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/10/14 14:27:58.0350 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2010/10/14 14:27:58.0428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2010/10/14 14:27:58.0475 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/10/14 14:27:58.0506 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/10/14 14:27:58.0538 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/10/14 14:27:58.0553 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2010/10/14 14:27:58.0569 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2010/10/14 14:27:58.0584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/10/14 14:27:58.0616 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/10/14 14:27:58.0631 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2010/10/14 14:27:58.0662 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2010/10/14 14:27:58.0694 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2010/10/14 14:27:58.0725 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2010/10/14 14:27:58.0756 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2010/10/14 14:27:58.0803 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

2010/10/14 14:27:58.0834 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/10/14 14:27:58.0850 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2010/10/14 14:27:58.0912 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/10/14 14:27:58.0959 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2010/10/14 14:27:58.0990 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2010/10/14 14:27:59.0037 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2010/10/14 14:27:59.0084 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/10/14 14:27:59.0146 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/10/14 14:27:59.0177 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/10/14 14:27:59.0193 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/10/14 14:27:59.0271 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys

2010/10/14 14:27:59.0333 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys

2010/10/14 14:27:59.0349 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys

2010/10/14 14:27:59.0380 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys

2010/10/14 14:27:59.0427 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/10/14 14:27:59.0442 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/10/14 14:27:59.0458 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2010/10/14 14:27:59.0489 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2010/10/14 14:27:59.0552 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

2010/10/14 14:27:59.0598 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

2010/10/14 14:27:59.0645 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

2010/10/14 14:27:59.0661 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2010/10/14 14:27:59.0708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2010/10/14 14:27:59.0801 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2010/10/14 14:27:59.0879 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2010/10/14 14:27:59.0910 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2010/10/14 14:27:59.0926 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2010/10/14 14:27:59.0942 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2010/10/14 14:27:59.0957 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2010/10/14 14:27:59.0973 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2010/10/14 14:28:00.0020 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/10/14 14:28:00.0066 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2010/10/14 14:28:00.0066 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2010/10/14 14:28:00.0098 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2010/10/14 14:28:00.0129 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/10/14 14:28:00.0144 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2010/10/14 14:28:00.0144 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2010/10/14 14:28:00.0191 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/10/14 14:28:00.0222 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2010/10/14 14:28:00.0254 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys

2010/10/14 14:28:00.0269 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys

2010/10/14 14:28:00.0300 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys

2010/10/14 14:28:00.0316 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2010/10/14 14:28:00.0347 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2010/10/14 14:28:00.0363 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/10/14 14:28:00.0378 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/10/14 14:28:00.0410 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/10/14 14:28:00.0472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/10/14 14:28:00.0503 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2010/10/14 14:28:00.0534 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/10/14 14:28:00.0550 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2010/10/14 14:28:00.0597 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/10/14 14:28:00.0628 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2010/10/14 14:28:00.0675 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2010/10/14 14:28:00.0706 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/10/14 14:28:00.0722 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2010/10/14 14:28:00.0737 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2010/10/14 14:28:00.0753 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2010/10/14 14:28:00.0768 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/14 14:28:00.0768 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/14 14:28:00.0831 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2010/10/14 14:28:00.0862 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/10/14 14:28:00.0940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/10/14 14:28:00.0956 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2010/10/14 14:28:01.0018 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/10/14 14:28:01.0049 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2010/10/14 14:28:01.0096 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/10/14 14:28:01.0112 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/10/14 14:28:01.0205 ================================================================================

2010/10/14 14:28:01.0205 Scan finished

2010/10/14 14:28:01.0205 ================================================================================

Hi that did not complete please run it once more and post the new log.

[metzgermcguire]

Also, I am networked into a couple other people's computers...one in particular that had 547 rootkit infections (all at one time) - this machine was sent out and "cleaned" - however, is it possible to have rootkits infect other computers on a local network? If so, how? email, im, just because we are networked.....

Thanks!

Sorry about that... here is the completed scan results

2010/10/14 14:27:49.0334 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/14 14:27:49.0334 ================================================================================

2010/10/14 14:27:49.0334 SystemInfo:

2010/10/14 14:27:49.0334

2010/10/14 14:27:49.0334 OS Version: 6.1.7600 ServicePack: 0.0

2010/10/14 14:27:49.0334 Product type: Workstation

2010/10/14 14:27:49.0334 ComputerName: MONICA-WORK

2010/10/14 14:27:49.0334 UserName: Monica

2010/10/14 14:27:49.0334 Windows directory: C:\Windows

2010/10/14 14:27:49.0334 System windows directory: C:\Windows

2010/10/14 14:27:49.0334 Running under WOW64

2010/10/14 14:27:49.0334 Processor architecture: Intel x64

2010/10/14 14:27:49.0334 Number of processors: 4

2010/10/14 14:27:49.0334 Page size: 0x1000

2010/10/14 14:27:49.0334 Boot type: Normal boot

2010/10/14 14:27:49.0334 ================================================================================

2010/10/14 14:27:49.0334 Utility is running under WOW64

2010/10/14 14:27:49.0521 Initialize success

2010/10/14 14:27:51.0221 ================================================================================

2010/10/14 14:27:51.0221 Scan started

2010/10/14 14:27:51.0221 Mode: Manual;

2010/10/14 14:27:51.0221 ================================================================================

2010/10/14 14:27:52.0407 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/10/14 14:27:52.0469 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2010/10/14 14:27:52.0485 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/10/14 14:27:52.0547 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/10/14 14:27:52.0578 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2010/10/14 14:27:52.0594 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2010/10/14 14:27:52.0625 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2010/10/14 14:27:52.0688 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2010/10/14 14:27:52.0703 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2010/10/14 14:27:52.0766 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2010/10/14 14:27:52.0812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2010/10/14 14:27:53.0000 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/10/14 14:27:53.0046 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys

2010/10/14 14:27:53.0062 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2010/10/14 14:27:53.0093 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys

2010/10/14 14:27:53.0109 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/10/14 14:27:53.0140 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys

2010/10/14 14:27:53.0156 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2010/10/14 14:27:53.0171 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2010/10/14 14:27:53.0187 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2010/10/14 14:27:53.0202 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/10/14 14:27:53.0265 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2010/10/14 14:27:53.0327 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys

2010/10/14 14:27:53.0390 avc3 (d6ad5a019a914616c7a702c00149283a) C:\Windows\system32\DRIVERS\avc3.sys

2010/10/14 14:27:53.0452 avckf (4598404e09f7bc80c53100c560b8c67e) C:\Windows\system32\DRIVERS\avckf.sys

2010/10/14 14:27:53.0499 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2010/10/14 14:27:53.0514 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/10/14 14:27:53.0592 BDFM (57a812537b752e2b0409576120183e4f) C:\Windows\system32\DRIVERS\bdfm.sys

2010/10/14 14:27:53.0717 Bdfndisf (d177dd0cd545808f53373683e90b1450) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys

2010/10/14 14:27:53.0780 bdfsfltr (fd25d9e7054a422bd9a4c6540b2b8290) C:\Windows\system32\DRIVERS\bdfsfltr.sys

2010/10/14 14:27:53.0811 bdfwfpf (fe0fd0fe565cde7df9b7b4109b926ea1) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys

2010/10/14 14:27:53.0842 Bdvedisk (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys

2010/10/14 14:27:53.0873 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2010/10/14 14:27:53.0936 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/10/14 14:27:53.0998 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2010/10/14 14:27:54.0045 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/10/14 14:27:54.0060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/10/14 14:27:54.0107 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2010/10/14 14:27:54.0123 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/10/14 14:27:54.0154 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/10/14 14:27:54.0170 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/10/14 14:27:54.0201 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/10/14 14:27:54.0232 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/10/14 14:27:54.0279 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2010/10/14 14:27:54.0326 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2010/10/14 14:27:54.0357 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2010/10/14 14:27:54.0388 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/10/14 14:27:54.0404 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2010/10/14 14:27:54.0419 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2010/10/14 14:27:54.0435 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2010/10/14 14:27:54.0450 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/10/14 14:27:54.0466 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/10/14 14:27:54.0528 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2010/10/14 14:27:54.0544 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2010/10/14 14:27:54.0560 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2010/10/14 14:27:54.0591 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2010/10/14 14:27:54.0622 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2010/10/14 14:27:54.0716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2010/10/14 14:27:54.0794 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2010/10/14 14:27:54.0809 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2010/10/14 14:27:54.0856 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2010/10/14 14:27:54.0872 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2010/10/14 14:27:54.0903 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2010/10/14 14:27:54.0965 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2010/10/14 14:27:54.0996 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2010/10/14 14:27:55.0028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/10/14 14:27:55.0059 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2010/10/14 14:27:55.0090 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2010/10/14 14:27:55.0152 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

2010/10/14 14:27:55.0168 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2010/10/14 14:27:55.0215 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2010/10/14 14:27:55.0246 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/10/14 14:27:55.0277 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2010/10/14 14:27:55.0340 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2010/10/14 14:27:55.0355 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/10/14 14:27:55.0371 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/10/14 14:27:55.0371 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2010/10/14 14:27:55.0386 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2010/10/14 14:27:55.0402 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2010/10/14 14:27:55.0464 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/10/14 14:27:55.0496 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2010/10/14 14:27:55.0511 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2010/10/14 14:27:55.0527 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/10/14 14:27:55.0558 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/10/14 14:27:55.0605 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2010/10/14 14:27:55.0667 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys

2010/10/14 14:27:55.0698 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2010/10/14 14:27:55.0745 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2010/10/14 14:27:55.0761 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/10/14 14:27:55.0792 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/10/14 14:27:55.0808 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2010/10/14 14:27:55.0839 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2010/10/14 14:27:55.0870 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2010/10/14 14:27:55.0901 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/10/14 14:27:55.0917 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/10/14 14:27:55.0917 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/10/14 14:27:55.0948 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2010/10/14 14:27:55.0995 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2010/10/14 14:27:56.0010 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2010/10/14 14:27:56.0073 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2010/10/14 14:27:56.0120 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/10/14 14:27:56.0151 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/10/14 14:27:56.0182 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/10/14 14:27:56.0229 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/10/14 14:27:56.0244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2010/10/14 14:27:56.0307 MBAMProtector (e330051cce41eb4522e5dcebc15adcea) C:\Windows\system32\drivers\mbam.sys

2010/10/14 14:27:56.0354 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2010/10/14 14:27:56.0400 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/10/14 14:27:56.0416 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2010/10/14 14:27:56.0478 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2010/10/14 14:27:56.0494 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2010/10/14 14:27:56.0525 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2010/10/14 14:27:56.0556 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2010/10/14 14:27:56.0603 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2010/10/14 14:27:56.0650 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2010/10/14 14:27:56.0681 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2010/10/14 14:27:56.0712 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/10/14 14:27:56.0744 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/10/14 14:27:56.0759 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/10/14 14:27:56.0790 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2010/10/14 14:27:56.0837 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2010/10/14 14:27:56.0853 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2010/10/14 14:27:56.0884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2010/10/14 14:27:56.0884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/10/14 14:27:56.0915 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2010/10/14 14:27:56.0931 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/10/14 14:27:56.0946 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2010/10/14 14:27:56.0962 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2010/10/14 14:27:56.0978 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/10/14 14:27:56.0993 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2010/10/14 14:27:56.0993 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/10/14 14:27:57.0009 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2010/10/14 14:27:57.0056 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2010/10/14 14:27:57.0087 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2010/10/14 14:27:57.0102 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/10/14 14:27:57.0149 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/10/14 14:27:57.0196 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/10/14 14:27:57.0258 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/10/14 14:27:57.0290 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2010/10/14 14:27:57.0305 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2010/10/14 14:27:57.0336 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2010/10/14 14:27:57.0414 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys

2010/10/14 14:27:57.0461 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/10/14 14:27:57.0524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2010/10/14 14:27:57.0555 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2010/10/14 14:27:57.0617 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys

2010/10/14 14:27:57.0633 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2010/10/14 14:27:57.0664 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys

2010/10/14 14:27:57.0680 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys

2010/10/14 14:27:57.0695 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/10/14 14:27:57.0742 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/10/14 14:27:57.0820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2010/10/14 14:27:57.0836 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2010/10/14 14:27:57.0898 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2010/10/14 14:27:57.0929 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2010/10/14 14:27:57.0960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/10/14 14:27:57.0976 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2010/10/14 14:27:58.0023 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2010/10/14 14:27:58.0116 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2010/10/14 14:27:58.0132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2010/10/14 14:27:58.0179 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2010/10/14 14:27:58.0226 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2010/10/14 14:27:58.0241 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/10/14 14:27:58.0350 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2010/10/14 14:27:58.0428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2010/10/14 14:27:58.0475 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/10/14 14:27:58.0506 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/10/14 14:27:58.0538 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/10/14 14:27:58.0553 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2010/10/14 14:27:58.0569 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2010/10/14 14:27:58.0584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/10/14 14:27:58.0616 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/10/14 14:27:58.0631 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2010/10/14 14:27:58.0662 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2010/10/14 14:27:58.0694 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2010/10/14 14:27:58.0725 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2010/10/14 14:27:58.0756 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2010/10/14 14:27:58.0803 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

2010/10/14 14:27:58.0834 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/10/14 14:27:58.0850 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2010/10/14 14:27:58.0912 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/10/14 14:27:58.0959 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2010/10/14 14:27:58.0990 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2010/10/14 14:27:59.0037 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2010/10/14 14:27:59.0084 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/10/14 14:27:59.0146 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/10/14 14:27:59.0177 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/10/14 14:27:59.0193 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/10/14 14:27:59.0271 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys

2010/10/14 14:27:59.0333 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys

2010/10/14 14:27:59.0349 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys

2010/10/14 14:27:59.0380 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys

2010/10/14 14:27:59.0427 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/10/14 14:27:59.0442 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/10/14 14:27:59.0458 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2010/10/14 14:27:59.0489 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2010/10/14 14:27:59.0552 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

2010/10/14 14:27:59.0598 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

2010/10/14 14:27:59.0645 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

2010/10/14 14:27:59.0661 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2010/10/14 14:27:59.0708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2010/10/14 14:27:59.0801 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2010/10/14 14:27:59.0879 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2010/10/14 14:27:59.0910 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2010/10/14 14:27:59.0926 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2010/10/14 14:27:59.0942 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2010/10/14 14:27:59.0957 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2010/10/14 14:27:59.0973 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2010/10/14 14:28:00.0020 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/10/14 14:28:00.0066 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2010/10/14 14:28:00.0066 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2010/10/14 14:28:00.0098 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2010/10/14 14:28:00.0129 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/10/14 14:28:00.0144 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2010/10/14 14:28:00.0144 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2010/10/14 14:28:00.0191 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/10/14 14:28:00.0222 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2010/10/14 14:28:00.0254 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys

2010/10/14 14:28:00.0269 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys

2010/10/14 14:28:00.0300 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys

2010/10/14 14:28:00.0316 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2010/10/14 14:28:00.0347 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2010/10/14 14:28:00.0363 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/10/14 14:28:00.0378 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/10/14 14:28:00.0410 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/10/14 14:28:00.0472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/10/14 14:28:00.0503 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2010/10/14 14:28:00.0534 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/10/14 14:28:00.0550 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2010/10/14 14:28:00.0597 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/10/14 14:28:00.0628 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2010/10/14 14:28:00.0675 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2010/10/14 14:28:00.0706 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/10/14 14:28:00.0722 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2010/10/14 14:28:00.0737 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2010/10/14 14:28:00.0753 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2010/10/14 14:28:00.0768 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/14 14:28:00.0768 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/14 14:28:00.0831 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2010/10/14 14:28:00.0862 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/10/14 14:28:00.0940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/10/14 14:28:00.0956 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2010/10/14 14:28:01.0018 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/10/14 14:28:01.0049 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2010/10/14 14:28:01.0096 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/10/14 14:28:01.0112 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/10/14 14:28:01.0205 ================================================================================

2010/10/14 14:28:01.0205 Scan finished

2010/10/14 14:28:01.0205 ================================================================================

[kahdah]

Please submit the following file to one of these online file scanners.

(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\Windows\

[metzgermcguire]

VT Community Sign in ? My account ? Sign out Signing out... Languages ?

VirusTotal's website has changed, we need new translations, do you feel like helping the community?

info@virustotal.com

Sign in to VT CommunitySafety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.

email

password

Keep me logged in

Sign in Signing in, please wait...

Login failed, please try again

Forgot your password? Create an account

Edit my profile

View my profile

Inbox

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

[kahdah]

Please download TFC by Old Timer.

• Double-click TFC.exe to run the program.
  (If using Vista please Right Click and Choose "Run as Administrator")
  Click the Start button.
  Please reboot when prompted.
  

==============================================

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.
  

[metzgermcguire]

Hello again,

Hope you had a great weekend - here are the results from the Kaspersky Online Scanner:

KASPERSKY ONLINE SCANNER 7.0: scan report

Monday, October 18, 2010

Operating system: Microsoft (build 7600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Monday, October 18, 2010 11:50:23

Records in database: 4182975

Scan settings

scan using the following database extended

Scan archives yes

Scan e-mail databases yes

Scan area My Computer

C:\

D:\

E:\

F:\

G:\

H:\

I:\

Q:\

Scan statistics

Objects scanned 163745

Threats found 0

Infected objects found 0

Suspicious objects found 0

Scan duration 01:41:15

No threats found. Scanned area is clean.

Selected area has been scanned.

Please download TFC by Old Timer.

• Double-click TFC.exe to run the program.
  (If using Vista please Right Click and Choose "Run as Administrator")
  Click the Start button.
  Please reboot when prompted.
  

==============================================

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.
  

[kahdah]

I did thanks.

I see nothing malicious in your logs.

You aren't using any type of torrent software or any p2p software?

If so then that is the issue.

But if not then I will have to dig a bit deeper.

[metzgermcguire]

Hello -

I do not believe I am using any torrent software or p2p.... there is a way thru Windows Live Messenger to share applications/ files etc , but I do not have that feature open when using messenger... other than that, I havent downloaded any sharing software that I am aware of... thanks for all your help with this...

-MM

I did thanks.

I see nothing malicious in your logs.

You aren't using any type of torrent software or any p2p software?

If so then that is the issue.

But if not then I will have to dig a bit deeper.

[kahdah]

Ok see if this program will run.

• Download SREng from here: http://www.kztechs.com/sreng/sreng2.zip
  
• Extract all content to your Desktop
  
• From the sreng2 folder on your Desktop, double-click SREng.exe to run itSelect: Smart Scan
  
• Then, click the [scan] button When finished, click on the [save Reports] button Save the log to your
  
• Desktop Please post the content of the SREnglLOG.log file in your next reply.
  

[metzgermcguire]

I had to save the log, its 192 pages long.... it would not post as it was too long....

-MM

Ok see if this program will run.

• Download SREng from here: http://www.kztechs.com/sreng/sreng2.zip
  
• Extract all content to your Desktop
  
• From the sreng2 folder on your Desktop, double-click SREng.exe to run itSelect: Smart Scan
  
• Then, click the [scan] button When finished, click on the [save Reports] button Save the log to your
  
• Desktop Please post the content of the SREnglLOG.log file in your next reply.
  

SREngLOG.log

[kahdah]

Please submit the following file to one of these online file scanners.

(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\Windows\SysWOW64\msjetoledb40.dll

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.