TechSpot

Need help with a virus that redirects Google/Firefox searches

By grannaLA
Feb 8, 2011
  1. I'm having problems with search engine re-directs and at times even getting the internet to start up. My computer is also very slow. I had this a few months ago and got it cleaned up, but can't remember what I did. I've downloaded the latest AVG 2011 update and the Malwarebytes Anti-Malware and run both of them as Administrator. They show no threats (did them both in safe mode). I've also run ccleaner and scanned using Advanced System Care. I did get one hit during one scan; fixed it but still didn't help. Can someone help?

    Here's a copy of my logs. Please let me know if I need to furnish anything else. Many thanks, this is driving me crazy and I've already spent hours trying to fix it. It's evident I don't know enough.

    From AVG:

    "Scan ""Command line scan"" completed."
    "Information";"24"
    "Folders selected for scanning:";"Whole computer scan"
    "Scan started:";"Monday, February 07, 2011, 7:38:20 PM"
    "Scan finished:";"Monday, February 07, 2011, 8:54:06 PM (1 hour(s) 15 minute(s) 45 second(s))"
    "Total object scanned:";"870109"
    "User who launched the scan:";"Administrator"

    "Information"
    "";"File";"Information";"Result"
    "";"C:\WINDOWS\system32\config\system.LOG";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\WINDOWS\system32\config\SYSTEM";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\WINDOWS\system32\config\software.LOG";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\WINDOWS\system32\config\SOFTWARE";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\WINDOWS\system32\config\SECURITY.LOG";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\WINDOWS\system32\config\SECURITY";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\WINDOWS\system32\config\SAM.LOG";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\WINDOWS\system32\config\SAM";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\WINDOWS\system32\config\default.LOG";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\WINDOWS\system32\config\DEFAULT";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\System Volume Information\";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\Documents and Settings\NetworkService\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\Documents and Settings\NetworkService\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\Documents and Settings\All Users\Application Data\QuickTime\Installer.log";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fee2a04c83587039c9a5678216eb2307_24adf822-76f7-4481-b30b-ff1b40f8687f";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\Documents and Settings\Administrator\ntuser.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\Documents and Settings\Administrator\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\85d16feba5b0ee49d815e15b8e37\i386\";"Locked file. Not tested.";"Locked file. Not tested."
    "";"C:\85d16feba5b0ee49d815e15b8e37\amd64\";"Locked file. Not tested.";"Locked file. Not tested."



    mbam log from Malwarebytes:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5707

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/7/2011 6:14:16 PM
    mbam-log-2011-02-07 (18-14-16).txt

    Scan type: Quick scan
    Objects scanned: 168853
    Time elapsed: 4 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Under quarantine of Malwarebytes I did get a hit during one of my scans for "pum.bad.proxy' but I'm assuming since it's in quarantine it's been removed. If that's the case then the problem still exists.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. grannaLA

    grannaLA TS Rookie Topic Starter Posts: 25

    Thanks so much. I'm working some long hours and know this is going to take some time so hope to try this within a couple of days. I'll let you know how it works out and if I have trouble. Thanks.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Take your time :)
     
  5. grannaLA

    grannaLA TS Rookie Topic Starter Posts: 25

    OK, I went through the steps. Here are my logs. But quick question; the directions in step 5 says to delete the DDS program from the desktop. I saved it to a folder, do I delete the file from there or leave it there for possible future reference? Probably an elementary question but just didn't want it out there if it was going to mess something up.



    mbam log:
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5735

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/10/2011 5:25:41 PM
    mbam-log-2011-02-10 (17-25-41).txt

    Scan type: Quick scan
    Objects scanned: 166634
    Time elapsed: 5 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-10 17:35:59
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 SAMSUNG_SP2504C rev.VT100-48
    Running: 267etl2e.exe; Driver: C:\DOCUME~1\Erin\LOCALS~1\Temp\pxtdapod.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A6536A2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A6536A2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A6536A2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A6536A2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-19 8A6536A2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A6536A2

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SP2504C_________________________VT100-48#5&71de149&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/21/2006 7:58:54 AM
    System Uptime: 2/10/2011 5:15:46 PM (0 hours ago)

    Motherboard: Dell Inc | | 0CT103
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2004/1000mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 228 GiB total, 141.7 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    G: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1115: 11/13/2010 10:29:40 AM - System Checkpoint
    RP1116: 11/14/2010 12:24:42 PM - System Checkpoint
    RP1117: 11/15/2010 2:44:08 PM - System Checkpoint
    RP1118: 11/16/2010 4:56:30 PM - System Checkpoint
    RP1119: 11/17/2010 3:00:15 AM - Software Distribution Service 3.0
    RP1120: 11/18/2010 5:07:48 AM - System Checkpoint
    RP1121: 11/19/2010 6:08:47 AM - System Checkpoint
    RP1122: 11/20/2010 6:57:57 AM - System Checkpoint
    RP1123: 11/21/2010 7:09:45 AM - System Checkpoint
    RP1124: 11/22/2010 2:35:27 PM - System Checkpoint
    RP1125: 11/23/2010 4:36:03 PM - System Checkpoint
    RP1126: 11/24/2010 9:36:02 PM - System Checkpoint
    RP1127: 11/26/2010 3:49:22 PM - System Checkpoint
    RP1128: 11/27/2010 11:02:27 AM - Software Distribution Service 3.0
    RP1129: 11/28/2010 11:22:30 AM - System Checkpoint
    RP1130: 11/29/2010 12:08:52 PM - System Checkpoint
    RP1131: 11/30/2010 4:49:23 AM - Software Distribution Service 3.0
    RP1132: 12/1/2010 5:16:58 AM - System Checkpoint
    RP1133: 12/2/2010 4:38:53 AM - Software Distribution Service 3.0
    RP1134: 12/3/2010 4:50:19 AM - System Checkpoint
    RP1135: 12/4/2010 6:42:06 AM - System Checkpoint
    RP1136: 12/5/2010 10:14:10 AM - System Checkpoint
    RP1137: 12/6/2010 8:56:12 PM - System Checkpoint
    RP1138: 12/8/2010 6:38:34 AM - System Checkpoint
    RP1139: 12/9/2010 3:29:45 PM - System Checkpoint
    RP1140: 12/10/2010 4:18:40 PM - System Checkpoint
    RP1141: 12/12/2010 8:06:52 AM - System Checkpoint
    RP1142: 12/13/2010 4:50:02 PM - System Checkpoint
    RP1143: 12/14/2010 7:14:37 PM - System Checkpoint
    RP1144: 12/15/2010 4:47:05 AM - Software Distribution Service 3.0
    RP1145: 12/16/2010 4:52:22 AM - Software Distribution Service 3.0
    RP1146: 12/17/2010 7:11:41 AM - Software Distribution Service 3.0
    RP1147: 12/18/2010 7:53:35 AM - System Checkpoint
    RP1148: 12/19/2010 5:35:33 AM - Software Distribution Service 3.0
    RP1149: 12/20/2010 5:48:47 AM - System Checkpoint
    RP1150: 12/21/2010 6:47:41 AM - System Checkpoint
    RP1151: 12/22/2010 7:48:45 AM - System Checkpoint
    RP1152: 12/23/2010 7:50:42 AM - System Checkpoint
    RP1153: 12/24/2010 6:16:10 AM - Software Distribution Service 3.0
    RP1154: 12/25/2010 8:05:10 AM - System Checkpoint
    RP1155: 12/26/2010 10:36:42 AM - System Checkpoint
    RP1156: 12/27/2010 2:02:48 PM - System Checkpoint
    RP1157: 12/28/2010 2:33:26 PM - System Checkpoint
    RP1158: 12/29/2010 5:43:13 PM - System Checkpoint
    RP1159: 12/30/2010 7:21:37 PM - System Checkpoint
    RP1160: 12/31/2010 4:52:46 AM - Software Distribution Service 3.0
    RP1161: 1/1/2011 9:03:11 AM - System Checkpoint
    RP1162: 1/2/2011 4:23:51 PM - Software Distribution Service 3.0
    RP1163: 1/3/2011 4:59:50 PM - System Checkpoint
    RP1164: 1/4/2011 6:40:22 PM - System Checkpoint
    RP1165: 1/5/2011 6:52:18 PM - System Checkpoint
    RP1166: 1/6/2011 4:57:45 AM - Software Distribution Service 3.0
    RP1167: 1/7/2011 5:25:44 AM - System Checkpoint
    RP1168: 1/8/2011 8:57:57 AM - System Checkpoint
    RP1169: 1/9/2011 7:37:48 AM - Software Distribution Service 3.0
    RP1170: 1/10/2011 4:25:42 PM - System Checkpoint
    RP1171: 1/11/2011 4:51:02 AM - Software Distribution Service 3.0
    RP1172: 1/12/2011 5:11:02 AM - System Checkpoint
    RP1173: 1/13/2011 4:51:22 AM - Software Distribution Service 3.0
    RP1174: 1/14/2011 4:53:21 AM - Software Distribution Service 3.0
    RP1175: 1/15/2011 5:29:32 AM - System Checkpoint
    RP1176: 1/16/2011 7:51:42 AM - System Checkpoint
    RP1177: 1/17/2011 7:54:03 AM - System Checkpoint
    RP1178: 1/18/2011 5:24:36 PM - System Checkpoint
    RP1179: 1/19/2011 6:05:09 PM - System Checkpoint
    RP1180: 1/20/2011 8:52:53 PM - System Checkpoint
    RP1181: 1/22/2011 5:24:37 AM - System Checkpoint
    RP1182: 1/23/2011 7:25:32 AM - System Checkpoint
    RP1183: 1/24/2011 4:23:03 PM - System Checkpoint
    RP1184: 1/25/2011 5:45:13 PM - System Checkpoint
    RP1185: 1/26/2011 5:51:21 PM - System Checkpoint
    RP1186: 1/27/2011 6:13:12 PM - System Checkpoint
    RP1187: 1/28/2011 7:37:35 PM - System Checkpoint
    RP1188: 1/29/2011 9:33:48 PM - System Checkpoint
    RP1189: 1/30/2011 10:18:18 PM - System Checkpoint
    RP1190: 2/1/2011 5:06:07 AM - System Checkpoint
    RP1191: 2/2/2011 5:07:04 AM - System Checkpoint
    RP1192: 2/3/2011 5:09:15 AM - System Checkpoint
    RP1193: 2/4/2011 7:36:56 AM - System Checkpoint
    RP1194: 2/5/2011 8:03:03 AM - System Checkpoint
    RP1195: 2/6/2011 3:55:43 PM - System Checkpoint
    RP1196: 2/7/2011 5:29:27 PM - System Checkpoint
    RP1197: 2/8/2011 5:58:19 PM - System Checkpoint
    RP1198: 2/9/2011 7:30:55 PM - System Checkpoint

    ==== Installed Programs ======================


    6300
    6300_Help
    6300Trb
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.1.0
    Advanced SystemCare 3
    AiO_Scan_CDA
    AiOSoftwareNPI
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    AOLIcon
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Parental Control
    AVG 2011
    Avira AntiVir Personal - Free Antivirus
    Bonjour
    Broadcom Management Programs
    BufferChm
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 2.2
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    CustomerResearchQFolder
    Definition update for Microsoft Office 2010 (KB982726)
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Game Console
    Dell Support 3.2
    Dell System Restore
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    Digital Content Portal
    Digital Line Detect
    DocProc
    Documentation & Support Launcher
    DocumentViewer
    DocumentViewerQFolder
    Dropbox
    EarthLink setup files
    EducateU
    ELIcon
    ESPNMotion
    eSupportQFolder
    Fax_CDA
    FullDPAppQFolder
    Games, Music, & Photos Launcher
    GemMaster Mystic
    Get High Speed Internet!
    Google Chrome
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    HDView for Internet Explorer
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Document Viewer 6.1
    HP Extended Capabilities 6.1
    HP Imaging Device Functions 6.1
    HP Photosmart Premier Software 6.1
    HP Product Assistant
    HP PSC & OfficeJet 6.1.A
    HP Solution Center and Imaging Support Tools 6.1
    HP Update
    HPProductAssistant
    InstantShareDevices
    Internet Service Offers Launcher
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 18
    KODAK EASYSHARE Gallery Upload ActiveX Control
    Learn2 Player (Uninstall Only)
    Logitech Desktop Messenger
    Logitech iTouch Software
    Logitech MouseWare 9.79
    Logitech QuickCam Software
    Logitech® Camera Driver
    Malwarebytes' Anti-Malware
    MarketResearch
    MCU
    MediaSPace
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Picture It! Photo Premium 9
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Modem Diagnostic Tool
    Move Media Player
    Mozilla Firefox (3.6.13)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Oasis
    NetWaiting
    NetZeroInstallers
    NewCopy_CDA
    NVIDIA Drivers
    Otto
    PanoStandAlone
    Photo Viewer
    PhotoGallery
    PowerDVD
    ProductContextNPI
    QuickTime
    RandMap
    Readme
    RealPlayer Basic
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Safari
    Scan
    ScannerCopy
    SearchAssist
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SkinsHP1
    Skype™ 4.2
    SolutionCenter
    Sonic Activation Module
    Sonic Encoders
    Sonic Update Manager
    Sonic_PrimoSDK
    Status
    Toolbox
    TrayApp
    TurboTax 2008
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wlaiper
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wlaiper
    TurboTax 2009 wrapper
    TurboTax Deluxe 2007
    TurboTax Deluxe Deduction Maximizer 2006
    TurboTax ItsDeductible 2006
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft OneNote 2010 (KB2433299)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    URL Assistant
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Viewpoint Toolbar
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    WebFldrs XP
    WebReg
    WexTech AnswerWorks
    WildTangent Web Driver
    Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
    Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    2/6/2011 7:49:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2/6/2011 5:17:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    2/6/2011 4:57:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Avgldx86 Avgmfx86 Avgtdix Fips IPSec MRxSmb NetBIOS NetBT nvatabus nvraid RasAcd Rdbss Tcpip
    2/6/2011 4:57:02 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2/6/2011 4:57:02 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/6/2011 4:57:02 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/6/2011 4:57:02 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    2/6/2011 4:57:02 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/6/2011 4:57:02 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/6/2011 4:32:40 PM, information: Windows File Protection [64004] - The protected system file dbghelp.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.5512 The specific error code is 0x00000490 [Element not found. ].
    2/6/2011 3:32:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/6/2011 1:56:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    2/5/2011 6:22:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
    2/5/2011 6:17:41 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/3/2011 6:32:54 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    2/10/2011 5:13:03 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
    2/10/2011 5:13:02 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
    2/10/2011 5:13:02 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    2/10/2011 5:13:02 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
    2/10/2011 5:13:01 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    2/10/2011 5:13:00 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    2/10/2011 5:12:59 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
    2/10/2011 5:12:59 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    2/10/2011 5:12:58 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================



    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Erin at 17:47:38.73 on Thu 02/10/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1062 [GMT -6:00]

    AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\Erin\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\AVG\AVG10\avgam.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG10\avgchsvx.exe
    C:\Program Files\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Erin\Local Settings\Temporary Internet Files\Content.IE5\RJ5MKAMK\dds[1].scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.2theadvocate.com/
    uSearch Page =
    uSearch Bar =
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061017
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.cox.net/
    uInternet Settings,ProxyOverride = localhost
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant =
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
    BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
    uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe"
    mRun: [zBrowser Launcher] "c:\program files\logitech\itouch\iTouch.exe"
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [LogitechVideoRepair] "c:\program files\logitech\video\ISStart.exe"
    mRun: [LogitechVideoTray] "c:\program files\logitech\video\LogiTray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\docume~1\erin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\erin\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\erin\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: microsoft.com\office
    Trusted Zone: turbotax.com
    DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www1.snapfish.com/SnapfishOutlookImport.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
    DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.mpix.com/Customer/Uploading/activex/ImageUploader4.cab
    DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.mpix.com/Customer/Uploading/activex/ImageUploader3.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.mpix.com/Customer/Uploading/activex/ImageUploader4.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\erin\applic~1\mozilla\firefox\profiles\rnianj7q.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 5577
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\erin\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\erin\application data\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-10 11608]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-10 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-10 267944]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-10 61960]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-5 24652]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S2 gupdate1ca37853f36dd7e;Google Update Service (gupdate1ca37853f36dd7e);c:\program files\google\update\GoogleUpdate.exe [2009-9-17 133104]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

    =============== Created Last 30 ================

    2011-02-10 12:37:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-10 12:37:28 -------- d-----w- c:\program files\Avira
    2011-02-10 12:37:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

    ==================== Find3M ====================

    2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2008-07-02 21:09:43 7569408 ----a-w- c:\program files\setup_UT1.02.exe

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: SAMSUNG_SP2504C rev.VT100-48 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A65385C]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a659a38]; MOV EAX, [0x8a659ab4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A76EAB8]
    3 CLASSPNP[0xBA0C8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000063[0x8A771F18]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A6A5D98]
    \Driver\atapi[0x8A743B10] -> IRP_MJ_CREATE -> 0x8A65385C
    kernel: MBR read successfully
    _asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SP2504C_________________________VT100-48#5&71de149&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8A6536A2
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 17:49:42.78 ===============


    Thanks so much!!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    I don't see such thing. It says to run it form the desktop.

    You're running two AV programs, AVG and Avira.
    One of them has to go.
    If AVG (preferably), use this tool to remove it: http://www.avg.com/us-en/download-tools

    Now, you're infected with a rootkit.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. grannaLA

    grannaLA TS Rookie Topic Starter Posts: 25

    See the 7th corky dot down to see where it says to delete from desktop. As of now I still have the file in the folder.

    Step 5: DDS
    • Download DDS by sUBs and save to your desktop. After downloading the tool, disable any script blocking protection.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results, click no to the Optional_Scan
    • Follow the instructions that pop up for posting the results.
    • When done, DDS will open two (2) logs:
    [o]DDS.txt
    [o]Attach.txt
    • Close the program window, and delete the program from your desktop.
    • Enable your Antivirus protection and reconnect to the internet.

    I've been running AVG for sometime (it didn't find anything when I first started trying to figure this out). So are you saying that Avira is a better one and that I should remove AVG?

    Also, I have TDSSKiller on my desktop and have run it too. Do you want me to send that log or just go ahead and run it again? It's been a couple of days since I did it. And what's a rootkit? Can you tell I'm green?

    Thanks again?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Now I see what you're saying.
    We'll edit that line.
    Leave DDS alone.

    Please, post TDSSKiller log, if you already ran it.
     
  9. grannaLA

    grannaLA TS Rookie Topic Starter Posts: 25

    I just ran TDSKiller and it showed no threats and didn't ask for a reboot. Does it create a log if it doesnt find anything? I didn't see it.
     
  10. grannaLA

    grannaLA TS Rookie Topic Starter Posts: 25

    found it.....

    2011/02/10 19:55:40.0687 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
    2011/02/10 19:55:40.0687 ================================================================================
    2011/02/10 19:55:40.0687 SystemInfo:
    2011/02/10 19:55:40.0687
    2011/02/10 19:55:40.0687 OS Version: 5.1.2600 ServicePack: 3.0
    2011/02/10 19:55:40.0687 Product type: Workstation
    2011/02/10 19:55:40.0687 ComputerName: DELL1
    2011/02/10 19:55:40.0687 UserName: Erin
    2011/02/10 19:55:40.0687 Windows directory: C:\WINDOWS
    2011/02/10 19:55:40.0687 System windows directory: C:\WINDOWS
    2011/02/10 19:55:40.0687 Processor architecture: Intel x86
    2011/02/10 19:55:40.0687 Number of processors: 2
    2011/02/10 19:55:40.0687 Page size: 0x1000
    2011/02/10 19:55:40.0687 Boot type: Normal boot
    2011/02/10 19:55:40.0687 ================================================================================
    2011/02/10 19:55:41.0375 Initialize success
    2011/02/10 19:55:44.0078 ================================================================================
    2011/02/10 19:55:44.0078 Scan started
    2011/02/10 19:55:44.0078 Mode: Manual;
    2011/02/10 19:55:44.0078 ================================================================================
    2011/02/10 19:55:45.0921 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/02/10 19:55:46.0000 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/02/10 19:55:46.0109 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/02/10 19:55:46.0203 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/02/10 19:55:46.0328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/02/10 19:55:46.0437 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/02/10 19:55:46.0531 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/02/10 19:55:46.0687 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/02/10 19:55:46.0796 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/02/10 19:55:46.0875 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/02/10 19:55:46.0937 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/02/10 19:55:47.0015 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/02/10 19:55:47.0078 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/02/10 19:55:47.0187 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/02/10 19:55:47.0265 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    2011/02/10 19:55:47.0390 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/02/10 19:55:47.0515 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/02/10 19:55:47.0578 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/02/10 19:55:47.0640 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/02/10 19:55:47.0734 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    2011/02/10 19:55:47.0843 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/02/10 19:55:47.0890 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/02/10 19:55:47.0984 ATIAVPCI (b27fec21c1125bab7d3c8cdf872e627b) C:\WINDOWS\system32\DRIVERS\atinavrr.sys
    2011/02/10 19:55:48.0015 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/02/10 19:55:48.0062 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/02/10 19:55:48.0250 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/02/10 19:55:48.0281 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2011/02/10 19:55:48.0453 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2011/02/10 19:55:48.0531 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    2011/02/10 19:55:48.0562 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/02/10 19:55:48.0625 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/02/10 19:55:48.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/02/10 19:55:48.0703 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/02/10 19:55:48.0750 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/02/10 19:55:48.0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/02/10 19:55:48.0843 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/02/10 19:55:48.0875 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/02/10 19:55:48.0968 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/02/10 19:55:49.0031 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/02/10 19:55:49.0078 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/02/10 19:55:49.0140 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/02/10 19:55:49.0187 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/02/10 19:55:49.0265 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2011/02/10 19:55:49.0296 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2011/02/10 19:55:49.0328 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
    2011/02/10 19:55:49.0375 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2011/02/10 19:55:49.0406 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2011/02/10 19:55:49.0453 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2011/02/10 19:55:49.0484 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    2011/02/10 19:55:49.0515 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2011/02/10 19:55:49.0546 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2011/02/10 19:55:49.0859 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/02/10 19:55:49.0921 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/02/10 19:55:49.0953 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/02/10 19:55:50.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/02/10 19:55:50.0078 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/02/10 19:55:50.0453 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/02/10 19:55:50.0531 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2011/02/10 19:55:50.0562 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2011/02/10 19:55:50.0703 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
    2011/02/10 19:55:50.0750 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/02/10 19:55:50.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/02/10 19:55:50.0937 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/02/10 19:55:50.0984 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/02/10 19:55:51.0031 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/02/10 19:55:51.0109 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/02/10 19:55:51.0187 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/02/10 19:55:51.0234 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\WINDOWS\system32\drivers\ftdibus.sys
    2011/02/10 19:55:51.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/02/10 19:55:51.0375 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\WINDOWS\system32\drivers\ftser2k.sys
    2011/02/10 19:55:51.0468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2011/02/10 19:55:51.0578 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/02/10 19:55:51.0671 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/02/10 19:55:51.0734 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
    2011/02/10 19:55:51.0781 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/02/10 19:55:51.0859 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/02/10 19:55:51.0968 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/02/10 19:55:52.0062 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/02/10 19:55:52.0109 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/02/10 19:55:52.0187 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    2011/02/10 19:55:52.0421 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    2011/02/10 19:55:52.0703 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/02/10 19:55:52.0765 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/02/10 19:55:52.0906 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/02/10 19:55:53.0000 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/02/10 19:55:53.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/02/10 19:55:53.0312 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/02/10 19:55:53.0421 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/02/10 19:55:53.0531 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/02/10 19:55:53.0640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/02/10 19:55:53.0687 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/02/10 19:55:54.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/02/10 19:55:54.0250 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/02/10 19:55:54.0687 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/02/10 19:55:54.0781 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
    2011/02/10 19:55:54.0843 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/02/10 19:55:54.0937 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/02/10 19:55:55.0109 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/02/10 19:55:55.0281 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/02/10 19:55:55.0500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/02/10 19:55:55.0609 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/02/10 19:55:55.0750 LCcfltr (2b81de27d63a2de5876eac1bc34ece9b) C:\WINDOWS\system32\Drivers\LCcFltr.Sys
    2011/02/10 19:55:55.0812 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
    2011/02/10 19:55:55.0859 LHidUsb (826aacb98a2ca5c51e982c748a60d645) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
    2011/02/10 19:55:55.0890 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
    2011/02/10 19:55:55.0953 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
    2011/02/10 19:55:56.0031 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/02/10 19:55:56.0093 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2011/02/10 19:55:56.0156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/02/10 19:55:56.0281 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/02/10 19:55:56.0343 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2011/02/10 19:55:56.0421 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/02/10 19:55:56.0562 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/02/10 19:55:56.0609 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/02/10 19:55:56.0703 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    2011/02/10 19:55:56.0812 mr7910 (6aa46f9896d3c9e5a00e01bb416c707b) C:\WINDOWS\system32\DRIVERS\mr7910.sys
    2011/02/10 19:55:56.0968 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/02/10 19:55:57.0062 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/02/10 19:55:57.0234 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/02/10 19:55:57.0328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/02/10 19:55:57.0390 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/02/10 19:55:57.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/02/10 19:55:57.0546 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/02/10 19:55:57.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/02/10 19:55:57.0750 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/02/10 19:55:57.0843 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/02/10 19:55:57.0937 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/02/10 19:55:58.0015 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/02/10 19:55:58.0093 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/02/10 19:55:58.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/02/10 19:55:58.0250 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/02/10 19:55:58.0328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/02/10 19:55:58.0453 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/02/10 19:55:58.0515 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/02/10 19:55:58.0640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/02/10 19:55:58.0796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/02/10 19:55:59.0140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/02/10 19:55:59.0281 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/02/10 19:56:00.0078 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/02/10 19:56:01.0203 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys
    2011/02/10 19:56:01.0328 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys
    2011/02/10 19:56:01.0421 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/02/10 19:56:01.0531 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/02/10 19:56:01.0734 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/02/10 19:56:01.0875 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/02/10 19:56:01.0968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/02/10 19:56:02.0140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/02/10 19:56:02.0281 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/02/10 19:56:02.0328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/02/10 19:56:02.0640 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
    2011/02/10 19:56:02.0703 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/02/10 19:56:02.0734 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/02/10 19:56:02.0859 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
    2011/02/10 19:56:02.0953 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/02/10 19:56:03.0000 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/02/10 19:56:03.0031 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/02/10 19:56:03.0046 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/02/10 19:56:03.0062 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/02/10 19:56:03.0109 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/02/10 19:56:03.0140 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/02/10 19:56:03.0171 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/02/10 19:56:03.0203 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/02/10 19:56:03.0218 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/02/10 19:56:03.0250 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/02/10 19:56:03.0281 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/02/10 19:56:03.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/02/10 19:56:03.0312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/02/10 19:56:03.0343 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/02/10 19:56:03.0375 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/02/10 19:56:03.0406 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/02/10 19:56:03.0453 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/02/10 19:56:03.0500 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/02/10 19:56:03.0593 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/02/10 19:56:03.0640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/02/10 19:56:03.0687 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/02/10 19:56:03.0734 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/02/10 19:56:03.0812 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/02/10 19:56:03.0843 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/02/10 19:56:03.0875 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/02/10 19:56:03.0921 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/02/10 19:56:03.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/02/10 19:56:04.0015 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/02/10 19:56:04.0046 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2011/02/10 19:56:04.0125 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
    2011/02/10 19:56:04.0203 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/02/10 19:56:04.0234 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/02/10 19:56:04.0250 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/02/10 19:56:04.0296 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/02/10 19:56:04.0328 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/02/10 19:56:04.0343 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/02/10 19:56:04.0375 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/02/10 19:56:04.0421 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/02/10 19:56:04.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/02/10 19:56:04.0546 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/02/10 19:56:04.0562 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/02/10 19:56:04.0609 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/02/10 19:56:04.0640 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/02/10 19:56:04.0687 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/02/10 19:56:04.0718 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/02/10 19:56:04.0781 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/02/10 19:56:04.0843 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/02/10 19:56:04.0921 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/02/10 19:56:04.0968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/02/10 19:56:05.0000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/02/10 19:56:05.0031 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/02/10 19:56:05.0046 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/02/10 19:56:05.0093 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/02/10 19:56:05.0109 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/02/10 19:56:05.0125 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/02/10 19:56:05.0140 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/02/10 19:56:05.0171 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
    2011/02/10 19:56:05.0187 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/02/10 19:56:05.0250 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/02/10 19:56:05.0281 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/02/10 19:56:05.0312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/02/10 19:56:05.0343 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/02/10 19:56:05.0421 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/02/10 19:56:05.0484 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2011/02/10 19:56:05.0578 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/02/10 19:56:05.0640 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/02/10 19:56:05.0718 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/02/10 19:56:05.0765 ================================================================================
    2011/02/10 19:56:05.0765 Scan finished
    2011/02/10 19:56:05.0765 ================================================================================
    2011/02/10 19:56:49.0328 Deinitialize success
     
  11. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    If you see more than one log, post all of them.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Re-run DDS and post fresh log (no Attach.txt) needed.
     
  13. grannaLA

    grannaLA TS Rookie Topic Starter Posts: 25

    Ran it again this morning. Here is the output when I select the report tab after it's completed the scan. This it?


    2011/02/12 07:15:13.0249 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
    2011/02/12 07:15:13.0249 ================================================================================
    2011/02/12 07:15:13.0249 SystemInfo:
    2011/02/12 07:15:13.0249
    2011/02/12 07:15:13.0249 OS Version: 5.1.2600 ServicePack: 3.0
    2011/02/12 07:15:13.0249 Product type: Workstation
    2011/02/12 07:15:13.0249 ComputerName: DELL1
    2011/02/12 07:15:13.0249 UserName: Erin
    2011/02/12 07:15:13.0249 Windows directory: C:\WINDOWS
    2011/02/12 07:15:13.0249 System windows directory: C:\WINDOWS
    2011/02/12 07:15:13.0249 Processor architecture: Intel x86
    2011/02/12 07:15:13.0249 Number of processors: 2
    2011/02/12 07:15:13.0249 Page size: 0x1000
    2011/02/12 07:15:13.0249 Boot type: Normal boot
    2011/02/12 07:15:13.0249 ================================================================================
    2011/02/12 07:15:13.0405 Initialize success
    2011/02/12 07:15:17.0015 ================================================================================
    2011/02/12 07:15:17.0015 Scan started
    2011/02/12 07:15:17.0015 Mode: Manual;
    2011/02/12 07:15:17.0015 ================================================================================
    2011/02/12 07:15:18.0436 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/02/12 07:15:18.0624 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/02/12 07:15:18.0671 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/02/12 07:15:18.0702 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/02/12 07:15:18.0765 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/02/12 07:15:18.0843 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/02/12 07:15:18.0890 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/02/12 07:15:18.0921 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/02/12 07:15:18.0936 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/02/12 07:15:18.0968 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/02/12 07:15:18.0999 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/02/12 07:15:19.0077 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/02/12 07:15:19.0108 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/02/12 07:15:19.0124 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/02/12 07:15:19.0171 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    2011/02/12 07:15:19.0202 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/02/12 07:15:19.0249 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/02/12 07:15:19.0280 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/02/12 07:15:19.0296 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/02/12 07:15:19.0343 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    2011/02/12 07:15:19.0421 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/02/12 07:15:19.0436 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/02/12 07:15:19.0483 ATIAVPCI (b27fec21c1125bab7d3c8cdf872e627b) C:\WINDOWS\system32\DRIVERS\atinavrr.sys
    2011/02/12 07:15:19.0530 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/02/12 07:15:19.0561 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/02/12 07:15:19.0686 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/02/12 07:15:19.0733 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2011/02/12 07:15:19.0749 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2011/02/12 07:15:19.0780 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    2011/02/12 07:15:19.0811 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/02/12 07:15:19.0858 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/02/12 07:15:19.0874 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/02/12 07:15:19.0905 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/02/12 07:15:19.0921 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/02/12 07:15:19.0936 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/02/12 07:15:19.0952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/02/12 07:15:19.0999 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/02/12 07:15:20.0061 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/02/12 07:15:20.0093 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/02/12 07:15:20.0124 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/02/12 07:15:20.0140 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/02/12 07:15:20.0155 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/02/12 07:15:20.0202 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2011/02/12 07:15:20.0218 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2011/02/12 07:15:20.0233 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
    2011/02/12 07:15:20.0249 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2011/02/12 07:15:20.0280 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2011/02/12 07:15:20.0296 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2011/02/12 07:15:20.0311 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    2011/02/12 07:15:20.0327 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2011/02/12 07:15:20.0343 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2011/02/12 07:15:20.0405 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/02/12 07:15:20.0452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/02/12 07:15:20.0468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/02/12 07:15:20.0499 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/02/12 07:15:20.0561 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/02/12 07:15:20.0577 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/02/12 07:15:20.0593 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2011/02/12 07:15:20.0608 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2011/02/12 07:15:20.0749 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
    2011/02/12 07:15:20.0780 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/02/12 07:15:20.0827 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/02/12 07:15:20.0874 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/02/12 07:15:20.0921 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/02/12 07:15:20.0968 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/02/12 07:15:21.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/02/12 07:15:21.0046 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/02/12 07:15:21.0093 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\WINDOWS\system32\drivers\ftdibus.sys
    2011/02/12 07:15:21.0140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/02/12 07:15:21.0186 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\WINDOWS\system32\drivers\ftser2k.sys
    2011/02/12 07:15:21.0233 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2011/02/12 07:15:21.0296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/02/12 07:15:21.0327 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/02/12 07:15:21.0343 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
    2011/02/12 07:15:21.0374 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/02/12 07:15:21.0421 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/02/12 07:15:21.0468 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/02/12 07:15:21.0483 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/02/12 07:15:21.0499 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/02/12 07:15:21.0530 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    2011/02/12 07:15:21.0577 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    2011/02/12 07:15:21.0655 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/02/12 07:15:21.0686 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/02/12 07:15:21.0718 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/02/12 07:15:21.0749 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/02/12 07:15:21.0780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/02/12 07:15:21.0827 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/02/12 07:15:21.0858 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/02/12 07:15:21.0890 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/02/12 07:15:21.0921 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/02/12 07:15:21.0936 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/02/12 07:15:21.0968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/02/12 07:15:22.0015 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/02/12 07:15:22.0030 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/02/12 07:15:22.0093 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
    2011/02/12 07:15:22.0124 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/02/12 07:15:22.0155 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/02/12 07:15:22.0186 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/02/12 07:15:22.0218 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/02/12 07:15:22.0233 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/02/12 07:15:22.0296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/02/12 07:15:22.0358 LCcfltr (2b81de27d63a2de5876eac1bc34ece9b) C:\WINDOWS\system32\Drivers\LCcFltr.Sys
    2011/02/12 07:15:22.0405 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
    2011/02/12 07:15:22.0421 LHidUsb (826aacb98a2ca5c51e982c748a60d645) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
    2011/02/12 07:15:22.0452 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
    2011/02/12 07:15:22.0499 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
    2011/02/12 07:15:22.0530 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/02/12 07:15:22.0577 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2011/02/12 07:15:22.0593 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/02/12 07:15:22.0640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/02/12 07:15:22.0686 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2011/02/12 07:15:22.0702 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/02/12 07:15:22.0765 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/02/12 07:15:22.0780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/02/12 07:15:22.0811 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    2011/02/12 07:15:22.0858 mr7910 (6aa46f9896d3c9e5a00e01bb416c707b) C:\WINDOWS\system32\DRIVERS\mr7910.sys
    2011/02/12 07:15:22.0890 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/02/12 07:15:22.0921 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/02/12 07:15:22.0999 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/02/12 07:15:23.0030 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/02/12 07:15:23.0077 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/02/12 07:15:23.0093 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/02/12 07:15:23.0140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/02/12 07:15:23.0155 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/02/12 07:15:23.0202 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/02/12 07:15:23.0218 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/02/12 07:15:23.0249 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/02/12 07:15:23.0280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/02/12 07:15:23.0296 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/02/12 07:15:23.0343 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/02/12 07:15:23.0374 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/02/12 07:15:23.0390 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/02/12 07:15:23.0436 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/02/12 07:15:23.0452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/02/12 07:15:23.0483 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/02/12 07:15:23.0530 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/02/12 07:15:23.0577 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/02/12 07:15:23.0640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/02/12 07:15:23.0796 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/02/12 07:15:23.0874 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys
    2011/02/12 07:15:23.0890 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys
    2011/02/12 07:15:23.0921 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/02/12 07:15:23.0936 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/02/12 07:15:23.0999 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/02/12 07:15:24.0030 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/02/12 07:15:24.0077 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/02/12 07:15:24.0093 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/02/12 07:15:24.0124 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/02/12 07:15:24.0140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/02/12 07:15:24.0249 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
    2011/02/12 07:15:24.0296 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/02/12 07:15:24.0327 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/02/12 07:15:24.0405 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
    2011/02/12 07:15:24.0452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/02/12 07:15:24.0483 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/02/12 07:15:24.0499 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/02/12 07:15:24.0530 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/02/12 07:15:24.0546 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/02/12 07:15:24.0577 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/02/12 07:15:24.0608 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/02/12 07:15:24.0640 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/02/12 07:15:24.0655 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/02/12 07:15:24.0686 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/02/12 07:15:24.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/02/12 07:15:24.0733 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/02/12 07:15:24.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/02/12 07:15:24.0796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/02/12 07:15:24.0827 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/02/12 07:15:24.0858 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/02/12 07:15:24.0890 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/02/12 07:15:24.0936 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/02/12 07:15:24.0983 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/02/12 07:15:25.0061 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/02/12 07:15:25.0093 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/02/12 07:15:25.0124 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/02/12 07:15:25.0155 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/02/12 07:15:25.0233 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/02/12 07:15:25.0265 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/02/12 07:15:25.0296 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/02/12 07:15:25.0343 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/02/12 07:15:25.0390 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/02/12 07:15:25.0436 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/02/12 07:15:25.0483 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2011/02/12 07:15:25.0561 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
    2011/02/12 07:15:25.0624 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/02/12 07:15:25.0655 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/02/12 07:15:25.0686 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/02/12 07:15:25.0733 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/02/12 07:15:25.0749 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/02/12 07:15:25.0796 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/02/12 07:15:25.0811 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/02/12 07:15:25.0858 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/02/12 07:15:25.0936 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/02/12 07:15:25.0999 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/02/12 07:15:26.0015 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/02/12 07:15:26.0061 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/02/12 07:15:26.0093 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/02/12 07:15:26.0124 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/02/12 07:15:26.0155 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/02/12 07:15:26.0233 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/02/12 07:15:26.0296 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/02/12 07:15:26.0327 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/02/12 07:15:26.0374 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/02/12 07:15:26.0421 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/02/12 07:15:26.0468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/02/12 07:15:26.0483 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/02/12 07:15:26.0515 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/02/12 07:15:26.0530 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/02/12 07:15:26.0546 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/02/12 07:15:26.0577 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/02/12 07:15:26.0593 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
    2011/02/12 07:15:26.0608 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/02/12 07:15:26.0640 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/02/12 07:15:26.0671 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/02/12 07:15:26.0702 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/02/12 07:15:26.0733 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/02/12 07:15:26.0827 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/02/12 07:15:26.0890 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2011/02/12 07:15:26.0983 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/02/12 07:15:27.0030 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/02/12 07:15:27.0061 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/02/12 07:15:27.0124 ================================================================================
    2011/02/12 07:15:27.0124 Scan finished
    2011/02/12 07:15:27.0124 ================================================================================
     
  14. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    No. I asked you to re-run DDS.
     
  15. grannaLA

    grannaLA TS Rookie Topic Starter Posts: 25

    Sorry, here it is:


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Erin at 10:55:49.43 on Sat 02/12/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1251 [GMT -6:00]

    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\Erin\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Erin\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.2theadvocate.com/
    uSearch Page =
    uSearch Bar =
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061017
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.cox.net/
    uInternet Settings,ProxyOverride = localhost
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant =
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
    BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
    uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe"
    mRun: [zBrowser Launcher] "c:\program files\logitech\itouch\iTouch.exe"
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [LogitechVideoRepair] "c:\program files\logitech\video\ISStart.exe"
    mRun: [LogitechVideoTray] "c:\program files\logitech\video\LogiTray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\docume~1\erin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\erin\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\erin\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: microsoft.com\office
    Trusted Zone: turbotax.com
    DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www1.snapfish.com/SnapfishOutlookImport.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
    DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.mpix.com/Customer/Uploading/activex/ImageUploader4.cab
    DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.mpix.com/Customer/Uploading/activex/ImageUploader3.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.mpix.com/Customer/Uploading/activex/ImageUploader4.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\erin\applic~1\mozilla\firefox\profiles\rnianj7q.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 5577
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\erin\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\erin\application data\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-10 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-10 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-10 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-10 61960]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-5 24652]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S2 gupdate1ca37853f36dd7e;Google Update Service (gupdate1ca37853f36dd7e);c:\program files\google\update\GoogleUpdate.exe [2009-9-17 133104]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

    =============== Created Last 30 ================

    2011-02-10 12:37:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-10 12:37:28 -------- d-----w- c:\program files\Avira
    2011-02-10 12:37:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

    ==================== Find3M ====================

    2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2008-07-02 21:09:43 7569408 ----a-w- c:\program files\setup_UT1.02.exe

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: SAMSUNG_SP2504C rev.VT100-48 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A68585C]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a68ba38]; MOV EAX, [0x8a68bab4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6D0AB8]
    3 CLASSPNP[0xBA0C8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000005f[0x8A6C5F18]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A75A940]
    \Driver\atapi[0x8A718BF0] -> IRP_MJ_CREATE -> 0x8A68585C
    kernel: MBR read successfully
    _asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SP2504C_________________________VT100-48#5&71de149&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8A6856A2
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 10:57:38.09 ===============
     
  16. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ===================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  17. grannaLA

    grannaLA TS Rookie Topic Starter Posts: 25

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000005c

    Kernel Drivers (total 149):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0x8A73B000 \WINDOWS\system32\KDCOM.DLL
    0xBA4BC000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA5AA000 dmload.sys
    0xB9F23000 dmio.sys
    0xBA0C8000 \WINDOWS\system32\drivers\CLASSPNP.SYS
    0xBA330000 PartMgr.sys
    0xBA0D8000 VolSnap.sys
    0xB9EF5000 atapi.sys
    0xBA0E8000 disk.sys
    0xB9EBB000 fltmgr.sys
    0xB9EA9000 sr.sys
    0xB9E93000 DRVMCDB.SYS
    0xBA338000 PxHelp20.sys
    0xB9E7C000 KSecDD.sys
    0xB9DEF000 Ntfs.sys
    0xB9DC2000 NDIS.sys
    0xB9DA8000 Mup.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\AmdK8.sys
    0xB8426000 \SystemRoot\system32\DRIVERS\atinavrr.sys
    0xB8403000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB99FA000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
    0xB8098000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB8084000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA4A8000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB8060000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA4B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBA5E6000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xBA1C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA1D8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xBA348000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xBA1E8000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB9466000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0xB802C000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
    0xB7F2D000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
    0xB7E86000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xBA378000 \SystemRoot\System32\Drivers\Modem.SYS
    0xB7E5E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA6C4000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB9406000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA564000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB7E47000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB93F6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB93E6000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA380000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB7E36000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB93D6000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA388000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA390000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB7E06000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA1F8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA398000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA3A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA5FC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB7D80000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA588000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB2CAC000 \SystemRoot\system32\drivers\sthda.sys
    0xB2C88000 \SystemRoot\system32\drivers\portcls.sys
    0xB360A000 \SystemRoot\system32\drivers\drmk.sys
    0xB30E0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xAEEA3000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA66E000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xAF477000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xAF46F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xB0439000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB3019000 \SystemRoot\System32\Drivers\Null.SYS
    0xB0437000 \SystemRoot\System32\Drivers\Beep.SYS
    0xABBC0000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
    0xABBB8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xABBB0000 \SystemRoot\System32\drivers\vga.sys
    0xB0435000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xB0433000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB3051000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xABBA8000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xAF467000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA9518000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA94BF000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA9497000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA9471000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA944F000 \SystemRoot\System32\drivers\afd.sys
    0xAEE63000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xABB98000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xA9424000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA93B4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xAE56F000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA938E000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xB042B000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xAE045000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xABB50000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xAE035000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB358A000 \SystemRoot\system32\drivers\lvusbsta.sys
    0xAE300000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xABB38000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xABB30000 \SystemRoot\system32\DRIVERS\HPZius12.sys
    0xABB28000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB3140000 \SystemRoot\system32\DRIVERS\HPZid412.sys
    0xAE2FC000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
    0xB3110000 \SystemRoot\system32\DRIVERS\IrBus.sys
    0xB3100000 \SystemRoot\System32\Drivers\LHidUsb.Sys
    0xB30F0000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
    0xAE2F8000 \SystemRoot\System32\Drivers\LCcFltr.Sys
    0xABB20000 \SystemRoot\system32\DRIVERS\hidir.sys
    0xA92AF000 \SystemRoot\system32\DRIVERS\LV302AV.SYS
    0xB30D0000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0xA9094000 \SystemRoot\system32\DRIVERS\lvsvf2.sys
    0xAF246000 \SystemRoot\system32\DRIVERS\lv302af.sys
    0xB30C0000 \SystemRoot\system32\drivers\usbaudio.sys
    0xB7403000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xABB18000 \SystemRoot\system32\DRIVERS\LHidFlt2.Sys
    0xB606C000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB84E8000 \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB6048000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA3C8000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xADFB0000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA891E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xBA188000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xBA7A0000 \SystemRoot\System32\DLA\DLADResN.SYS
    0xA8908000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xB7423000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xBA5C6000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xBA410000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0xA88F0000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0xA88DA000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0xAE6DD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA7FBD000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA7F80000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB5F2C000 \SystemRoot\system32\drivers\sysaudio.sys
    0xBA664000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xA7C29000 \SystemRoot\System32\Drivers\HTTP.sys
    0xBA61C000 \SystemRoot\system32\drivers\MSPQM.sys
    0xA79A1000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA7AC9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA6F9D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xB4339000 \??\C:\DOCUME~1\Erin\LOCALS~1\Temp\mbr.sys
    0x9C50E000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 82):
    0 System Idle Process
    4 System
    436 C:\WINDOWS\system32\smss.exe
    644 csrss.exe
    668 C:\WINDOWS\system32\winlogon.exe
    716 C:\WINDOWS\system32\services.exe
    728 C:\WINDOWS\system32\lsass.exe
    956 C:\WINDOWS\system32\svchost.exe
    1028 svchost.exe
    1156 C:\WINDOWS\system32\svchost.exe
    1300 svchost.exe
    1448 svchost.exe
    1600 C:\WINDOWS\system32\spoolsv.exe
    1768 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1780 C:\WINDOWS\explorer.exe
    1936 svchost.exe
    216 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    260 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    272 C:\Program Files\Bonjour\mDNSResponder.exe
    456 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    488 C:\WINDOWS\ehome\ehrecvr.exe
    692 C:\WINDOWS\ehome\ehSched.exe
    1232 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    1964 C:\Program Files\Java\jre6\bin\jqs.exe
    536 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1956 C:\WINDOWS\system32\nvsvc32.exe
    2224 svchost.exe
    2320 C:\WINDOWS\system32\svchost.exe
    2416 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    2536 mcrdsvc.exe
    2680 C:\Program Files\Canon\CAL\CALMAIN.exe
    3188 C:\WINDOWS\system32\dllhost.exe
    3412 alg.exe
    3956 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    856 C:\WINDOWS\ehome\ehtray.exe
    2916 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    3248 C:\WINDOWS\ehome\ehmsas.exe
    3256 C:\WINDOWS\stsystra.exe
    3364 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    3388 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    1800 C:\Program Files\Logitech\iTouch\iTouch.exe
    3516 C:\WINDOWS\system32\LVCOMSX.EXE
    2932 C:\Program Files\Logitech\Video\LogiTray.exe
    2940 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3740 C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    1788 C:\Program Files\iTunes\iTunesHelper.exe
    2188 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3976 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
    1504 C:\WINDOWS\system32\ctfmon.exe
    4016 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    4024 C:\Program Files\Logitech\Video\FxSvr2.exe
    4080 C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    4092 C:\Program Files\Messenger\msmsgs.exe
    552 C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    624 C:\Program Files\Digital Line Detect\DLG.exe
    1356 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    1528 C:\Documents and Settings\Erin\Application Data\Dropbox\bin\Dropbox.exe
    1692 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    3872 C:\Program Files\iPod\bin\iPodService.exe
    2552 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    1120 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    2956 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    3272 C:\WINDOWS\system32\wuauclt.exe
    1560 C:\WINDOWS\system32\wuauclt.exe
    3580 OSPPSVC.EXE
    2736 C:\Program Files\Mozilla Firefox\firefox.exe
    2164 C:\WINDOWS\system32\wuauclt.exe
    3788 C:\WINDOWS\system32\wuauclt.exe
    2584 C:\WINDOWS\system32\wuauclt.exe
    4200 C:\WINDOWS\system32\wuauclt.exe
    2672 C:\WINDOWS\explorer.exe
    5000 C:\WINDOWS\explorer.exe
    5376 C:\WINDOWS\system32\HPZipm12.exe
    6048 C:\WINDOWS\system32\wuauclt.exe
    4372 C:\Program Files\Mozilla Firefox\firefox.exe
    5940 C:\Program Files\Mozilla Firefox\firefox.exe
    1664 C:\Program Files\Mozilla Firefox\firefox.exe
    4828 C:\Program Files\Internet Explorer\iexplore.exe
    4408 C:\Program Files\Internet Explorer\iexplore.exe
    4232 wmiprvse.exe
    3380 C:\Program Files\Internet Explorer\iexplore.exe
    1844 C:\Documents and Settings\Erin\Local Settings\Temporary Internet Files\Content.IE5\REGZS0TV\MBRCheck[1].exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04699200 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGSP2504C, Rev: VT100-48

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Dell MBR code detected
    SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


    Done!


    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3919872 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 82.68 )
    0xB8098000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3584000 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 82.68 )
    0xA9094000 C:\WINDOWS\system32\DRIVERS\lvsvf2.sys 2207744 bytes (Logitech Inc., SmoothVision filter)
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2150400 bytes
    0x804D7000 RAW 2150400 bytes
    0x804D7000 WMIxWDM 2150400 bytes
    0xBF800000 Win32k 1855488 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xB2CAC000 C:\WINDOWS\system32\drivers\sthda.sys 1126400 bytes (SigmaTel, Inc., NDRC)
    0xB7F2D000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
    0xA92AF000 C:\WINDOWS\system32\DRIVERS\LV302AV.SYS 913408 bytes (Logitech Inc., Logitech QuickCam Driver)
    0xB7E86000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0xB9DEF000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xA93B4000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xB7D80000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xA94BF000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xA79A1000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xB8426000 C:\WINDOWS\system32\DRIVERS\atinavrr.sys 270336 bytes (ATI Technologies Inc., ATI Unified AVStream Driver)
    0xA7C29000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB802C000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
    0xB7E06000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xA7FBD000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xB9DC2000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0x9C50E000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xA9424000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xB7E5E000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xA9497000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xA938E000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
    0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xA9471000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xB2C88000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xB8060000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xB8403000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xA944F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x806E4000 ACPI_HAL 134400 bytes
    0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB9EBB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xB9DA8000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xB9EF5000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xA88F0000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
    0xB9E7C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB7E47000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xA8908000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
    0xA88DA000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
    0xB9E93000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
    0xA891E000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
    0xA7F80000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xB8084000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xA9518000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xB9EA9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xB7E36000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xB9466000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
    0xAE045000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xBA1C8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xB84E8000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys 65536 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
    0xB360A000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xBA1D8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xB5F2C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xB30C0000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
    0xAEEA3000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xBA1A8000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
    0xBA0C8000 C:\WINDOWS\system32\drivers\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xB3140000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
    0xB9406000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xB30D0000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
    0xBA0D8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xB3110000 C:\WINDOWS\system32\DRIVERS\IrBus.sys 49152 bytes (Microsoft Corporation, USB Consumer IR Driver for eHome)
    0xB93E6000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xAE56F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xBA1E8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xB358A000 C:\WINDOWS\system32\drivers\lvusbsta.sys 45056 bytes (Logitech Inc., USB Statistic Driver)
    0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xB93F6000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xBA188000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
    0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xB30E0000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xBA1F8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xBA0E8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xB30F0000 C:\WINDOWS\System32\Drivers\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xB3100000 C:\WINDOWS\System32\Drivers\LHidUsb.Sys 36864 bytes (Logitech, Inc., Logitech USB Mouse Function Driver.)
    0xB93D6000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xAEE63000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xA620E000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0xAE035000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xBA378000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xABBA8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xABB50000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xBA4B0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xBA410000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
    0xABBB8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xB4339000 C:\DOCUME~1\Erin\LOCALS~1\Temp\mbr.sys 28672 bytes
    0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xABB38000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
    0xABB28000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xABBC0000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
    0xBA348000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xABB30000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
    0xBA398000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xABB18000 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys 24576 bytes (Logitech, Inc., Logitech HID Filter Driver.)
    0xBA3A0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xABB98000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
    0xABBB0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xABB20000 C:\WINDOWS\system32\DRIVERS\hidir.sys 20480 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
    0xB3051000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xBA388000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xBA338000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xBA390000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xBA380000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xBA4A8000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0xBA3C8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xA6F9D000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
    0xB7423000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
    0xAE2FC000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
    0xB7403000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xAE2F8000 C:\WINDOWS\System32\Drivers\LCcFltr.Sys 16384 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
    0xAF477000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
    0xBA588000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xAE6DD000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xAE300000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
    0xB99FA000 C:\WINDOWS\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
    0xBA4BC000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xB6048000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xAF46F000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
    0x8A73B000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xA7AC9000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
    0xB606C000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xBA564000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xAF467000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xBA664000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows (R) 2000 DDK provider, TR Manager)
    0xB042B000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
    0xB0437000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xBA5E6000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
    0xBA5C6000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
    0xBA5AA000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xB0439000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xAF246000 C:\WINDOWS\system32\DRIVERS\lv302af.sys 8192 bytes (Logitech Inc., Audio filter for Express Plus)
    0xB0435000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xBA61C000 C:\WINDOWS\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
    0xB0433000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xBA5FC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xBA66E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xBA5A8000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xBA6C4000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xBA7A0000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
    0xADFB0000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xB3019000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    !!!!!!!!!!!Hidden driver: 0x8A6856A2 ?_empty_? 2398 bytes
    ==============================================
    >Stealth
    ==============================================
    0xB9EF5000 WARNING: suspicious driver modification [atapi.sys::0x8A6856A2]
    0x05990000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 1077248 bytes
    0x05930000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 126976 bytes
    0x036D0000 Hidden Image-->System.XML.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 2060288 bytes
    0x04A80000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 266240 bytes
    0x047D0000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 270336 bytes
    0x05D40000 Hidden Image-->log4net.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 282624 bytes
    0x04460000 Hidden Image-->System.Data.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 2961408 bytes
    0x05020000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 307200 bytes
    0x038E0000 Hidden Image-->System.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 3190784 bytes
    0x06890000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 421888 bytes
    0x03630000 Hidden Image-->System.configuration.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 438272 bytes
    0x013C0000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 471040 bytes
    0x048C0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 479232 bytes
    0x06390000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 479232 bytes
    0x05270000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 5033984 bytes
    0x01330000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 53248 bytes
    0x057B0000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 634880 bytes
    0x01370000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 77824 bytes
    0x04390000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 778240 bytes
    0x03610000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 86016 bytes
    0x06210000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x8A4C6DA0 ] PID: 1232, 872448 bytes
     
  18. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  19. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Middle part of the log is missing.
    You have to repost it.

    Also...

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\windows\regedit.exe
    - c:\windows\system32\drivers\atapi.sys
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  20. grannaLA

    grannaLA TS Rookie Topic Starter Posts: 25

    Ok here it is again. This is part 1

    ComboFix 11-02-11.02 - Erin 02/12/2011 12:02:52.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1567 [GMT -6:00]
    Running from: c:\documents and settings\Erin\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\autorun.inf
    c:\program files\Shared

    c:\windows\regedit.exe . . . is infected!!

    .
    \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4


    ((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
    .

    2011-02-10 12:37 . 2011-01-10 20:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-10 12:37 . 2011-01-10 20:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-02-10 12:37 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-02-10 12:37 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-02-10 12:37 . 2011-02-10 12:37 -------- d-----w- c:\program files\Avira
    2011-02-10 12:37 . 2011-02-10 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-02-08 01:37 . 2011-02-08 01:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG10
    2011-02-06 19:56 . 2011-02-06 19:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-21 00:09 . 2003-01-02 02:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 00:08 . 2003-01-02 02:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12 . 2005-08-16 09:40 81920 ----a-w- c:\windows\system32\isign32.dll
    2008-07-02 21:09 . 2008-05-16 05:17 7569408 ----a-w- c:\program files\setup_UT1.02.exe
    .

    ------- Sigcheck -------

    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
    [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
    [-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

    [-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
    [-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
    [-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\kbdclass.sys

    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
    [-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
    [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
    [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
    [-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

    [-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
    [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
    [-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
    [-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
    [-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
    [-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
    [-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    [-] 2004-08-10 10:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll

    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
    [-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
    [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
    [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
    [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
    [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
    [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
    [-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
    [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
    [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
    [-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

    [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
    [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
    [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
    [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

    [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
    [-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    [-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
    [-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    [-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
    [-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [-] 2004-08-10 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
    [-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

    [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
    [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
    [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
    [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
    [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
    [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
    [-] 2004-08-10 10:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
    [-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
    [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
    [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    [-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
    [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
    [-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
    [-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
    [-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
    [-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

    [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
    [-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
    [-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    [-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
    [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
    [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
    [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
    [-] 2004-08-10 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
    [-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
    [-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
    [-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
    [-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
    [-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
    [-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
    [-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    [-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
    [-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
    [-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
    [-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
    [-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
    [-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    [-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

    [-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
    [-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
    [-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
    [-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
    [-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
    [-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
    [-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
    [-] 2004-08-10 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll

    [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
    [-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
    [-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
    [-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
    [-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll

    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
    [-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
    [-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
    [-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    [-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
    [-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
    [-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
    [-] 2004-08-10 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
    [-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
    [-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
    [-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
    [-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
    [-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll

    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
    [-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    [-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll

    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
    [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
    [-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

    [-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
    [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
    [-] 2004-08-04 03:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
    [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
    [-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

    [-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
    [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
    [-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
    [-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
    [-] 2004-08-10 10:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
    [-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

    [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
    [-] 2005-08-03 23:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
    [-] 2005-08-03 23:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [-] 2004-08-10 10:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

    [-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
    [-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe
    [-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe
    [-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
    [-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
    [-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
    [-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
    [-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
    [-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
    [-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
    [-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    [-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
    [-] 2008-08-14 . 8206B5F94A6A9450E934029420C1693F . 2023936 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
    [-] 2008-08-14 . 501FDE895F35DF1DAE49FD54BBF9D396 . 2020864 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
    [-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
    [-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2007-02-28 . 2DFB215E291E3D9B1CF9A6739B3BF16C . 2017280 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
    [-] 2006-12-19 . FA64F313F5237C53A909906113ACAE7D . 2017280 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
    [-] 2005-06-23 . 65F4B29A0793ADB5D924FB3F47F1BCA4 . 2015744 . . [5.1.2600.2705] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
    [-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
    [-] 2004-08-10 10:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
    [-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
    [-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
    [-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll

    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
    [-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
    [-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
    [-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
    [-] 2004-08-10 10:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
    [-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
    [-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
    [-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

    [-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe
    [-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe
    [-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
    [-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
    [-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
    [-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
    [-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
    [-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
    [-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
    [-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
    [-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    [-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
    [-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
    [-] 2008-08-14 . 60794EA12961B7341AD54C731B50AE15 . 2142720 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
    [-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
    [-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
    [-] 2006-12-19 . 57B9D140E1EB8B0EA06DF927B63B0EEE . 2137600 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
    [-] 2005-06-23 . 5611F453C6D20AB0552956F39BCDDB88 . 2136064 . . [5.1.2600.2705] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
    [-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
    [-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
    [-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll

    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
    [-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
    [-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
    [-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
    [-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
     
  21. grannaLA

    grannaLA TS Rookie Topic Starter Posts: 25

    Here's part 2. These two posts should be the entire log.

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Erin\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Erin\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Erin\Application Data\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-05-12 20480]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-25 39408]
    "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2009-12-17 149224]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

    c:\documents and settings\Erin\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Erin\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-17 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\Erin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/10/2011 6:37 AM 135336]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/5/2008 12:22 PM 24652]
    S2 gupdate1ca37853f36dd7e;Google Update Service (gupdate1ca37853f36dd7e);c:\program files\Google\Update\GoogleUpdate.exe [9/17/2009 4:54 AM 133104]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25 AM 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

    2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-17 10:54]

    2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-17 10:54]

    2011-02-12 c:\windows\Tasks\User_Feed_Synchronization-{F019A4B5-EE0F-4FE3-8ECB-378D1216C1F9}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.2theadvocate.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.cox.net/
    uInternet Settings,ProxyOverride = localhost
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: microsoft.com\office
    Trusted Zone: turbotax.com
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\documents and settings\Erin\Application Data\Mozilla\Firefox\Profiles\rnianj7q.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 5577
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Erin\Application Data\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-*{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
    WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
    SafeBoot-klmdb.sys



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-02-12 12:14
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1236)
    c:\windows\system32\WININET.dll
    c:\docume~1\Erin\LOCALS~1\Temp\IadHide4.dll
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\documents and settings\Erin\Application Data\Dropbox\bin\DropboxExt.13.dll
    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll
    c:\program files\Logitech\iTouch\iTchHk.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\windows\stsystra.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Logitech\MouseWare\system\em_exec.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Logitech\Video\FxSvr2.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\dllhost.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-12 12:19:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-12 18:19

    Pre-Run: 152,266,375,168 bytes free
    Post-Run: 152,202,149,888 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - 0171227AE2A852FC37C8CE9F063B5877
     
  22. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Now I need that scan from VirusTotal
     
  23. grannaLA

    grannaLA TS Rookie Topic Starter Posts: 25

    Screen shot from 're-analyze' of regedit.exe file. Didn't see where it went to a log.

    2 VT Community user(s) with a total of 7 reputation credit(s) say(s) this sample is goodware. 2 VT Community user(s) with a total of 2 reputation credit(s) say(s) this sample is malware.
    File name: regedit.exe
    Submission date: 2011-02-12 22:09:55 (UTC)
    Current status: queued (#78) queued (#78) analysing finished


    Result: 0/ 42 (0.0%)
    VT Community

    goodware
    Safety score: 77.8%
    Compact Print results Antivirus Version Last Update Result
    AhnLab-V3 2011.02.06.00 2011.02.06 -
    AntiVir 7.11.3.52 2011.02.12 -
    Antiy-AVL 2.0.3.7 2011.02.12 -
    Avast 4.8.1351.0 2011.02.12 -
    Avast5 5.0.677.0 2011.02.12 -
    AVG 10.0.0.1190 2011.02.12 -
    BitDefender 7.2 2011.02.12 -
    CAT-QuickHeal 11.00 2011.02.12 -
    ClamAV 0.96.4.0 2011.02.12 -
    Commtouch 5.2.11.5 2011.02.12 -
    Comodo 7664 2011.02.12 -
    DrWeb 5.0.2.03300 2011.02.12 -
    eSafe 7.0.17.0 2011.02.10 -
    eTrust-Vet 36.1.8154 2011.02.11 -
    F-Prot 4.6.2.117 2011.02.04 -
    F-Secure 9.0.16160.0 2011.02.12 -
    Fortinet 4.2.254.0 2011.02.12 -
    GData 21 2011.02.12 -
    Ikarus T3.1.1.97.0 2011.02.12 -
    Jiangmin 13.0.900 2011.02.12 -
    K7AntiVirus 9.83.3836 2011.02.12 -
    Kaspersky 7.0.0.125 2011.02.12 -
    McAfee 5.400.0.1158 2011.02.12 -
    McAfee-GW-Edition 2010.1C 2011.02.12 -
    Microsoft 1.6502 2011.02.12 -
    NOD32 5868 2011.02.12 -
    Norman 6.07.03 2011.02.12 -
    nProtect 2011-01-27.01 2011.02.02 -
    Panda 10.0.3.5 2011.02.12 -
    PCTools 7.0.3.5 2011.02.12 -
    Prevx 3.0 2011.02.12 -
    Rising 23.44.05.00 2011.02.12 -
    Sophos 4.61.0 2011.02.12 -
    SUPERAntiSpyware 4.40.0.1006 2011.02.12 -
    Symantec 20101.3.0.103 2011.02.12 -
    TheHacker 6.7.0.1.126 2011.02.10 -
    TrendMicro 9.200.0.1012 2011.02.12 -
    TrendMicro-HouseCall 9.200.0.1012 2011.02.12 -
    VBA32 3.12.14.3 2011.02.11 -
    VIPRE 8397 2011.02.12 -
    ViRobot 2011.2.12.4307 2011.02.12 -
    VirusBuster 13.6.196.0 2011.02.12 -
    Additional informationShow all
    MD5 : 058710b720282ca82b909912d3ef28db
    SHA1 : 48f4612efeb713a5860726fdb999ceceff07557d
    SHA256: 97535e75ca6a77e6bcb81216b0fb383024709539727fd656df6afd33a50cad04
    ssdeep: 3072:NtkaZgxktEdSja2qLckP+4AnrIKvOBI+huG0TG0uvJb9w:NtkqxrqLckP+xn0YOBI+AG0T
    G0
    File size : 146432 bytes
    First seen: 2009-02-12 04:39:45
    Last seen : 2011-02-12 22:09:55
    TrID:
    Win32 Executable MS Visual C++ (generic) (53.1%)
    Windows Screen Saver (18.4%)
    Win32 Executable Generic (12.0%)
    Win32 Dynamic Link Library (generic) (10.6%)
    Generic Win/DOS Executable (2.8%)
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. All rights reserved.
    product......: Microsoft_ Windows_ Operating System
    description..: Registry Editor
    original name: REGEDIT.EXE
    internal name: REGEDIT
    file version.: 5.1.2600.5512 (xpsp.080413-2111)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned

    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x1691E
    timedatestamp....: 0x48025214 (Sun Apr 13 18:33:56 2008)
    machinetype......: 0x14c (I386)

    [[ 3 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x17902, 0x17A00, 6.37, 8d566c1e457741cced3b34f6d18c225d
    .data, 0x19000, 0x40DA0, 0x400, 1.20, def7edb164ce2210badeb06959cdaa48
    .rsrc, 0x5A000, 0xB8B0, 0xBA00, 3.68, 55c800dc56999ec2683a54271953b1b7

    [[ 14 import(s) ]]
    msvcrt.dll: __p__commode, _adjust_fdiv, __p__fmode, _initterm, __getmainargs, _acmdln, __set_app_type, _except_handler3, __setusermatherr, _controlfp, exit, _XcptFilter, _exit, _c_exit, swprintf, iswprint, wcsncpy, wcslen, wcscat, wcscpy, _purecall, iswctype, wcscmp, wcschr, wcsncmp, wcsrchr, _cexit, memmove
    ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, InitializeSecurityDescriptor, RegDeleteValueW, InitializeAcl, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetInheritanceSourceW, LookupAccountSidW, GetSidSubAuthorityCount, GetSidSubAuthority, GetSecurityDescriptorControl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, SetSecurityInfo, SetNamedSecurityInfoW, GetNamedSecurityInfoW, MapGenericMask, RegSetValueExA, RegSetValueW, RegFlushKey, RegSaveKeyW, RegRestoreKeyW, RegConnectRegistryW, RegQueryValueExW, RegCloseKey, RegOpenKeyW, RegSetValueExW, RegCreateKeyW, RegEnumValueW, RegEnumKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegUnLoadKeyW, RegLoadKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegDeleteKeyW
    KERNEL32.dll: ReadFile, DeleteFileW, WriteFile, WideCharToMultiByte, CreateFileW, OutputDebugStringW, GetLastError, SetFilePointer, GetFileSize, SearchPathW, GetTimeFormatW, GetDateFormatW, GetSystemDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, FreeLibrary, LoadLibraryW, MulDiv, lstrcpynW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, MultiByteToWideChar, lstrcmpW, FormatMessageW, GetThreadLocale, GetModuleHandleW, ExitProcess, GetCommandLineW, GetProcessHeap, lstrcatW, LocalAlloc, GetCurrentProcess, CloseHandle, LocalFree, GetComputerNameW, lstrcmpiW, lstrlenW, lstrcpyW, LocalReAlloc, GlobalAlloc, GlobalLock, GlobalUnlock, GetProcAddress, LoadLibraryA
    GDI32.dll: GetStockObject, SetAbortProc, StartDocW, StartPage, SetViewportOrgEx, EndPage, EndDoc, AbortDoc, DeleteDC, CreateBitmap, CreatePatternBrush, PatBlt, ExcludeClipRect, SelectClipRgn, DeleteObject, SetBkColor, SetTextColor, ExtTextOutW, GetDeviceCaps, CreateFontIndirectW, SelectObject, GetTextMetricsW
    USER32.dll: SendDlgItemMessageW, SetDlgItemTextW, SetWindowLongW, DefWindowProcW, ReleaseDC, GetDC, SetScrollInfo, wsprintfW, DestroyCaret, ReleaseCapture, KillTimer, SetCaretPos, ScrollWindowEx, ShowCaret, HideCaret, InvalidateRect, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, GetClipboardData, WinHelpW, EndDialog, GetWindowLongW, EndPaint, BeginPaint, CreateCaret, SetTimer, SetCapture, SetFocus, CharLowerW, GetDlgItem, DestroyMenu, TrackPopupMenuEx, IsClipboardFormatAvailable, EnableMenuItem, GetSubMenu, LoadMenuW, GetKeyState, RegisterClassW, LoadCursorW, RegisterClipboardFormatW, CheckRadioButton, SendMessageW, GetWindowTextW, GetParent, GetDlgItemTextW, IsDlgButtonChecked, GetDlgCtrlID, CallWindowProcW, GetWindowTextLengthW, GetDlgItemInt, PostQuitMessage, GetWindowPlacement, SetWindowTextW, EnableWindow, GetWindowRect, DrawMenuBar, InsertMenuItemW, DeleteMenu, SetMenuItemInfoW, GetMenu, GetMenuItemInfoW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsIconic, DestroyIcon, LoadImageW, GetSysColor, SetCursor, ShowCursor, ShowWindow, SetWindowPlacement, CreateWindowExW, GetProcessDefaultLayout, GetMessageW, ScreenToClient, SetCursorPos, DispatchMessageW, ClientToScreen, GetDesktopWindow, LoadIconW, PostMessageW, SetMenuDefaultItem, InsertMenuW, GetMenuItemID, CheckMenuItem, UpdateWindow, RegisterClassExW, CharNextW, GetClientRect, DestroyWindow, CreateDialogParamW, CheckDlgButton, DrawAnimatedRects, IntersectRect, ModifyMenuW, GetMessagePos, TranslateMessage, TranslateAcceleratorW, LoadAcceleratorsW, SetForegroundWindow, GetLastActivePopup, BringWindowToTop, FindWindowW, LoadStringW, GetWindow, IsDialogMessageW, PeekMessageW, MessageBoxW, CharUpperBuffW, CharUpperW, IsCharAlphaNumericW, GetSystemMetrics, MoveWindow, MapWindowPoints, DialogBoxParamW, SetWindowPos, MessageBeep
    COMCTL32.dll: -, -, -, -, InitCommonControlsEx, -, -, ImageList_SetBkColor, ImageList_Create, ImageList_Destroy, -, -, ImageList_ReplaceIcon, -, -, -, -, CreateStatusWindowW
    comdlg32.dll: GetOpenFileNameW, GetSaveFileNameW, PrintDlgExW
    SHELL32.dll: ShellAboutW, DragQueryFileW, DragFinish
    AUTHZ.dll: AuthzInitializeContextFromSid, AuthzAccessCheck, AuthzFreeContext, AuthzFreeResourceManager, AuthzInitializeResourceManager
    ACLUI.dll: -
    ole32.dll: CoCreateInstance, CoUninitialize, CoInitializeEx, ReleaseStgMedium
    ulib.dll: _Resize@DSTRING@@UAEEK@Z, _Initialize@ARRAY@@QAEEKK@Z, _NewBuf@DSTRING@@UAEEK@Z, __1DSTRING@@UAE@XZ, __1OBJECT@@UAE@XZ, __0OBJECT@@IAE@XZ, _Compare@OBJECT@@UBEJPBV1@@Z, __0DSTRING@@QAE@XZ, _Initialize@WSTRING@@QAEEPBV1@KK@Z, _Strcat@WSTRING@@QAEEPBV1@@Z, __0ARRAY@@QAE@XZ, _Initialize@WSTRING@@QAEEPBGK@Z
    clb.dll: ClbAddData, ClbSetColumnWidths
    ntdll.dll: RtlFreeHeap, RtlAllocateHeap

    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 96768
    CompanyName: Microsoft Corporation
    EntryPoint: 0x1691e
    FileDescription: Registry Editor
    FileFlagsMask: 0x003f
    FileOS: Windows NT 32-bit
    FileSize: 143 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
    FileVersionNumber: 5.1.2600.5512
    ImageVersion: 5.1
    InitializedDataSize: 313344
    InternalName: REGEDIT
    LanguageCode: English (U.S.)
    LegalCopyright: Microsoft Corporation. All rights reserved.
    LinkerVersion: 7.1
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 5.1
    ObjectFileType: Executable application
    OriginalFilename: REGEDIT.EXE
    PEType: PE32
    ProductName: Microsoft Windows Operating System
    ProductVersion: 5.1.2600.5512
    ProductVersionNumber: 5.1.2600.5512
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2008:04:13 20:33:56+02:00
    UninitializedDataSize: 0
     
  24. grannaLA

    grannaLA TS Rookie Topic Starter Posts: 25

    And screen shot of the atapi.sys file:


    File name: atapi.sys
    Submission date: 2011-02-12 22:17:05 (UTC)
    Current status: queued queued (#78) analysing finished


    Result: 0/ 43 (0.0%)
    VT Community

    goodware
    Safety score: 100.0%
    Compact Print results Antivirus Version Last Update Result
    AhnLab-V3 2011.02.06.00 2011.02.06 -
    AntiVir 7.11.3.52 2011.02.12 -
    Antiy-AVL 2.0.3.7 2011.02.12 -
    Avast 4.8.1351.0 2011.02.12 -
    Avast5 5.0.677.0 2011.02.12 -
    AVG 10.0.0.1190 2011.02.12 -
    BitDefender 7.2 2011.02.12 -
    CAT-QuickHeal 11.00 2011.02.12 -
    ClamAV 0.96.4.0 2011.02.12 -
    Commtouch 5.2.11.5 2011.02.12 -
    Comodo 7664 2011.02.12 -
    DrWeb 5.0.2.03300 2011.02.12 -
    Emsisoft 5.1.0.2 2011.02.12 -
    eSafe 7.0.17.0 2011.02.10 -
    eTrust-Vet 36.1.8154 2011.02.11 -
    F-Prot 4.6.2.117 2011.02.04 -
    F-Secure 9.0.16160.0 2011.02.12 -
    Fortinet 4.2.254.0 2011.02.12 -
    GData 21 2011.02.12 -
    Ikarus T3.1.1.97.0 2011.02.12 -
    Jiangmin 13.0.900 2011.02.12 -
    K7AntiVirus 9.83.3836 2011.02.12 -
    Kaspersky 7.0.0.125 2011.02.12 -
    McAfee 5.400.0.1158 2011.02.12 -
    McAfee-GW-Edition 2010.1C 2011.02.12 -
    Microsoft 1.6502 2011.02.12 -
    NOD32 5868 2011.02.12 -
    Norman 6.07.03 2011.02.12 -
    nProtect 2011-01-27.01 2011.02.02 -
    Panda 10.0.3.5 2011.02.12 -
    PCTools 7.0.3.5 2011.02.12 -
    Prevx 3.0 2011.02.12 -
    Rising 23.44.05.00 2011.02.12 -
    Sophos 4.61.0 2011.02.12 -
    SUPERAntiSpyware 4.40.0.1006 2011.02.12 -
    Symantec 20101.3.0.103 2011.02.12 -
    TheHacker 6.7.0.1.126 2011.02.10 -
    TrendMicro 9.200.0.1012 2011.02.12 -
    TrendMicro-HouseCall 9.200.0.1012 2011.02.12 -
    VBA32 3.12.14.3 2011.02.11 -
    VIPRE 8397 2011.02.12 -
    ViRobot 2011.2.12.4307 2011.02.12 -
    VirusBuster 13.6.196.0 2011.02.12 -
    Additional informationShow all
    MD5 : 9f3a2f5aa6875c72bf062c712cfa2674
    SHA1 : a719156e8ad67456556a02c34e762944234e7a44
    SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
    ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1KbDD0uu:MQ+N7
    4vkEZIxMohjsimBoDTRMBwFktZu
    File size : 96512 bytes
    First seen: 2009-01-14 22:53:16
    Last seen : 2011-02-12 22:17:05
    TrID:
    Win32 Executable Generic (68.0%)
    Generic Win/DOS Executable (15.9%)
    DOS Executable Generic (15.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. All rights reserved.
    product......: Microsoft_ Windows_ Operating System
    description..: IDE/ATAPI Port Driver
    original name: atapi.sys
    internal name: atapi.sys
    file version.: 5.1.2600.5512 (xpsp.080413-2108)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned

    packers (Kaspersky): PE_Patch
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x159F7
    timedatestamp....: 0x4802539D (Sun Apr 13 18:40:29 2008)
    machinetype......: 0x14c (I386)

    [[ 9 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x380, 0x97BA, 0x9800, 6.45, 0d7d81391f33c6450a81be1e3ac8c7b7
    NONPAGE, 0x9B80, 0x18E8, 0x1900, 6.48, c74a833abd81cc5d037de168e055ad29
    .rdata, 0xB480, 0xA64, 0xA80, 4.31, 8523651899e28819a14bf9415af25708
    .data, 0xBF00, 0xD94, 0xE00, 0.45, 3575b51634ae7a56f55f1ee0a6213834
    PAGESCAN, 0xCD00, 0x157F, 0x1580, 6.20, dc4c309c4db9576daa752fdd125fccf9
    PAGE, 0xE280, 0x61DA, 0x6200, 6.46, 40b83d4d552384e58a03517a98eb4863
    INIT, 0x14480, 0x22BE, 0x2300, 6.47, 906462abc478368424ea462d5868d2e3
    .rsrc, 0x16780, 0x3E0, 0x400, 3.36, 8fd2d82e745b289c28bc056d3a0d62ab
    .reloc, 0x16B80, 0xD20, 0xD80, 6.39, ce2b0898cc0e40b618e5df9099f6be45

    [[ 3 import(s) ]]
    ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, KeCancelTimer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, IoCreateDevice, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlDeleteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, PoCallDriver, memmove, MmHighestUserAddress
    HAL.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
    WMILIB.SYS: WmiSystemControl, WmiCompleteRequest
     
  25. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    How is redirection?

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ======================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    regedit.exe
    atapi.sys
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...