I am unable to access anything on the affected computer to be able to post the mandatory logs and scans.
Dept of Justice MoneyPak Virus
- Thread starter great_mazinga
- Start date
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi,
Please print these instruction out so that you know what you are doing
Please print these instruction out so that you know what you are doing
- Download OTLPE from here to your desktop
- Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here - Wait for the CD to detect your hardware and load the operating system
- Your system should now display a Reatogo desktop
Note : as you are running from CD it is not exactly speedy
While in OTLPE, double click the OTLPE icon.
- Select the Windows folder of the infected drive if it asks for a location.
- When asked Do you wish to load the remote registry, select Yes.
- When asked Do you wish to load remote user profile(s) for scanning, select Yes.
- Ensure the box Automatically Load All Remaining Users is checked and press OK.
- OTL should now start
- Check the boxes beside LOP Check and Purity Check
- Press the Run Scan button
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to a USB drive if you do not have internet connection on the system.
- Please attach the content of OTL.txt in your next reply.
Thank you so much. I will try this tonight. Just to be clear, I am still using my Kaspersky rescue CD data for the above instructions? Will notify of results. Thanks again, so much!!!
Fiery
Level 1
- Jan 11, 2011
- 2,007
Ok, try the Kaspersky CD first. If you still can`t boot to normal mode, than follow the instructions for OTLPE.
If you can boot normally, follow the instructions here:
http://malwaretips.com/Announcement-NEED-HELP-REMOVING-VIRUSES-Mandatory-scans-and-logs-before-we-start
If you can boot normally, follow the instructions here:
http://malwaretips.com/Announcement-NEED-HELP-REMOVING-VIRUSES-Mandatory-scans-and-logs-before-we-start
Sorry, I guess I didn't understand that OTPLE was a different rescue CD, thought it was only bringing me the burner for Kaspersky. I'll try your original instructions, as it looks easy to follow. Sorry to confuse the issue. Thanks again.
Fiery said:
OTL logfile created on: 4/16/2013 10:36:21 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 21.73 Gb Free Space | 38.89% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/03/12 21:57:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/26 07:14:43 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/03/14 22:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 22:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 22:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 20:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 19:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 20:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 20:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/09/02 19:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/07/08 04:13:14 | 000,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/02/14 12:01:02 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130322.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/02/14 12:01:02 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130322.005\NAVENG.SYS -- (NAVENG)
DRV - [2012/07/31 20:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/31 20:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/03 14:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/11/03 14:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2007/05/22 18:49:26 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/02/12 20:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 20:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/10 19:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/06 17:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 17:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/11/14 16:30:03 | 000,015,872 | ---- | M] () [Kernel | On_Demand] -- C:\Documents and Settings\Myles\Local Settings\Temp\bfastfao.sys -- (bfastfao)
DRV - [2005/08/09 18:46:27 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/06/29 02:01:58 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/17 18:17:48 | 000,352,000 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/06/17 18:17:00 | 000,038,144 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/11 00:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/25 05:39:44 | 000,465,952 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/05/09 18:17:06 | 000,031,360 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/05/05 17:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2005/03/31 20:08:02 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/31 19:08:46 | 001,034,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/31 19:08:00 | 000,714,880 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/02 19:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/19 19:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Myles_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\Myles_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/27 19:53:48 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Myles_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\Myles_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [DisplaySwitch] C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe (Корпорация Майкрософт)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe ()
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\Myles_ON_C..\Run: [EapAuthenticationMgmt] File not found
O4 - HKU\Myles_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Myles_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355885119625 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/09 17:19:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/04/13 00:54:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/04/02 21:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/03/23 00:06:01 | 000,039,936 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[2013/03/22 05:48:05 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/22 05:48:05 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/13 00:57:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/13 00:51:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Myles\Desktop\Notebook Maximizer.LNK
[2013/04/13 00:50:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/13 00:49:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/13 00:49:01 | 2011,373,568 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/02 21:09:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/04/02 21:09:04 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/03/23 00:26:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/23 00:26:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/23 00:16:25 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/03/23 00:16:11 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/03/23 00:05:58 | 000,039,936 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/23 00:16:25 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/03/23 00:16:06 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2012/05/28 08:16:11 | 000,111,227 | ---- | C] () -- C:\Documents and Settings\Myles\Application Data\icarus-dxdiag.xml
[2012/02/17 07:11:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/27 19:44:21 | 000,165,913 | ---- | C] () -- C:\WINDOWS\hpoins44.dat
[2011/08/27 19:44:20 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat
[2011/08/26 02:44:17 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/21 21:23:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/28 21:29:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2009/11/28 21:29:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/01/16 02:39:01 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2007/05/22 19:19:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/01/18 19:43:43 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Myles\presets.ini
[2006/07/09 22:41:24 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/02 23:59:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/04/25 02:15:26 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Myles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/31 22:18:12 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2006/03/31 22:18:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2006/03/31 22:18:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/03/31 22:17:47 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/03/31 22:17:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2006/01/24 11:19:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/09 19:59:11 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2005/08/09 19:59:11 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2005/08/09 19:36:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/08/09 19:00:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/08/09 18:45:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/09 18:39:18 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/08/09 18:37:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/09 18:37:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/09 18:37:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/09 18:37:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/09 18:37:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/09 18:37:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/09 18:36:54 | 000,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/09 18:32:32 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/08/09 18:32:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/09 18:32:32 | 000,009,362 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/08/09 18:32:32 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/08/09 18:00:49 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/08/09 18:00:49 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/09 17:26:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/09 17:21:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/09 17:16:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/09 17:15:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/09 16:41:18 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/09 16:38:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/09 16:38:18 | 000,382,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/09 16:38:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/09 16:38:18 | 000,053,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/09 16:38:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/09 16:38:16 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/09 16:38:14 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/09 16:38:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/09 16:38:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/09 16:38:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/09 16:37:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/09 16:37:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/09 10:10:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/09 10:09:39 | 000,157,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/30 16:15:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/10 19:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/11/12 00:08:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2005/08/09 18:39:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\InterTrust
[2005/08/09 18:07:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba
[2012/03/13 11:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\adawaretb
[2012/06/04 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\Ad-Aware Antivirus
[2012/08/19 16:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\adawaretb
[2010/04/04 19:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\FunWebProducts
[2005/08/09 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\InterTrust
[2007/11/14 01:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\InterVideo
[2006/05/02 23:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\Leadertech
[2012/10/07 11:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\Smart PDF Creator Pro
[2006/08/15 21:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\toshiba
[2013/02/28 12:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/08/27 17:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2013/04/13 00:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2005/08/09 18:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/13 21:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2012/07/29 09:21:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
< End of report >
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 21.73 Gb Free Space | 38.89% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/03/12 21:57:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/26 07:14:43 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/03/14 22:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 22:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 22:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 20:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 19:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 20:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 20:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/09/02 19:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/07/08 04:13:14 | 000,036,864 | ---- | M] () [Auto] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/02/14 12:01:02 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130322.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/02/14 12:01:02 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130322.005\NAVENG.SYS -- (NAVENG)
DRV - [2012/07/31 20:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/31 20:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/03 14:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/11/03 14:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2007/05/22 18:49:26 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/02/12 20:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 20:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/10 19:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/06 17:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 17:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/11/14 16:30:03 | 000,015,872 | ---- | M] () [Kernel | On_Demand] -- C:\Documents and Settings\Myles\Local Settings\Temp\bfastfao.sys -- (bfastfao)
DRV - [2005/08/09 18:46:27 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/06/29 02:01:58 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/17 18:17:48 | 000,352,000 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/06/17 18:17:00 | 000,038,144 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/06/11 00:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/25 05:39:44 | 000,465,952 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/05/09 18:17:06 | 000,031,360 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/05/05 17:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2005/03/31 20:08:02 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/31 19:08:46 | 001,034,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/31 19:08:00 | 000,714,880 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/02 19:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/19 19:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\Myles_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Myles_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\Myles_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/27 19:53:48 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Myles_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\Myles_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [DisplaySwitch] C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe (Корпорация Майкрософт)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe ()
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\Myles_ON_C..\Run: [EapAuthenticationMgmt] File not found
O4 - HKU\Myles_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Myles_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355885119625 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/09 17:19:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/04/13 00:54:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/04/02 21:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/03/23 00:06:01 | 000,039,936 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[2013/03/22 05:48:05 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/22 05:48:05 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/13 00:57:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/13 00:51:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Myles\Desktop\Notebook Maximizer.LNK
[2013/04/13 00:50:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/13 00:49:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/13 00:49:01 | 2011,373,568 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/02 21:09:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/04/02 21:09:04 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/03/23 00:26:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/23 00:26:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/23 00:16:25 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/03/23 00:16:11 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/03/23 00:05:58 | 000,039,936 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/23 00:16:25 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/03/23 00:16:06 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2012/05/28 08:16:11 | 000,111,227 | ---- | C] () -- C:\Documents and Settings\Myles\Application Data\icarus-dxdiag.xml
[2012/02/17 07:11:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/27 19:44:21 | 000,165,913 | ---- | C] () -- C:\WINDOWS\hpoins44.dat
[2011/08/27 19:44:20 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat
[2011/08/26 02:44:17 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/21 21:23:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/28 21:29:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2009/11/28 21:29:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/01/16 02:39:01 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2007/05/22 19:19:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/01/18 19:43:43 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Myles\presets.ini
[2006/07/09 22:41:24 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/02 23:59:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/04/25 02:15:26 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Myles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/31 22:18:12 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2006/03/31 22:18:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2006/03/31 22:18:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/03/31 22:17:47 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/03/31 22:17:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2006/01/24 11:19:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/09 19:59:11 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2005/08/09 19:59:11 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2005/08/09 19:36:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/08/09 19:00:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/08/09 18:45:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/09 18:39:18 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/08/09 18:37:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/09 18:37:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/09 18:37:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/09 18:37:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/09 18:37:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/09 18:37:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/09 18:36:54 | 000,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/09 18:32:32 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/08/09 18:32:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/09 18:32:32 | 000,009,362 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/08/09 18:32:32 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/08/09 18:00:49 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/08/09 18:00:49 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/09 17:26:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/09 17:21:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/09 17:16:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/09 17:15:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/09 16:41:18 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/09 16:38:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/09 16:38:18 | 000,382,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/09 16:38:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/09 16:38:18 | 000,053,838 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/09 16:38:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/09 16:38:16 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/09 16:38:14 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/09 16:38:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/09 16:38:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/09 16:38:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/09 16:37:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/09 16:37:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/09 10:10:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/09 10:09:39 | 000,157,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/30 16:15:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/10 19:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/11/12 00:08:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2005/08/09 18:39:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\InterTrust
[2005/08/09 18:07:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba
[2012/03/13 11:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\adawaretb
[2012/06/04 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\Ad-Aware Antivirus
[2012/08/19 16:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\adawaretb
[2010/04/04 19:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\FunWebProducts
[2005/08/09 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\InterTrust
[2007/11/14 01:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\InterVideo
[2006/05/02 23:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\Leadertech
[2012/10/07 11:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\Smart PDF Creator Pro
[2006/08/15 21:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Myles\Application Data\toshiba
[2013/02/28 12:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/08/27 17:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2013/04/13 00:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2005/08/09 18:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/13 21:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2012/07/29 09:21:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
< End of report >
great_mazinga said:
Fiery
Level 1
- Jan 11, 2011
- 2,007
Very good! After the OTLPE fix, you should be able to reboot normally and be able to perform the next set of instructions.
Start OTLPE again. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
Next, Please download AdwCleaner by Xplode onto your desktop.
Download & SAVE to your Desktop RogueKiller or from here
Start OTLPE again. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
Next, Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
- Click delete
- Please post the content of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt
Download & SAVE to your Desktop RogueKiller or from here
- Quit all programs that you may have started.
- Please disconnect any USB or external drives from the computer before you run this scan!
- For Vista or Windows 7, right-click and select Run as Administrator to start
- Wait until Prescan has finished, then click on "Scan" button
- Wait until the Status box shows "Scan Finished"
- Click delete and wait until it saids deleting finished
- Click on "Report" and copy/paste the content of the Notepad into your next reply.
- The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+
You said "Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply."
Does this "reboot to normal mode" mean with the OTLPE CD or should I go back to normal HDD boot? Will try tonight.
Also, when in OTLPE last night I was unable to access Internet or establish any connection. Will this be a problem after "run fix"? I am concerned about downloading AdwCleaner on that computer if I can't access internet.
Does this "reboot to normal mode" mean with the OTLPE CD or should I go back to normal HDD boot? Will try tonight.
Also, when in OTLPE last night I was unable to access Internet or establish any connection. Will this be a problem after "run fix"? I am concerned about downloading AdwCleaner on that computer if I can't access internet.
Fiery said:
========== OTL ==========
HKU\Myles_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\1.bmp moved successfully.
C:\Documents and Settings\All Users\Application Data\1.jpg moved successfully.
C:\WINDOWS\bnetunin.exe moved successfully.
C:\WINDOWS\vpc32.INI moved successfully.
File PTYTEMP] not found.
OTLPE by OldTimer - Version 3.1.48.0 log created on 04172013_202948
HKU\Myles_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\1.bmp moved successfully.
C:\Documents and Settings\All Users\Application Data\1.jpg moved successfully.
C:\WINDOWS\bnetunin.exe moved successfully.
C:\WINDOWS\vpc32.INI moved successfully.
File PTYTEMP] not found.
OTLPE by OldTimer - Version 3.1.48.0 log created on 04172013_202948
# AdwCleaner v2.200 - Logfile created 04/17/2013 at 20:41:56
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Myles - TOSHI-BOB
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Myles\Desktop\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Myles\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Myles\Application Data\FunWebProducts
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\MyWebSearch
Folder Deleted : C:\Program Files\Viewpoint
***** [Registry] *****
Key Deleted : HKCU\Software\Fun Web Products
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[S1].txt - [7629 octets] - [17/04/2013 20:41:56]
########## EOF - C:\AdwCleaner[S1].txt - [7689 octets] ##########
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Myles - TOSHI-BOB
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Myles\Desktop\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Myles\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Myles\Application Data\FunWebProducts
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\MyWebSearch
Folder Deleted : C:\Program Files\Viewpoint
***** [Registry] *****
Key Deleted : HKCU\Software\Fun Web Products
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[S1].txt - [7629 octets] - [17/04/2013 20:41:56]
########## EOF - C:\AdwCleaner[S1].txt - [7689 octets] ##########
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Myles [Admin rights]
Mode : Scan -- Date : 04/17/2013 20:54:18
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : EapAuthenticationMgmt (rundll32.exe "C:\Documents and Settings\Myles\Local Settings\Application Data\smiGLpnp\EapAuthenticationMgmt.dll",Syncmapdrm tcpGLCmds) [x] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : DisplaySwitch ("C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe") [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2414483389-1604675229-3272454278-1006[...]\Run : EapAuthenticationMgmt (rundll32.exe "C:\Documents and Settings\Myles\Local Settings\Application Data\smiGLpnp\EapAuthenticationMgmt.dll",Syncmapdrm tcpGLCmds) [x] -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x806300CC -> HOOKED (Unknown @ 0x8A886008)
SSDT[13] : NtAlertThread @ 0x80577310 -> HOOKED (Unknown @ 0x8A861108)
SSDT[17] : NtAllocateVirtualMemory @ 0x80569302 -> HOOKED (Unknown @ 0x8A866560)
SSDT[31] : NtConnectPort @ 0x8058CB11 -> HOOKED (Unknown @ 0x8A9312F8)
SSDT[43] : NtCreateMutant @ 0x805776E0 -> HOOKED (Unknown @ 0x8A863B38)
SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0x8A54D668)
SSDT[83] : NtFreeVirtualMemory @ 0x80569C2D -> HOOKED (Unknown @ 0x8A889898)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC216 -> HOOKED (Unknown @ 0x8A886048)
SSDT[91] : NtImpersonateThread @ 0x805817C1 -> HOOKED (Unknown @ 0x8A886080)
SSDT[108] : NtMapViewOfSection @ 0x8057CB31 -> HOOKED (Unknown @ 0x8A94C2D8)
SSDT[114] : NtOpenEvent @ 0x80581B30 -> HOOKED (Unknown @ 0x8A863A78)
SSDT[123] : NtOpenProcessToken @ 0x80571121 -> HOOKED (Unknown @ 0x8A44E3A8)
SSDT[129] : NtOpenThreadToken @ 0x80570BBE -> HOOKED (Unknown @ 0x8A866C08)
SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0x8A54D4A8)
SSDT[206] : NtResumeThread @ 0x80578F98 -> HOOKED (Unknown @ 0x8A4929A0)
SSDT[213] : NtSetContextThread @ 0x8062E8FB -> HOOKED (Unknown @ 0x8A94C490)
SSDT[228] : NtSetInformationProcess @ 0x80570E2D -> HOOKED (Unknown @ 0x8A441380)
SSDT[229] : NtSetInformationThread @ 0x8056C62E -> HOOKED (Unknown @ 0x8A94C3D0)
SSDT[253] : NtSuspendProcess @ 0x80630011 -> HOOKED (Unknown @ 0x8A860838)
SSDT[254] : NtSuspendThread @ 0x805E05BE -> HOOKED (Unknown @ 0x8A822108)
SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0x8A8804B8)
SSDT[258] : NtTerminateThread @ 0x80578037 -> HOOKED (Unknown @ 0x8A8790A8)
SSDT[267] : NtUnmapViewOfSection @ 0x8057C6B6 -> HOOKED (Unknown @ 0x8A43D330)
SSDT[277] : NtWriteVirtualMemory @ 0x805815AA -> HOOKED (Unknown @ 0x8A8664D0)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHV2060AH +++++
--- User ---
[MBR] 8deb2b605c52bcc067b1ce49473dd4cc
[BSP] befdf3d54bbcfb7ba1de605ab817e6a6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_04172013_02d2054.txt >>
RKreport[1]_S_04172013_02d2054.txt
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Myles [Admin rights]
Mode : Scan -- Date : 04/17/2013 20:54:18
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : EapAuthenticationMgmt (rundll32.exe "C:\Documents and Settings\Myles\Local Settings\Application Data\smiGLpnp\EapAuthenticationMgmt.dll",Syncmapdrm tcpGLCmds) [x] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : DisplaySwitch ("C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe") [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2414483389-1604675229-3272454278-1006[...]\Run : EapAuthenticationMgmt (rundll32.exe "C:\Documents and Settings\Myles\Local Settings\Application Data\smiGLpnp\EapAuthenticationMgmt.dll",Syncmapdrm tcpGLCmds) [x] -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x806300CC -> HOOKED (Unknown @ 0x8A886008)
SSDT[13] : NtAlertThread @ 0x80577310 -> HOOKED (Unknown @ 0x8A861108)
SSDT[17] : NtAllocateVirtualMemory @ 0x80569302 -> HOOKED (Unknown @ 0x8A866560)
SSDT[31] : NtConnectPort @ 0x8058CB11 -> HOOKED (Unknown @ 0x8A9312F8)
SSDT[43] : NtCreateMutant @ 0x805776E0 -> HOOKED (Unknown @ 0x8A863B38)
SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0x8A54D668)
SSDT[83] : NtFreeVirtualMemory @ 0x80569C2D -> HOOKED (Unknown @ 0x8A889898)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC216 -> HOOKED (Unknown @ 0x8A886048)
SSDT[91] : NtImpersonateThread @ 0x805817C1 -> HOOKED (Unknown @ 0x8A886080)
SSDT[108] : NtMapViewOfSection @ 0x8057CB31 -> HOOKED (Unknown @ 0x8A94C2D8)
SSDT[114] : NtOpenEvent @ 0x80581B30 -> HOOKED (Unknown @ 0x8A863A78)
SSDT[123] : NtOpenProcessToken @ 0x80571121 -> HOOKED (Unknown @ 0x8A44E3A8)
SSDT[129] : NtOpenThreadToken @ 0x80570BBE -> HOOKED (Unknown @ 0x8A866C08)
SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0x8A54D4A8)
SSDT[206] : NtResumeThread @ 0x80578F98 -> HOOKED (Unknown @ 0x8A4929A0)
SSDT[213] : NtSetContextThread @ 0x8062E8FB -> HOOKED (Unknown @ 0x8A94C490)
SSDT[228] : NtSetInformationProcess @ 0x80570E2D -> HOOKED (Unknown @ 0x8A441380)
SSDT[229] : NtSetInformationThread @ 0x8056C62E -> HOOKED (Unknown @ 0x8A94C3D0)
SSDT[253] : NtSuspendProcess @ 0x80630011 -> HOOKED (Unknown @ 0x8A860838)
SSDT[254] : NtSuspendThread @ 0x805E05BE -> HOOKED (Unknown @ 0x8A822108)
SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0x8A8804B8)
SSDT[258] : NtTerminateThread @ 0x80578037 -> HOOKED (Unknown @ 0x8A8790A8)
SSDT[267] : NtUnmapViewOfSection @ 0x8057C6B6 -> HOOKED (Unknown @ 0x8A43D330)
SSDT[277] : NtWriteVirtualMemory @ 0x805815AA -> HOOKED (Unknown @ 0x8A8664D0)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHV2060AH +++++
--- User ---
[MBR] 8deb2b605c52bcc067b1ce49473dd4cc
[BSP] befdf3d54bbcfb7ba1de605ab817e6a6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_04172013_02d2054.txt >>
RKreport[1]_S_04172013_02d2054.txt
For some reason Rogue generated two reports. I am including the second report here. I do not think they are different, but am including in case you need something from it.
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Myles [Admin rights]
Mode : Remove -- Date : 04/17/2013 20:55:14
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : EapAuthenticationMgmt (rundll32.exe "C:\Documents and Settings\Myles\Local Settings\Application Data\smiGLpnp\EapAuthenticationMgmt.dll",Syncmapdrm tcpGLCmds) [x] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : DisplaySwitch ("C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe") [x] -> DELETED
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x806300CC -> HOOKED (Unknown @ 0x8A886008)
SSDT[13] : NtAlertThread @ 0x80577310 -> HOOKED (Unknown @ 0x8A861108)
SSDT[17] : NtAllocateVirtualMemory @ 0x80569302 -> HOOKED (Unknown @ 0x8A866560)
SSDT[31] : NtConnectPort @ 0x8058CB11 -> HOOKED (Unknown @ 0x8A9312F8)
SSDT[43] : NtCreateMutant @ 0x805776E0 -> HOOKED (Unknown @ 0x8A863B38)
SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0x8A54D668)
SSDT[83] : NtFreeVirtualMemory @ 0x80569C2D -> HOOKED (Unknown @ 0x8A889898)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC216 -> HOOKED (Unknown @ 0x8A886048)
SSDT[91] : NtImpersonateThread @ 0x805817C1 -> HOOKED (Unknown @ 0x8A886080)
SSDT[108] : NtMapViewOfSection @ 0x8057CB31 -> HOOKED (Unknown @ 0x8A94C2D8)
SSDT[114] : NtOpenEvent @ 0x80581B30 -> HOOKED (Unknown @ 0x8A863A78)
SSDT[123] : NtOpenProcessToken @ 0x80571121 -> HOOKED (Unknown @ 0x8A44E3A8)
SSDT[129] : NtOpenThreadToken @ 0x80570BBE -> HOOKED (Unknown @ 0x8A866C08)
SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0x8A54D4A8)
SSDT[206] : NtResumeThread @ 0x80578F98 -> HOOKED (Unknown @ 0x8A4929A0)
SSDT[213] : NtSetContextThread @ 0x8062E8FB -> HOOKED (Unknown @ 0x8A94C490)
SSDT[228] : NtSetInformationProcess @ 0x80570E2D -> HOOKED (Unknown @ 0x8A441380)
SSDT[229] : NtSetInformationThread @ 0x8056C62E -> HOOKED (Unknown @ 0x8A94C3D0)
SSDT[253] : NtSuspendProcess @ 0x80630011 -> HOOKED (Unknown @ 0x8A860838)
SSDT[254] : NtSuspendThread @ 0x805E05BE -> HOOKED (Unknown @ 0x8A822108)
SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0x8A8804B8)
SSDT[258] : NtTerminateThread @ 0x80578037 -> HOOKED (Unknown @ 0x8A8790A8)
SSDT[267] : NtUnmapViewOfSection @ 0x8057C6B6 -> HOOKED (Unknown @ 0x8A43D330)
SSDT[277] : NtWriteVirtualMemory @ 0x805815AA -> HOOKED (Unknown @ 0x8A8664D0)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHV2060AH +++++
--- User ---
[MBR] 8deb2b605c52bcc067b1ce49473dd4cc
[BSP] befdf3d54bbcfb7ba1de605ab817e6a6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_04172013_02d2055.txt >>
RKreport[1]_S_04172013_02d2054.txt ; RKreport[2]_D_04172013_02d2055.txt
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Myles [Admin rights]
Mode : Remove -- Date : 04/17/2013 20:55:14
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : EapAuthenticationMgmt (rundll32.exe "C:\Documents and Settings\Myles\Local Settings\Application Data\smiGLpnp\EapAuthenticationMgmt.dll",Syncmapdrm tcpGLCmds) [x] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : DisplaySwitch ("C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe") [x] -> DELETED
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x806300CC -> HOOKED (Unknown @ 0x8A886008)
SSDT[13] : NtAlertThread @ 0x80577310 -> HOOKED (Unknown @ 0x8A861108)
SSDT[17] : NtAllocateVirtualMemory @ 0x80569302 -> HOOKED (Unknown @ 0x8A866560)
SSDT[31] : NtConnectPort @ 0x8058CB11 -> HOOKED (Unknown @ 0x8A9312F8)
SSDT[43] : NtCreateMutant @ 0x805776E0 -> HOOKED (Unknown @ 0x8A863B38)
SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0x8A54D668)
SSDT[83] : NtFreeVirtualMemory @ 0x80569C2D -> HOOKED (Unknown @ 0x8A889898)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC216 -> HOOKED (Unknown @ 0x8A886048)
SSDT[91] : NtImpersonateThread @ 0x805817C1 -> HOOKED (Unknown @ 0x8A886080)
SSDT[108] : NtMapViewOfSection @ 0x8057CB31 -> HOOKED (Unknown @ 0x8A94C2D8)
SSDT[114] : NtOpenEvent @ 0x80581B30 -> HOOKED (Unknown @ 0x8A863A78)
SSDT[123] : NtOpenProcessToken @ 0x80571121 -> HOOKED (Unknown @ 0x8A44E3A8)
SSDT[129] : NtOpenThreadToken @ 0x80570BBE -> HOOKED (Unknown @ 0x8A866C08)
SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0x8A54D4A8)
SSDT[206] : NtResumeThread @ 0x80578F98 -> HOOKED (Unknown @ 0x8A4929A0)
SSDT[213] : NtSetContextThread @ 0x8062E8FB -> HOOKED (Unknown @ 0x8A94C490)
SSDT[228] : NtSetInformationProcess @ 0x80570E2D -> HOOKED (Unknown @ 0x8A441380)
SSDT[229] : NtSetInformationThread @ 0x8056C62E -> HOOKED (Unknown @ 0x8A94C3D0)
SSDT[253] : NtSuspendProcess @ 0x80630011 -> HOOKED (Unknown @ 0x8A860838)
SSDT[254] : NtSuspendThread @ 0x805E05BE -> HOOKED (Unknown @ 0x8A822108)
SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0x8A8804B8)
SSDT[258] : NtTerminateThread @ 0x80578037 -> HOOKED (Unknown @ 0x8A8790A8)
SSDT[267] : NtUnmapViewOfSection @ 0x8057C6B6 -> HOOKED (Unknown @ 0x8A43D330)
SSDT[277] : NtWriteVirtualMemory @ 0x805815AA -> HOOKED (Unknown @ 0x8A8664D0)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHV2060AH +++++
--- User ---
[MBR] 8deb2b605c52bcc067b1ce49473dd4cc
[BSP] befdf3d54bbcfb7ba1de605ab817e6a6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57223 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_04172013_02d2055.txt >>
RKreport[1]_S_04172013_02d2054.txt ; RKreport[2]_D_04172013_02d2055.txt
Fiery
Level 1
- Jan 11, 2011
- 2,007
Good to see you have your Desktop back!
Download TDSSkiller from here
Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt
Download Malwarebytes Anti-Rootkit from here to your Desktop
Download TDSSkiller from here
- Double-Click on TDSSKiller.exe to run the application
- When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
- After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
- click Start scan .
- If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
- If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.
Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt
Download Malwarebytes Anti-Rootkit from here to your Desktop
- Unzip the contents to a folder on your Desktop.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
- After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
- When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)
23:23:39.0921 3580 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:23:40.0453 3580 ============================================================
23:23:40.0453 3580 Current date / time: 2013/04/18 23:23:40.0453
23:23:40.0453 3580 SystemInfo:
23:23:40.0453 3580
23:23:40.0453 3580 OS Version: 5.1.2600 ServicePack: 3.0
23:23:40.0453 3580 Product type: Workstation
23:23:40.0453 3580 ComputerName: TOSHI-BOB
23:23:40.0453 3580 UserName: Myles
23:23:40.0453 3580 Windows directory: C:\WINDOWS
23:23:40.0453 3580 System windows directory: C:\WINDOWS
23:23:40.0453 3580 Processor architecture: Intel x86
23:23:40.0453 3580 Number of processors: 1
23:23:40.0453 3580 Page size: 0x1000
23:23:40.0453 3580 Boot type: Normal boot
23:23:40.0453 3580 ============================================================
23:23:42.0265 3580 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:23:42.0265 3580 ============================================================
23:23:42.0265 3580 \Device\Harddisk0\DR0:
23:23:42.0265 3580 MBR partitions:
23:23:42.0265 3580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
23:23:42.0265 3580 ============================================================
23:23:42.0312 3580 C: <-> \Device\Harddisk0\DR0\Partition1
23:23:42.0312 3580 ============================================================
23:23:42.0312 3580 Initialize success
23:23:42.0312 3580 ============================================================
23:24:14.0656 2540 Deinitialize success
23:23:40.0453 3580 ============================================================
23:23:40.0453 3580 Current date / time: 2013/04/18 23:23:40.0453
23:23:40.0453 3580 SystemInfo:
23:23:40.0453 3580
23:23:40.0453 3580 OS Version: 5.1.2600 ServicePack: 3.0
23:23:40.0453 3580 Product type: Workstation
23:23:40.0453 3580 ComputerName: TOSHI-BOB
23:23:40.0453 3580 UserName: Myles
23:23:40.0453 3580 Windows directory: C:\WINDOWS
23:23:40.0453 3580 System windows directory: C:\WINDOWS
23:23:40.0453 3580 Processor architecture: Intel x86
23:23:40.0453 3580 Number of processors: 1
23:23:40.0453 3580 Page size: 0x1000
23:23:40.0453 3580 Boot type: Normal boot
23:23:40.0453 3580 ============================================================
23:23:42.0265 3580 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:23:42.0265 3580 ============================================================
23:23:42.0265 3580 \Device\Harddisk0\DR0:
23:23:42.0265 3580 MBR partitions:
23:23:42.0265 3580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
23:23:42.0265 3580 ============================================================
23:23:42.0312 3580 C: <-> \Device\Harddisk0\DR0\Partition1
23:23:42.0312 3580 ============================================================
23:23:42.0312 3580 Initialize success
23:23:42.0312 3580 ============================================================
23:24:14.0656 2540 Deinitialize success
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.19.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Myles :: TOSHI-BOB [administrator]
4/19/2013 12:29:29 AM
mbar-log-2013-04-19 (00-29-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26942
Time elapsed: 30 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Database version: v2013.04.19.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Myles :: TOSHI-BOB [administrator]
4/19/2013 12:29:29 AM
mbar-log-2013-04-19 (00-29-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26942
Time elapsed: 30 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_39
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 2011348992, free: 1087209472
------------ Kernel report ------------
04/18/2013 23:57:30
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
Lbd.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\drivers\qkbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\qmofiltr.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Rtlnicxp.sys
\SystemRoot\system32\DRIVERS\ar5211.sys
\SystemRoot\system32\drivers\camc6hal.sys
\SystemRoot\system32\drivers\camc6aud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWATI.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\BoiHwSetup.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\??\C:\Program Files\Symantec AntiVirus\savrt.sys
\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\meiudf.sys
\SystemRoot\System32\Drivers\Udfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\SYMTDI.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\system32\drivers\drvnddm.sys
\??\C:\WINDOWS\system32\drivers\TBiosDrv.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\netdevio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ASCTRM.SYS
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\navex15.sys
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\naveng.sys
\SystemRoot\System32\Drivers\SYMREDRV.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a8deab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a92cd98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.04.19.01
Downloaded database version: v2013.04.17.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a8deab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a90c270, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a8deab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a951c48, DeviceName: \Device\00000079\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a92cd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe100c1f8, 0xffffffff8a8deab8, 0xffffffff89cce868
Lower DeviceData: 0xffffffffe13c30c8, 0xffffffff8a92cd98, 0xffffffff89cf0658
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8C628AB5
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 117194112
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 60011642880 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_39
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 2011348992, free: 1530937344
=======================================
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_39
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 2011348992, free: 1087209472
------------ Kernel report ------------
04/18/2013 23:57:30
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
Lbd.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\drivers\qkbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\qmofiltr.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Rtlnicxp.sys
\SystemRoot\system32\DRIVERS\ar5211.sys
\SystemRoot\system32\drivers\camc6hal.sys
\SystemRoot\system32\drivers\camc6aud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWATI.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\BoiHwSetup.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\??\C:\Program Files\Symantec AntiVirus\savrt.sys
\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\meiudf.sys
\SystemRoot\System32\Drivers\Udfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\SYMTDI.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\system32\drivers\drvnddm.sys
\??\C:\WINDOWS\system32\drivers\TBiosDrv.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\netdevio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ASCTRM.SYS
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\navex15.sys
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\naveng.sys
\SystemRoot\System32\Drivers\SYMREDRV.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a8deab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a92cd98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.04.19.01
Downloaded database version: v2013.04.17.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a8deab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a90c270, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a8deab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a951c48, DeviceName: \Device\00000079\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a92cd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe100c1f8, 0xffffffff8a8deab8, 0xffffffff89cce868
Lower DeviceData: 0xffffffffe13c30c8, 0xffffffff8a92cd98, 0xffffffff89cf0658
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8C628AB5
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 117194112
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 60011642880 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_39
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 2011348992, free: 1530937344
=======================================
Fiery
Level 1
- Jan 11, 2011
- 2,007
There should be another TDSSKiller log in the C:\ directory.
Almost done here, just a few more scans.
Run Eset NOD32 Online AntiVirus here
Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
Download Security Check by screen317 from here or here.
Almost done here, just a few more scans.
Run Eset NOD32 Online AntiVirus here
Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
- Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
- Scan unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Click Scan
- Wait for the scan to finish
- When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
- Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
- The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
Download Security Check by screen317 from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A notepad document should open automatically called checkup.txt.
- Please post the contents of that document in your next reply. Please do not attach it!
23:27:52.0390 3256 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:27:53.0312 3256 ============================================================
23:27:53.0328 3256 Current date / time: 2013/04/18 23:27:53.0312
23:27:53.0328 3256 SystemInfo:
23:27:53.0328 3256
23:27:53.0328 3256 OS Version: 5.1.2600 ServicePack: 3.0
23:27:53.0328 3256 Product type: Workstation
23:27:53.0328 3256 ComputerName: TOSHI-BOB
23:27:53.0328 3256 UserName: Myles
23:27:53.0328 3256 Windows directory: C:\WINDOWS
23:27:53.0328 3256 System windows directory: C:\WINDOWS
23:27:53.0328 3256 Processor architecture: Intel x86
23:27:53.0328 3256 Number of processors: 1
23:27:53.0328 3256 Page size: 0x1000
23:27:53.0328 3256 Boot type: Normal boot
23:27:53.0328 3256 ============================================================
23:28:02.0171 3256 BG loaded
23:28:24.0390 3256 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:28:24.0468 3256 ============================================================
23:28:24.0468 3256 \Device\Harddisk0\DR0:
23:28:24.0578 3256 MBR partitions:
23:28:24.0578 3256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
23:28:24.0578 3256 ============================================================
23:28:24.0828 3256 C: <-> \Device\Harddisk0\DR0\Partition1
23:28:25.0015 3256 ============================================================
23:28:25.0015 3256 Initialize success
23:28:25.0015 3256 ============================================================
23:29:58.0625 1436 ============================================================
23:29:58.0625 1436 Scan started
23:29:58.0625 1436 Mode: Manual; SigCheck; TDLFS;
23:29:58.0625 1436 ============================================================
23:30:00.0750 1436 ================ Scan system memory ========================
23:30:09.0078 1436 System memory - ok
23:30:09.0078 1436 ================ Scan services =============================
23:30:10.0796 1436 Abiosdsk - ok
23:30:10.0812 1436 abp480n5 - ok
23:30:10.0906 1436 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:30:29.0531 1436 ACPI - ok
23:30:29.0578 1436 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:30:30.0031 1436 ACPIEC - ok
23:30:30.0125 1436 [ 4B3D99792BE5BFA9296F4C3F0B7157D3 ] ACS C:\WINDOWS\system32\acs.exe
23:30:30.0234 1436 ACS ( UnsignedFile.Multi.Generic ) - warning
23:30:30.0234 1436 ACS - detected UnsignedFile.Multi.Generic (1)
23:30:30.0468 1436 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:30:31.0171 1436 AdobeFlashPlayerUpdateSvc - ok
23:30:31.0187 1436 adpu160m - ok
23:30:31.0250 1436 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:30:31.0625 1436 aec - ok
23:30:31.0671 1436 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:30:31.0734 1436 AegisP ( UnsignedFile.Multi.Generic ) - warning
23:30:31.0734 1436 AegisP - detected UnsignedFile.Multi.Generic (1)
23:30:31.0812 1436 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:30:32.0015 1436 AFD - ok
23:30:32.0031 1436 Aha154x - ok
23:30:32.0046 1436 aic78u2 - ok
23:30:32.0062 1436 aic78xx - ok
23:30:32.0109 1436 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:30:32.0421 1436 Alerter - ok
23:30:32.0453 1436 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:30:32.0718 1436 ALG - ok
23:30:32.0734 1436 AliIde - ok
23:30:32.0750 1436 amsint - ok
23:30:32.0765 1436 AppMgmt - ok
23:30:32.0921 1436 [ 69645F795BBC22F05BEA8B8734E3EE82 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
23:30:33.0156 1436 AR5211 - ok
23:30:33.0171 1436 asc - ok
23:30:33.0187 1436 asc3350p - ok
23:30:33.0234 1436 asc3550 - ok
23:30:33.0296 1436 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
23:30:33.0343 1436 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
23:30:33.0343 1436 ASCTRM - detected UnsignedFile.Multi.Generic (1)
23:30:33.0546 1436 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
23:30:33.0687 1436 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
23:30:33.0687 1436 aspnet_state - detected UnsignedFile.Multi.Generic (1)
23:30:33.0781 1436 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:30:34.0062 1436 AsyncMac - ok
23:30:34.0078 1436 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:30:34.0312 1436 atapi - ok
23:30:34.0312 1436 Atdisk - ok
23:30:34.0375 1436 [ 06B67E6A0B679D037D2D9E27A64CE90C ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:30:34.0765 1436 Ati HotKey Poller - ok
23:30:35.0078 1436 [ D5537CC8CC9A86668E3903BD53CAA83C ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:30:35.0546 1436 ati2mtag - ok
23:30:35.0578 1436 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:30:35.0921 1436 Atmarpc - ok
23:30:35.0984 1436 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:30:36.0281 1436 AudioSrv - ok
23:30:36.0406 1436 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:30:36.0687 1436 audstub - ok
23:30:36.0750 1436 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:30:37.0312 1436 Beep - ok
23:30:38.0250 1436 [ 5012F080FCCF701E2CD6B045AC7814D9 ] bfastfao C:\DOCUME~1\Myles\LOCALS~1\Temp\bfastfao.sys
23:30:38.0625 1436 bfastfao ( UnsignedFile.Multi.Generic ) - warning
23:30:38.0625 1436 bfastfao - detected UnsignedFile.Multi.Generic (1)
23:30:38.0796 1436 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:30:39.0171 1436 BITS - ok
23:30:39.0203 1436 [ 141BEFBD4F2A84A66E2F54B9E32E40D1 ] BoiHwsetup C:\WINDOWS\system32\drivers\BoiHwSetup.sys
23:30:39.0437 1436 BoiHwsetup - ok
23:30:39.0500 1436 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:30:39.0687 1436 Browser - ok
23:30:39.0734 1436 [ CCE1F3C7C8E7383B90372229454999CF ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
23:30:40.0015 1436 CAMCAUD - ok
23:30:40.0078 1436 [ 9A3BBDE74DAB737EFA82DE7EF4B40BEA ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
23:30:40.0406 1436 CAMCHALA - ok
23:30:40.0468 1436 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:30:41.0046 1436 cbidf2k - ok
23:30:41.0359 1436 [ 04945313BC60488E0C14AD1167160659 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
23:30:41.0390 1436 ccEvtMgr - ok
23:30:41.0468 1436 [ 2203161EC24C210D51DB69C604F4A504 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
23:30:41.0531 1436 ccSetMgr - ok
23:30:41.0562 1436 cd20xrnt - ok
23:30:41.0656 1436 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:30:41.0890 1436 Cdaudio - ok
23:30:41.0953 1436 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:30:42.0281 1436 Cdfs - ok
23:30:42.0312 1436 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:30:42.0718 1436 Cdrom - ok
23:30:42.0828 1436 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
23:30:43.0031 1436 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
23:30:43.0031 1436 CFSvcs - detected UnsignedFile.Multi.Generic (1)
23:30:43.0046 1436 Changer - ok
23:30:43.0078 1436 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:30:43.0453 1436 CiSvc - ok
23:30:43.0484 1436 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:30:43.0859 1436 ClipSrv - ok
23:30:43.0890 1436 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:30:44.0250 1436 CmBatt - ok
23:30:44.0250 1436 CmdIde - ok
23:30:44.0296 1436 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:30:44.0546 1436 Compbatt - ok
23:30:44.0562 1436 COMSysApp - ok
23:30:44.0593 1436 Cpqarray - ok
23:30:44.0671 1436 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:30:44.0937 1436 CryptSvc - ok
23:30:44.0937 1436 dac2w2k - ok
23:30:44.0968 1436 dac960nt - ok
23:30:45.0109 1436 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:30:45.0296 1436 DcomLaunch - ok
23:30:45.0343 1436 [ 9709D3D9E592D3217353F3FAFE29FAA3 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
23:30:45.0531 1436 DefWatch - ok
23:30:45.0578 1436 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:30:45.0890 1436 Dhcp - ok
23:30:45.0937 1436 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:30:46.0312 1436 Disk - ok
23:30:46.0312 1436 dmadmin - ok
23:30:46.0406 1436 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:30:47.0015 1436 dmboot - ok
23:30:47.0109 1436 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:30:47.0687 1436 dmio - ok
23:30:47.0734 1436 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:30:48.0093 1436 dmload - ok
23:30:48.0156 1436 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:30:48.0531 1436 dmserver - ok
23:30:48.0578 1436 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:30:48.0781 1436 DMusic - ok
23:30:48.0828 1436 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:30:49.0078 1436 Dnscache - ok
23:30:49.0171 1436 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:30:49.0468 1436 Dot3svc - ok
23:30:49.0484 1436 dpti2o - ok
23:30:49.0500 1436 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:30:49.0750 1436 drmkaud - ok
23:30:49.0796 1436 [ 96BC8F872F0270C10EDC3931F1C03776 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
23:30:49.0937 1436 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
23:30:49.0937 1436 drvmcdb - detected UnsignedFile.Multi.Generic (1)
23:30:49.0953 1436 [ 5AFBEC7A6AC61B211633DFDB1D9E0C89 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
23:30:50.0015 1436 drvnddm ( UnsignedFile.Multi.Generic ) - warning
23:30:50.0015 1436 drvnddm - detected UnsignedFile.Multi.Generic (1)
23:30:50.0093 1436 [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
23:30:50.0156 1436 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - warning
23:30:50.0156 1436 DVD-RAM_Service - detected UnsignedFile.Multi.Generic (1)
23:30:50.0234 1436 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:30:50.0500 1436 EapHost - ok
23:30:50.0593 1436 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:30:50.0765 1436 eeCtrl - ok
23:30:50.0828 1436 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:30:50.0875 1436 EraserUtilRebootDrv - ok
23:30:50.0953 1436 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:30:51.0203 1436 ERSvc - ok
23:30:51.0265 1436 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:30:51.0359 1436 Eventlog - ok
23:30:51.0421 1436 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:30:51.0687 1436 EventSystem - ok
23:30:51.0796 1436 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:30:52.0312 1436 Fastfat - ok
23:30:52.0390 1436 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:30:52.0531 1436 FastUserSwitchingCompatibility - ok
23:30:52.0593 1436 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
23:30:52.0843 1436 Fax - ok
23:30:52.0875 1436 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:30:53.0125 1436 Fdc - ok
23:30:53.0156 1436 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:30:53.0406 1436 Fips - ok
23:30:53.0453 1436 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:30:53.0796 1436 Flpydisk - ok
23:30:53.0843 1436 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:30:54.0218 1436 FltMgr - ok
23:30:54.0265 1436 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:30:54.0531 1436 Fs_Rec - ok
23:30:54.0593 1436 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:30:54.0921 1436 Ftdisk - ok
23:30:55.0000 1436 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:30:55.0265 1436 Gpc - ok
23:30:55.0453 1436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:30:55.0593 1436 gupdate - ok
23:30:55.0625 1436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:30:55.0656 1436 gupdatem - ok
23:30:55.0781 1436 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:30:56.0046 1436 helpsvc - ok
23:30:56.0062 1436 HidServ - ok
23:30:56.0125 1436 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:30:56.0406 1436 HidUsb - ok
23:30:56.0453 1436 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:30:56.0796 1436 hkmsvc - ok
23:30:56.0812 1436 hpn - ok
23:30:57.0078 1436 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:30:57.0125 1436 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
23:30:57.0125 1436 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
23:30:57.0171 1436 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:30:57.0203 1436 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
23:30:57.0203 1436 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
23:30:57.0250 1436 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:30:58.0093 1436 HPZid412 - ok
23:30:58.0156 1436 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:30:58.0265 1436 HPZipr12 - ok
23:30:58.0343 1436 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:30:58.0437 1436 HPZius12 - ok
23:30:58.0484 1436 [ 790ACB861176AE06D97BD7FBDDCDBBCB ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
23:30:58.0828 1436 HSFHWATI - ok
23:30:59.0078 1436 [ 9A7C0D83BD340A43E10A453960607025 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:31:00.0406 1436 HSF_DPV - ok
23:31:00.0484 1436 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:31:00.0625 1436 HTTP - ok
23:31:00.0750 1436 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:31:01.0015 1436 HTTPFilter - ok
23:31:01.0015 1436 i2omgmt - ok
23:31:01.0031 1436 i2omp - ok
23:31:01.0078 1436 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:31:01.0406 1436 i8042prt - ok
23:31:01.0968 1436 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:31:02.0359 1436 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:31:02.0359 1436 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:31:02.0390 1436 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:31:02.0703 1436 Imapi - ok
23:31:02.0781 1436 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:31:03.0031 1436 ImapiService - ok
23:31:03.0031 1436 ini910u - ok
23:31:03.0062 1436 IntelIde - ok
23:31:03.0109 1436 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:31:03.0328 1436 intelppm - ok
23:31:03.0359 1436 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:31:03.0578 1436 Ip6Fw - ok
23:31:03.0656 1436 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:31:04.0046 1436 IpFilterDriver - ok
23:31:04.0078 1436 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:31:04.0359 1436 IpInIp - ok
23:31:04.0406 1436 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:31:04.0656 1436 IpNat - ok
23:31:04.0734 1436 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:31:04.0953 1436 IPSec - ok
23:31:04.0984 1436 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:31:05.0234 1436 IRENUM - ok
23:31:05.0296 1436 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:31:05.0656 1436 isapnp - ok
23:31:07.0468 1436 [ A0D14B7538FA3AE9CB771B9E99CECF43 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:31:07.0578 1436 JavaQuickStarterService - ok
23:31:07.0609 1436 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:31:08.0000 1436 Kbdclass - ok
23:31:08.0187 1436 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:31:08.0437 1436 kmixer - ok
23:31:08.0531 1436 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:31:08.0921 1436 KSecDD - ok
23:31:08.0984 1436 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:31:09.0078 1436 lanmanserver - ok
23:31:09.0156 1436 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:31:09.0250 1436 lanmanworkstation - ok
23:31:09.0656 1436 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
23:31:10.0390 1436 Lavasoft Ad-Aware Service - ok
23:31:10.0468 1436 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
23:31:10.0531 1436 Lavasoft Kernexplorer - ok
23:31:10.0593 1436 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
23:31:11.0015 1436 Lbd - ok
23:31:11.0062 1436 lbrtfdc - ok
23:31:11.0765 1436 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
23:31:15.0828 1436 LiveUpdate - ok
23:31:15.0875 1436 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:31:16.0250 1436 LmHosts - ok
23:31:16.0265 1436 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:31:16.0328 1436 mdmxsdk - ok
23:31:16.0375 1436 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
23:31:16.0406 1436 meiudf ( UnsignedFile.Multi.Generic ) - warning
23:31:16.0406 1436 meiudf - detected UnsignedFile.Multi.Generic (1)
23:31:16.0437 1436 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:31:17.0046 1436 Messenger - ok
23:31:17.0109 1436 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:31:17.0531 1436 mnmdd - ok
23:31:17.0578 1436 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:31:17.0828 1436 mnmsrvc - ok
23:31:17.0859 1436 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:31:18.0109 1436 Modem - ok
23:31:18.0140 1436 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:31:18.0437 1436 Mouclass - ok
23:31:18.0500 1436 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:31:18.0796 1436 mouhid - ok
23:31:18.0843 1436 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:31:19.0109 1436 MountMgr - ok
23:31:19.0125 1436 mraid35x - ok
23:31:19.0140 1436 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:31:19.0390 1436 MRxDAV - ok
23:31:19.0468 1436 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:31:19.0937 1436 MRxSmb - ok
23:31:20.0015 1436 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:31:20.0687 1436 MSDTC - ok
23:31:20.0718 1436 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:31:21.0234 1436 Msfs - ok
23:31:21.0250 1436 MSIServer - ok
23:31:21.0296 1436 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:31:21.0687 1436 MSKSSRV - ok
23:31:21.0734 1436 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:31:22.0515 1436 MSPCLOCK - ok
23:31:22.0562 1436 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:31:23.0390 1436 MSPQM - ok
23:31:23.0437 1436 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:31:24.0109 1436 mssmbios - ok
23:31:24.0156 1436 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:31:24.0296 1436 Mup - ok
23:31:24.0359 1436 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:31:24.0906 1436 napagent - ok
23:31:25.0125 1436 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\naveng.sys
23:31:25.0203 1436 NAVENG - ok
23:31:25.0328 1436 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\navex15.sys
23:31:25.0531 1436 NAVEX15 - ok
23:31:25.0546 1436 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:31:26.0000 1436 NDIS - ok
23:31:26.0031 1436 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:31:26.0250 1436 NdisTapi - ok
23:31:26.0296 1436 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:31:26.0984 1436 Ndisuio - ok
23:31:27.0031 1436 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:31:27.0656 1436 NdisWan - ok
23:31:27.0703 1436 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:31:27.0828 1436 NDProxy - ok
23:31:27.0890 1436 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
23:31:27.0968 1436 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:31:27.0968 1436 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:31:28.0000 1436 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:31:28.0562 1436 NetBIOS - ok
23:31:28.0609 1436 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:31:28.0828 1436 NetBT - ok
23:31:28.0859 1436 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:31:29.0078 1436 NetDDE - ok
23:31:29.0093 1436 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:31:29.0265 1436 NetDDEdsdm - ok
23:31:29.0328 1436 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
23:31:29.0375 1436 Netdevio ( UnsignedFile.Multi.Generic ) - warning
23:31:29.0375 1436 Netdevio - detected UnsignedFile.Multi.Generic (1)
23:31:29.0421 1436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:31:29.0578 1436 Netlogon - ok
23:31:29.0625 1436 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:31:29.0812 1436 Netman - ok
23:31:29.0890 1436 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:31:29.0968 1436 Nla - ok
23:31:30.0000 1436 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:31:30.0203 1436 Npfs - ok
23:31:30.0250 1436 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:31:30.0593 1436 Ntfs - ok
23:31:30.0593 1436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:31:30.0796 1436 NtLmSsp - ok
23:31:30.0875 1436 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:31:31.0250 1436 NtmsSvc - ok
23:31:31.0312 1436 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:31:31.0562 1436 Null - ok
23:31:31.0593 1436 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:31:31.0875 1436 NwlnkFlt - ok
23:31:31.0953 1436 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:31:32.0234 1436 NwlnkFwd - ok
23:31:32.0265 1436 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:31:32.0343 1436 ose - ok
23:31:32.0390 1436 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:31:32.0656 1436 Parport - ok
23:31:32.0703 1436 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:31:32.0953 1436 PartMgr - ok
23:31:33.0000 1436 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:31:33.0281 1436 ParVdm - ok
23:31:33.0328 1436 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:31:34.0140 1436 PCI - ok
23:31:34.0156 1436 PCIDump - ok
23:31:34.0218 1436 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:31:34.0468 1436 PCIIde - ok
23:31:34.0515 1436 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:31:34.0718 1436 Pcmcia - ok
23:31:34.0734 1436 PDCOMP - ok
23:31:34.0750 1436 PDFRAME - ok
23:31:34.0765 1436 PDRELI - ok
23:31:34.0781 1436 PDRFRAME - ok
23:31:34.0796 1436 perc2 - ok
23:31:34.0812 1436 perc2hib - ok
23:31:34.0890 1436 [ 6C1618A07B49E3873582B6449E744088 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
23:31:34.0953 1436 pfc ( UnsignedFile.Multi.Generic ) - warning
23:31:34.0953 1436 pfc - detected UnsignedFile.Multi.Generic (1)
23:31:34.0984 1436 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:31:35.0015 1436 PlugPlay - ok
23:31:35.0046 1436 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
23:31:35.0062 1436 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:31:35.0062 1436 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:31:35.0093 1436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:31:35.0281 1436 PolicyAgent - ok
23:31:35.0312 1436 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:31:35.0546 1436 PptpMiniport - ok
23:31:35.0562 1436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:31:35.0765 1436 ProtectedStorage - ok
23:31:35.0781 1436 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:31:36.0062 1436 PSched - ok
23:31:36.0125 1436 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:31:36.0390 1436 Ptilink - ok
23:31:36.0437 1436 [ 25F7C4453F189F79EB3846D3E23805A0 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:31:36.0468 1436 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
23:31:36.0468 1436 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
23:31:36.0515 1436 [ C50FAA6FDA843FA2172AA2B9C3CD1DAB ] qkbfiltr C:\WINDOWS\system32\drivers\qkbfiltr.sys
23:31:36.0609 1436 qkbfiltr ( UnsignedFile.Multi.Generic ) - warning
23:31:36.0609 1436 qkbfiltr - detected UnsignedFile.Multi.Generic (1)
23:31:36.0625 1436 ql1080 - ok
23:31:36.0656 1436 Ql10wnt - ok
23:31:36.0656 1436 ql12160 - ok
23:31:36.0671 1436 ql1240 - ok
23:31:36.0687 1436 ql1280 - ok
23:31:36.0718 1436 [ 8652B9E134C3478BE948BF089DF8ED5E ] qmofiltr C:\WINDOWS\system32\drivers\qmofiltr.sys
23:31:36.0750 1436 qmofiltr ( UnsignedFile.Multi.Generic ) - warning
23:31:36.0750 1436 qmofiltr - detected UnsignedFile.Multi.Generic (1)
23:31:36.0781 1436 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:31:37.0031 1436 RasAcd - ok
23:31:37.0078 1436 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:31:37.0296 1436 RasAuto - ok
23:31:37.0343 1436 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:31:37.0593 1436 Rasl2tp - ok
23:31:37.0671 1436 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:31:37.0875 1436 RasMan - ok
23:31:37.0890 1436 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:31:38.0109 1436 RasPppoe - ok
23:31:38.0156 1436 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:31:38.0421 1436 Raspti - ok
23:31:38.0468 1436 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:31:38.0656 1436 Rdbss - ok
23:31:38.0703 1436 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:31:38.0984 1436 RDPCDD - ok
23:31:39.0046 1436 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:31:39.0156 1436 RDPWD - ok
23:31:39.0203 1436 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:31:39.0437 1436 RDSessMgr - ok
23:31:39.0453 1436 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:31:39.0687 1436 redbook - ok
23:31:39.0750 1436 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:31:40.0000 1436 RemoteAccess - ok
23:31:40.0046 1436 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:31:40.0296 1436 RpcLocator - ok
23:31:40.0328 1436 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:31:40.0390 1436 RpcSs - ok
23:31:40.0437 1436 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:31:40.0734 1436 RSVP - ok
23:31:40.0781 1436 [ 4A0AE7891FCF74ACC848B109294CB80F ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
23:31:40.0906 1436 RTL8023xp - ok
23:31:40.0968 1436 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:31:41.0187 1436 rtl8139 - ok
23:31:41.0218 1436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:31:41.0437 1436 SamSs - ok
23:31:41.0515 1436 [ 5387EAE86FB5F6B72052F5273BDD3E86 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
23:31:41.0625 1436 SavRoam - ok
23:31:41.0656 1436 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
23:31:41.0734 1436 SAVRT - ok
23:31:41.0750 1436 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
23:31:41.0796 1436 SAVRTPEL - ok
23:31:41.0843 1436 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:31:42.0125 1436 SCardSvr - ok
23:31:42.0187 1436 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:31:42.0406 1436 Schedule - ok
23:31:42.0484 1436 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:31:42.0734 1436 Secdrv - ok
23:31:42.0796 1436 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:31:43.0000 1436 seclogon - ok
23:31:43.0031 1436 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:31:43.0250 1436 SENS - ok
23:31:43.0296 1436 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
23:31:43.0546 1436 Serial - ok
23:31:43.0578 1436 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:31:43.0812 1436 Sfloppy - ok
23:31:43.0890 1436 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:31:44.0125 1436 SharedAccess - ok
23:31:44.0187 1436 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:31:44.0296 1436 ShellHWDetection - ok
23:31:44.0312 1436 Simbad - ok
23:31:44.0390 1436 [ A16722715D3206AB7E1A6463CE0B747E ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
23:31:44.0906 1436 SNDSrvc - ok
23:31:44.0906 1436 Sparrow - ok
23:31:45.0015 1436 [ EF9760A364D836A0CE6149EBDF71524D ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:31:45.0078 1436 SPBBCDrv - ok
23:31:45.0156 1436 [ 0A6BCAB3BB4AD9D25E833FB3F840CAE0 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
23:31:45.0250 1436 SPBBCSvc - ok
23:31:45.0281 1436 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:31:45.0515 1436 splitter - ok
23:31:45.0562 1436 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:31:45.0640 1436 Spooler - ok
23:31:45.0671 1436 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:31:45.0921 1436 sr - ok
23:31:45.0968 1436 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:31:46.0203 1436 srservice - ok
23:31:46.0265 1436 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:31:46.0359 1436 Srv - ok
23:31:46.0390 1436 [ 98625722AD52B40305E74AAA83C93086 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
23:31:46.0437 1436 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
23:31:46.0437 1436 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
23:31:46.0468 1436 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:31:46.0687 1436 SSDPSRV - ok
23:31:46.0703 1436 [ D79412E3942C8A257253487536D5A994 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
23:31:46.0765 1436 ssrtln ( UnsignedFile.Multi.Generic ) - warning
23:31:46.0765 1436 ssrtln - detected UnsignedFile.Multi.Generic (1)
23:31:46.0812 1436 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:31:47.0062 1436 stisvc - ok
23:31:47.0093 1436 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:31:47.0328 1436 swenum - ok
23:31:47.0343 1436 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:31:47.0984 1436 swmidi - ok
23:31:48.0000 1436 SwPrv - ok
23:31:48.0093 1436 [ 486A64AABD88E4E174681E89E9736BC9 ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
23:31:48.0187 1436 Swupdtmr ( UnsignedFile.Multi.Generic ) - warning
23:31:48.0187 1436 Swupdtmr - detected UnsignedFile.Multi.Generic (1)
23:31:48.0406 1436 [ 0023CC5610B9C48CF68571DEE4C686FC ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
23:31:48.0656 1436 Symantec AntiVirus - ok
23:31:48.0656 1436 symc810 - ok
23:31:48.0687 1436 symc8xx - ok
23:31:48.0734 1436 [ 49B20B430A4F219173F823536944474A ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:31:48.0875 1436 SymEvent - ok
23:31:48.0953 1436 [ 626F733BE7F951116C5C0804B068666C ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
23:31:49.0015 1436 SYMREDRV - ok
23:31:49.0031 1436 [ CB7CC4DDBE09E224D4CD876760BA982C ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
23:31:49.0250 1436 SYMTDI - ok
23:31:49.0281 1436 sym_hi - ok
23:31:49.0375 1436 sym_u3 - ok
23:31:49.0437 1436 [ EB363DDFBE8B6D51003CCAB29D93D744 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:31:50.0109 1436 SynTP - ok
23:31:50.0156 1436 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:31:50.0687 1436 sysaudio - ok
23:31:50.0765 1436 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:31:51.0062 1436 SysmonLog - ok
23:31:51.0093 1436 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:31:51.0328 1436 TapiSrv - ok
23:31:51.0375 1436 [ EECA2B57545E7B7BE949B5E70E31444F ] TBiosDrv C:\WINDOWS\system32\drivers\TBiosDrv.sys
23:31:51.0406 1436 TBiosDrv ( UnsignedFile.Multi.Generic ) - warning
23:31:51.0406 1436 TBiosDrv - detected UnsignedFile.Multi.Generic (1)
23:31:51.0453 1436 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:31:51.0500 1436 Tcpip - ok
23:31:51.0531 1436 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:31:51.0765 1436 TDPIPE - ok
23:31:51.0812 1436 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:31:52.0046 1436 TDTCP - ok
23:31:52.0093 1436 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:31:52.0328 1436 TermDD - ok
23:31:52.0390 1436 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:31:52.0625 1436 TermService - ok
23:31:52.0687 1436 [ D0177776E11B0B3F272EEBD262A69661 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
23:31:52.0750 1436 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
23:31:52.0750 1436 tfsnboio - detected UnsignedFile.Multi.Generic (1)
23:31:52.0781 1436 [ 599804BC938B8305A5422319774DA871 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
23:31:52.0843 1436 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
23:31:52.0843 1436 tfsncofs - detected UnsignedFile.Multi.Generic (1)
23:31:52.0859 1436 [ A1902C00ADC11C4D83F8E3ED947A6A32 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
23:31:52.0921 1436 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
23:31:52.0921 1436 tfsndrct - detected UnsignedFile.Multi.Generic (1)
23:31:52.0953 1436 [ D8DDB3F2B1BEF15CFF6728D89C042C61 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
23:31:53.0000 1436 tfsndres ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0000 1436 tfsndres - detected UnsignedFile.Multi.Generic (1)
23:31:53.0031 1436 [ C4F2DEA75300971CDAEE311007DE138D ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
23:31:53.0062 1436 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0062 1436 tfsnifs - detected UnsignedFile.Multi.Generic (1)
23:31:53.0093 1436 [ 272925BE0EA919F08286D2EE6F102B0F ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
23:31:53.0140 1436 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0140 1436 tfsnopio - detected UnsignedFile.Multi.Generic (1)
23:31:53.0171 1436 [ 7B7D955E5CEBC2FB88B03EF875D52A2F ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
23:31:53.0203 1436 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0203 1436 tfsnpool - detected UnsignedFile.Multi.Generic (1)
23:31:53.0218 1436 [ E3D01263109D800C1967C12C10A0B018 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
23:31:53.0296 1436 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0296 1436 tfsnudf - detected UnsignedFile.Multi.Generic (1)
23:31:53.0328 1436 [ B9E9C377906E3A65BC74598FFF7F7458 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
23:31:53.0359 1436 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0359 1436 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
23:31:53.0390 1436 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:31:53.0421 1436 Themes - ok
23:31:53.0421 1436 TosIde - ok
23:31:53.0500 1436 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:31:54.0031 1436 TrkWks - ok
23:31:54.0109 1436 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:31:54.0718 1436 Udfs - ok
23:31:54.0750 1436 ultra - ok
23:31:54.0812 1436 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
23:31:54.0906 1436 UMWdf - ok
23:31:54.0953 1436 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:31:55.0515 1436 Update - ok
23:31:55.0546 1436 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:31:55.0812 1436 upnphost - ok
23:31:55.0875 1436 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:31:56.0109 1436 UPS - ok
23:31:56.0171 1436 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:31:56.0437 1436 usbccgp - ok
23:31:56.0484 1436 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:31:56.0734 1436 usbehci - ok
23:31:56.0781 1436 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:31:57.0421 1436 usbhub - ok
23:31:57.0468 1436 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:31:58.0078 1436 usbohci - ok
23:31:58.0156 1436 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:31:59.0062 1436 usbprint - ok
23:31:59.0093 1436 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:31:59.0687 1436 usbscan - ok
23:31:59.0734 1436 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:32:00.0140 1436 USBSTOR - ok
23:32:00.0156 1436 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:32:00.0390 1436 VgaSave - ok
23:32:00.0406 1436 ViaIde - ok
23:32:00.0453 1436 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:32:00.0687 1436 VolSnap - ok
23:32:00.0750 1436 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:32:01.0000 1436 VSS - ok
23:32:01.0031 1436 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:32:01.0265 1436 W32Time - ok
23:32:01.0328 1436 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:32:01.0562 1436 Wanarp - ok
23:32:01.0578 1436 wanatw - ok
23:32:01.0609 1436 WDICA - ok
23:32:01.0625 1436 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:32:01.0859 1436 wdmaud - ok
23:32:01.0906 1436 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:32:02.0109 1436 WebClient - ok
23:32:02.0187 1436 [ EB5D5DD39DA6B25FFD4206892365F67C ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:32:02.0312 1436 winachsf - ok
23:32:02.0390 1436 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:32:02.0625 1436 winmgmt - ok
23:32:02.0703 1436 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:32:02.0843 1436 WmdmPmSN - ok
23:32:02.0890 1436 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:32:03.0546 1436 WmiApSrv - ok
23:32:03.0656 1436 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:32:03.0875 1436 wscsvc - ok
23:32:03.0937 1436 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:32:04.0140 1436 wuauserv - ok
23:32:04.0203 1436 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:32:04.0421 1436 WZCSVC - ok
23:32:04.0453 1436 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:32:04.0671 1436 xmlprov - ok
23:32:04.0687 1436 ================ Scan global ===============================
23:32:04.0734 1436 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:32:04.0796 1436 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:32:04.0828 1436 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:32:04.0859 1436 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:32:04.0859 1436 [Global] - ok
23:32:04.0859 1436 ================ Scan MBR ==================================
23:32:04.0890 1436 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
23:32:05.0218 1436 \Device\Harddisk0\DR0 - ok
23:32:05.0234 1436 ================ Scan VBR ==================================
23:32:05.0234 1436 [ E2910C3D779A9C3DAABFEBFB05752691 ] \Device\Harddisk0\DR0\Partition1
23:32:05.0234 1436 \Device\Harddisk0\DR0\Partition1 - ok
23:32:05.0234 1436 ================ Scan active images ========================
23:32:05.0250 1436 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
23:32:05.0250 1436 C:\WINDOWS\system32\drivers\intelppm.sys - ok
23:32:05.0265 1436 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
23:32:05.0265 1436 C:\WINDOWS\system32\drivers\videoprt.sys - ok
23:32:05.0265 1436 [ D5537CC8CC9A86668E3903BD53CAA83C ] C:\WINDOWS\system32\drivers\ati2mtag.sys
23:32:05.0265 1436 C:\WINDOWS\system32\drivers\ati2mtag.sys - ok
23:32:05.0281 1436 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
23:32:05.0281 1436 C:\WINDOWS\system32\drivers\usbport.sys - ok
23:32:05.0296 1436 [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
23:32:05.0296 1436 C:\WINDOWS\system32\drivers\usbohci.sys - ok
23:32:05.0312 1436 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
23:32:05.0312 1436 C:\WINDOWS\system32\drivers\imapi.sys - ok
23:32:05.0312 1436 [ 6C1618A07B49E3873582B6449E744088 ] C:\WINDOWS\system32\drivers\pfc.sys
23:32:05.0312 1436 C:\WINDOWS\system32\drivers\pfc.sys - ok
23:32:05.0328 1436 [ 98625722AD52B40305E74AAA83C93086 ] C:\WINDOWS\system32\drivers\sscdbhk5.sys
23:32:05.0328 1436 C:\WINDOWS\system32\drivers\sscdbhk5.sys - ok
23:32:05.0343 1436 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
23:32:05.0343 1436 C:\WINDOWS\system32\drivers\usbehci.sys - ok
23:32:05.0359 1436 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
23:32:05.0359 1436 C:\WINDOWS\system32\drivers\cdrom.sys - ok
23:32:05.0359 1436 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
23:32:05.0359 1436 C:\WINDOWS\system32\drivers\ks.sys - ok
23:32:05.0375 1436 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
23:32:05.0375 1436 C:\WINDOWS\system32\drivers\redbook.sys - ok
23:32:05.0390 1436 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
23:32:05.0390 1436 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
23:32:05.0390 1436 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
23:32:05.0390 1436 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
23:32:05.0406 1436 [ C50FAA6FDA843FA2172AA2B9C3CD1DAB ] C:\WINDOWS\system32\drivers\qkbfiltr.sys
23:32:05.0406 1436 C:\WINDOWS\system32\drivers\qkbfiltr.sys - ok
23:32:05.0421 1436 [ 8652B9E134C3478BE948BF089DF8ED5E ] C:\WINDOWS\system32\drivers\qmofiltr.sys
23:32:05.0421 1436 C:\WINDOWS\system32\drivers\qmofiltr.sys - ok
23:32:05.0437 1436 [ EB363DDFBE8B6D51003CCAB29D93D744 ] C:\WINDOWS\system32\drivers\SynTP.sys
23:32:05.0437 1436 C:\WINDOWS\system32\drivers\SynTP.sys - ok
23:32:05.0437 1436 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
23:32:05.0437 1436 C:\WINDOWS\system32\drivers\usbd.sys - ok
23:32:05.0453 1436 [ 69645F795BBC22F05BEA8B8734E3EE82 ] C:\WINDOWS\system32\drivers\ar5211.sys
23:32:05.0453 1436 C:\WINDOWS\system32\drivers\ar5211.sys - ok
23:32:05.0468 1436 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
23:32:05.0468 1436 C:\WINDOWS\system32\drivers\mouclass.sys - ok
23:32:05.0484 1436 [ 4A0AE7891FCF74ACC848B109294CB80F ] C:\WINDOWS\system32\drivers\Rtlnicxp.sys
23:32:05.0484 1436 C:\WINDOWS\system32\drivers\Rtlnicxp.sys - ok
23:32:05.0484 1436 [ 9A3BBDE74DAB737EFA82DE7EF4B40BEA ] C:\WINDOWS\system32\drivers\camc6hal.sys
23:32:05.0484 1436 C:\WINDOWS\system32\drivers\camc6hal.sys - ok
23:32:05.0500 1436 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
23:32:05.0500 1436 C:\WINDOWS\system32\drivers\drmk.sys - ok
23:32:05.0515 1436 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
23:32:05.0515 1436 C:\WINDOWS\system32\drivers\portcls.sys - ok
23:32:05.0531 1436 [ CCE1F3C7C8E7383B90372229454999CF ] C:\WINDOWS\system32\drivers\camc6aud.sys
23:32:05.0531 1436 C:\WINDOWS\system32\drivers\camc6aud.sys - ok
23:32:05.0546 1436 [ 790ACB861176AE06D97BD7FBDDCDBBCB ] C:\WINDOWS\system32\drivers\HSFHWATI.sys
23:32:05.0546 1436 C:\WINDOWS\system32\drivers\HSFHWATI.sys - ok
23:32:05.0562 1436 [ 9A7C0D83BD340A43E10A453960607025 ] C:\WINDOWS\system32\drivers\HSF_DPV.sys
23:32:05.0562 1436 C:\WINDOWS\system32\drivers\HSF_DPV.sys - ok
23:32:05.0562 1436 [ EB5D5DD39DA6B25FFD4206892365F67C ] C:\WINDOWS\system32\drivers\HSF_CNXT.sys
23:32:05.0562 1436 C:\WINDOWS\system32\drivers\HSF_CNXT.sys - ok
23:32:05.0578 1436 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
23:32:05.0578 1436 C:\WINDOWS\system32\drivers\audstub.sys - ok
23:32:05.0593 1436 [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\cmbatt.sys
23:32:05.0593 1436 C:\WINDOWS\system32\drivers\cmbatt.sys - ok
23:32:05.0609 1436 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
23:32:05.0609 1436 C:\WINDOWS\system32\drivers\modem.sys - ok
23:32:05.0609 1436 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
23:32:05.0609 1436 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
23:32:05.0625 1436 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
23:32:05.0625 1436 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
23:32:05.0640 1436 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
23:32:05.0640 1436 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
23:32:05.0640 1436 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
23:32:05.0640 1436 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
23:32:05.0656 1436 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
23:32:05.0656 1436 C:\WINDOWS\system32\drivers\tdi.sys - ok
23:32:05.0671 1436 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
23:32:05.0671 1436 C:\WINDOWS\system32\drivers\raspptp.sys - ok
23:32:05.0687 1436 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
23:32:05.0687 1436 C:\WINDOWS\system32\drivers\msgpc.sys - ok
23:32:05.0687 1436 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
23:32:05.0687 1436 C:\WINDOWS\system32\drivers\psched.sys - ok
23:32:05.0703 1436 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
23:32:05.0703 1436 C:\WINDOWS\system32\drivers\ptilink.sys - ok
23:32:05.0718 1436 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
23:32:05.0718 1436 C:\WINDOWS\system32\drivers\raspti.sys - ok
23:32:05.0734 1436 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
23:32:05.0734 1436 C:\WINDOWS\system32\drivers\termdd.sys - ok
23:32:05.0750 1436 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
23:32:05.0750 1436 C:\WINDOWS\system32\drivers\swenum.sys - ok
23:32:05.0750 1436 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
23:32:05.0750 1436 C:\WINDOWS\system32\drivers\update.sys - ok
23:32:05.0765 1436 [ 141BEFBD4F2A84A66E2F54B9E32E40D1 ] C:\WINDOWS\system32\drivers\BoiHwSetup.sys
23:32:05.0765 1436 C:\WINDOWS\system32\drivers\BoiHwSetup.sys - ok
23:32:05.0781 1436 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
23:32:05.0781 1436 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
23:32:05.0796 1436 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
23:32:05.0796 1436 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
23:32:05.0796 1436 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
23:32:05.0796 1436 C:\WINDOWS\system32\drivers\usbhub.sys - ok
23:32:05.0812 1436 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
23:32:05.0812 1436 C:\WINDOWS\system32\drivers\fdc.sys - ok
23:32:05.0828 1436 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] C:\Program Files\Symantec AntiVirus\savrt.sys
23:32:05.0828 1436 C:\Program Files\Symantec AntiVirus\savrt.sys - ok
23:32:05.0843 1436 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
23:32:05.0843 1436 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
23:32:05.0843 1436 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
23:32:05.0843 1436 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
23:32:05.0859 1436 [ 49B20B430A4F219173F823536944474A ] C:\WINDOWS\system32\drivers\SYMEVENT.SYS
23:32:05.0859 1436 C:\WINDOWS\system32\drivers\SYMEVENT.SYS - ok
23:32:05.0875 1436 [ 97E5B6F3F95465E1F59360B59D8EC64E ] C:\Program Files\Symantec AntiVirus\Savrtpel.sys
23:32:05.0875 1436 C:\Program Files\Symantec AntiVirus\Savrtpel.sys - ok
23:32:05.0875 1436 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\NAVEX15.SYS
23:32:05.0875 1436 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\NAVEX15.SYS - ok
23:32:05.0890 1436 [ 7D7A3BC6640C1A0D1442816B30856928 ] C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\NAVENG.SYS
23:32:05.0890 1436 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\NAVENG.SYS - ok
23:32:05.0906 1436 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
23:32:05.0906 1436 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
23:32:05.0921 1436 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
23:32:05.0921 1436 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
23:32:05.0937 1436 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
23:32:05.0937 1436 C:\WINDOWS\system32\drivers\null.sys - ok
23:32:05.0937 1436 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
23:32:05.0937 1436 C:\WINDOWS\system32\drivers\beep.sys - ok
23:32:05.0953 1436 [ D79412E3942C8A257253487536D5A994 ] C:\WINDOWS\system32\drivers\ssrtln.sys
23:32:05.0953 1436 C:\WINDOWS\system32\drivers\ssrtln.sys - ok
23:32:05.0968 1436 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
23:32:05.0968 1436 C:\WINDOWS\system32\drivers\vga.sys - ok
23:32:05.0984 1436 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
23:32:05.0984 1436 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
23:32:05.0984 1436 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
23:32:05.0984 1436 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
23:32:06.0000 1436 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] C:\WINDOWS\system32\drivers\meiudf.sys
23:32:06.0000 1436 C:\WINDOWS\system32\drivers\meiudf.sys - ok
23:32:06.0015 1436 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] C:\WINDOWS\system32\drivers\udfs.sys
23:32:06.0015 1436 C:\WINDOWS\system32\drivers\udfs.sys - ok
23:32:06.0031 1436 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
23:32:06.0031 1436 C:\WINDOWS\system32\drivers\msfs.sys - ok
23:32:06.0031 1436 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
23:32:06.0031 1436 C:\WINDOWS\system32\drivers\npfs.sys - ok
23:32:06.0046 1436 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
23:32:06.0046 1436 C:\WINDOWS\system32\drivers\rasacd.sys - ok
23:32:06.0062 1436 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
23:32:06.0062 1436 C:\WINDOWS\system32\drivers\ipsec.sys - ok
23:32:06.0078 1436 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
23:32:06.0078 1436 C:\WINDOWS\system32\drivers\tcpip.sys - ok
23:32:06.0093 1436 [ CB7CC4DDBE09E224D4CD876760BA982C ] C:\WINDOWS\system32\drivers\symtdi.sys
23:32:06.0093 1436 C:\WINDOWS\system32\drivers\symtdi.sys - ok
23:32:06.0093 1436 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
23:32:06.0093 1436 C:\WINDOWS\system32\drivers\ipnat.sys - ok
23:32:06.0109 1436 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
23:32:06.0109 1436 C:\WINDOWS\system32\drivers\wanarp.sys - ok
23:32:06.0125 1436 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
23:32:06.0125 1436 C:\WINDOWS\system32\drivers\netbt.sys - ok
23:32:06.0125 1436 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
23:32:06.0125 1436 C:\WINDOWS\system32\drivers\afd.sys - ok
23:32:06.0140 1436 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
23:32:06.0140 1436 C:\WINDOWS\system32\drivers\netbios.sys - ok
23:32:06.0156 1436 [ EF9760A364D836A0CE6149EBDF71524D ] C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:32:06.0156 1436 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys - ok
23:32:06.0171 1436 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
23:32:06.0171 1436 C:\WINDOWS\system32\drivers\rdbss.sys - ok
23:32:06.0171 1436 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
23:32:06.0171 1436 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
23:32:06.0187 1436 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
23:32:06.0187 1436 C:\WINDOWS\system32\drivers\fips.sys - ok
23:32:06.0203 1436 [ 85B8B4032A895A746D46A288A9B30DED ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:32:06.0203 1436 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok
23:32:06.0218 1436 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:32:06.0218 1436 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
23:32:06.0234 1436 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
23:32:06.0234 1436 C:\WINDOWS\system32\smss.exe - ok
23:32:06.0234 1436 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
23:32:06.0234 1436 C:\WINDOWS\system32\ntdll.dll - ok
23:32:06.0250 1436 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
23:32:06.0250 1436 C:\WINDOWS\system32\autochk.exe - ok
23:32:06.0265 1436 [ 7A3EA5CA1AE2C8D94DCA120E0BEA0B02 ] C:\WINDOWS\system32\lsdelete.exe
23:32:06.0265 1436 C:\WINDOWS\system32\lsdelete.exe - ok
23:32:06.0281 1436 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
23:32:06.0281 1436 C:\WINDOWS\system32\drivers\atapi.sys - ok
23:32:06.0281 1436 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
23:32:06.0281 1436 C:\WINDOWS\system32\drivers\wmilib.sys - ok
23:32:06.0296 1436 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
23:32:06.0296 1436 C:\WINDOWS\system32\drivers\dxapi.sys - ok
23:32:06.0312 1436 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
23:32:06.0312 1436 C:\WINDOWS\system32\watchdog.sys - ok
23:32:06.0328 1436 [ 860AC2E4711D2DACF12D98A42105A611 ] C:\WINDOWS\system32\win32k.sys
23:32:06.0328 1436 C:\WINDOWS\system32\win32k.sys - ok
23:32:06.0328 1436 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
23:32:06.0328 1436 C:\WINDOWS\system32\csrss.exe - ok
23:32:06.0343 1436 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
23:32:06.0343 1436 C:\WINDOWS\system32\csrsrv.dll - ok
23:32:06.0359 1436 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:32:06.0359 1436 C:\WINDOWS\system32\basesrv.dll - ok
23:32:06.0375 1436 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
23:32:06.0375 1436 C:\WINDOWS\system32\gdi32.dll - ok
23:32:06.0375 1436 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:32:06.0375 1436 C:\WINDOWS\system32\winsrv.dll - ok
23:32:06.0390 1436 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
23:32:06.0390 1436 C:\WINDOWS\system32\kernel32.dll - ok
23:32:06.0406 1436 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
23:32:06.0406 1436 C:\WINDOWS\system32\user32.dll - ok
23:32:06.0406 1436 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
23:32:06.0406 1436 C:\WINDOWS\system32\drivers\dxg.sys - ok
23:32:06.0421 1436 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
23:32:06.0421 1436 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
23:32:06.0437 1436 [ D3F64518C311887B471E505C1FA6B537 ] C:\WINDOWS\system32\ati2dvag.dll
23:32:06.0437 1436 C:\WINDOWS\system32\ati2dvag.dll - ok
23:32:06.0453 1436 [ B9E36A602CEAE4EC901DB3F51CDD1B6A ] C:\WINDOWS\system32\ati2cqag.dll
23:32:06.0453 1436 C:\WINDOWS\system32\ati2cqag.dll - ok
23:32:06.0453 1436 [ 2D7AA72D6452B8B7BD95469B2454D501 ] C:\WINDOWS\system32\atikvmag.dll
23:32:06.0453 1436 C:\WINDOWS\system32\atikvmag.dll - ok
23:32:06.0468 1436 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
23:32:06.0468 1436 C:\WINDOWS\system32\vga.dll - ok
23:32:06.0484 1436 [ BB19A019D1D43118A15539809183035D ] C:\WINDOWS\system32\ati3duag.dll
23:32:06.0484 1436 C:\WINDOWS\system32\ati3duag.dll - ok
23:32:06.0500 1436 [ 7BC895C47D36BBBFA128798A8B1AD34C ] C:\WINDOWS\system32\ativvaxx.dll
23:32:06.0500 1436 C:\WINDOWS\system32\ativvaxx.dll - ok
23:32:06.0500 1436 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
23:32:06.0500 1436 C:\WINDOWS\system32\winlogon.exe - ok
23:32:06.0515 1436 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
23:32:06.0515 1436 C:\WINDOWS\system32\advapi32.dll - ok
23:32:06.0531 1436 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
23:32:06.0531 1436 C:\WINDOWS\system32\rpcrt4.dll - ok
23:32:06.0546 1436 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
23:32:06.0546 1436 C:\WINDOWS\system32\authz.dll - ok
23:32:06.0562 1436 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
23:32:06.0562 1436 C:\WINDOWS\system32\msvcrt.dll - ok
23:32:06.0578 1436 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
23:32:06.0578 1436 C:\WINDOWS\system32\secur32.dll - ok
23:27:53.0312 3256 ============================================================
23:27:53.0328 3256 Current date / time: 2013/04/18 23:27:53.0312
23:27:53.0328 3256 SystemInfo:
23:27:53.0328 3256
23:27:53.0328 3256 OS Version: 5.1.2600 ServicePack: 3.0
23:27:53.0328 3256 Product type: Workstation
23:27:53.0328 3256 ComputerName: TOSHI-BOB
23:27:53.0328 3256 UserName: Myles
23:27:53.0328 3256 Windows directory: C:\WINDOWS
23:27:53.0328 3256 System windows directory: C:\WINDOWS
23:27:53.0328 3256 Processor architecture: Intel x86
23:27:53.0328 3256 Number of processors: 1
23:27:53.0328 3256 Page size: 0x1000
23:27:53.0328 3256 Boot type: Normal boot
23:27:53.0328 3256 ============================================================
23:28:02.0171 3256 BG loaded
23:28:24.0390 3256 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:28:24.0468 3256 ============================================================
23:28:24.0468 3256 \Device\Harddisk0\DR0:
23:28:24.0578 3256 MBR partitions:
23:28:24.0578 3256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
23:28:24.0578 3256 ============================================================
23:28:24.0828 3256 C: <-> \Device\Harddisk0\DR0\Partition1
23:28:25.0015 3256 ============================================================
23:28:25.0015 3256 Initialize success
23:28:25.0015 3256 ============================================================
23:29:58.0625 1436 ============================================================
23:29:58.0625 1436 Scan started
23:29:58.0625 1436 Mode: Manual; SigCheck; TDLFS;
23:29:58.0625 1436 ============================================================
23:30:00.0750 1436 ================ Scan system memory ========================
23:30:09.0078 1436 System memory - ok
23:30:09.0078 1436 ================ Scan services =============================
23:30:10.0796 1436 Abiosdsk - ok
23:30:10.0812 1436 abp480n5 - ok
23:30:10.0906 1436 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:30:29.0531 1436 ACPI - ok
23:30:29.0578 1436 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:30:30.0031 1436 ACPIEC - ok
23:30:30.0125 1436 [ 4B3D99792BE5BFA9296F4C3F0B7157D3 ] ACS C:\WINDOWS\system32\acs.exe
23:30:30.0234 1436 ACS ( UnsignedFile.Multi.Generic ) - warning
23:30:30.0234 1436 ACS - detected UnsignedFile.Multi.Generic (1)
23:30:30.0468 1436 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:30:31.0171 1436 AdobeFlashPlayerUpdateSvc - ok
23:30:31.0187 1436 adpu160m - ok
23:30:31.0250 1436 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:30:31.0625 1436 aec - ok
23:30:31.0671 1436 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:30:31.0734 1436 AegisP ( UnsignedFile.Multi.Generic ) - warning
23:30:31.0734 1436 AegisP - detected UnsignedFile.Multi.Generic (1)
23:30:31.0812 1436 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:30:32.0015 1436 AFD - ok
23:30:32.0031 1436 Aha154x - ok
23:30:32.0046 1436 aic78u2 - ok
23:30:32.0062 1436 aic78xx - ok
23:30:32.0109 1436 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:30:32.0421 1436 Alerter - ok
23:30:32.0453 1436 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:30:32.0718 1436 ALG - ok
23:30:32.0734 1436 AliIde - ok
23:30:32.0750 1436 amsint - ok
23:30:32.0765 1436 AppMgmt - ok
23:30:32.0921 1436 [ 69645F795BBC22F05BEA8B8734E3EE82 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
23:30:33.0156 1436 AR5211 - ok
23:30:33.0171 1436 asc - ok
23:30:33.0187 1436 asc3350p - ok
23:30:33.0234 1436 asc3550 - ok
23:30:33.0296 1436 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
23:30:33.0343 1436 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
23:30:33.0343 1436 ASCTRM - detected UnsignedFile.Multi.Generic (1)
23:30:33.0546 1436 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
23:30:33.0687 1436 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
23:30:33.0687 1436 aspnet_state - detected UnsignedFile.Multi.Generic (1)
23:30:33.0781 1436 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:30:34.0062 1436 AsyncMac - ok
23:30:34.0078 1436 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:30:34.0312 1436 atapi - ok
23:30:34.0312 1436 Atdisk - ok
23:30:34.0375 1436 [ 06B67E6A0B679D037D2D9E27A64CE90C ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:30:34.0765 1436 Ati HotKey Poller - ok
23:30:35.0078 1436 [ D5537CC8CC9A86668E3903BD53CAA83C ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:30:35.0546 1436 ati2mtag - ok
23:30:35.0578 1436 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:30:35.0921 1436 Atmarpc - ok
23:30:35.0984 1436 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:30:36.0281 1436 AudioSrv - ok
23:30:36.0406 1436 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:30:36.0687 1436 audstub - ok
23:30:36.0750 1436 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:30:37.0312 1436 Beep - ok
23:30:38.0250 1436 [ 5012F080FCCF701E2CD6B045AC7814D9 ] bfastfao C:\DOCUME~1\Myles\LOCALS~1\Temp\bfastfao.sys
23:30:38.0625 1436 bfastfao ( UnsignedFile.Multi.Generic ) - warning
23:30:38.0625 1436 bfastfao - detected UnsignedFile.Multi.Generic (1)
23:30:38.0796 1436 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:30:39.0171 1436 BITS - ok
23:30:39.0203 1436 [ 141BEFBD4F2A84A66E2F54B9E32E40D1 ] BoiHwsetup C:\WINDOWS\system32\drivers\BoiHwSetup.sys
23:30:39.0437 1436 BoiHwsetup - ok
23:30:39.0500 1436 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:30:39.0687 1436 Browser - ok
23:30:39.0734 1436 [ CCE1F3C7C8E7383B90372229454999CF ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
23:30:40.0015 1436 CAMCAUD - ok
23:30:40.0078 1436 [ 9A3BBDE74DAB737EFA82DE7EF4B40BEA ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
23:30:40.0406 1436 CAMCHALA - ok
23:30:40.0468 1436 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:30:41.0046 1436 cbidf2k - ok
23:30:41.0359 1436 [ 04945313BC60488E0C14AD1167160659 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
23:30:41.0390 1436 ccEvtMgr - ok
23:30:41.0468 1436 [ 2203161EC24C210D51DB69C604F4A504 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
23:30:41.0531 1436 ccSetMgr - ok
23:30:41.0562 1436 cd20xrnt - ok
23:30:41.0656 1436 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:30:41.0890 1436 Cdaudio - ok
23:30:41.0953 1436 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:30:42.0281 1436 Cdfs - ok
23:30:42.0312 1436 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:30:42.0718 1436 Cdrom - ok
23:30:42.0828 1436 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
23:30:43.0031 1436 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
23:30:43.0031 1436 CFSvcs - detected UnsignedFile.Multi.Generic (1)
23:30:43.0046 1436 Changer - ok
23:30:43.0078 1436 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:30:43.0453 1436 CiSvc - ok
23:30:43.0484 1436 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:30:43.0859 1436 ClipSrv - ok
23:30:43.0890 1436 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:30:44.0250 1436 CmBatt - ok
23:30:44.0250 1436 CmdIde - ok
23:30:44.0296 1436 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:30:44.0546 1436 Compbatt - ok
23:30:44.0562 1436 COMSysApp - ok
23:30:44.0593 1436 Cpqarray - ok
23:30:44.0671 1436 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:30:44.0937 1436 CryptSvc - ok
23:30:44.0937 1436 dac2w2k - ok
23:30:44.0968 1436 dac960nt - ok
23:30:45.0109 1436 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:30:45.0296 1436 DcomLaunch - ok
23:30:45.0343 1436 [ 9709D3D9E592D3217353F3FAFE29FAA3 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
23:30:45.0531 1436 DefWatch - ok
23:30:45.0578 1436 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:30:45.0890 1436 Dhcp - ok
23:30:45.0937 1436 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:30:46.0312 1436 Disk - ok
23:30:46.0312 1436 dmadmin - ok
23:30:46.0406 1436 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:30:47.0015 1436 dmboot - ok
23:30:47.0109 1436 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:30:47.0687 1436 dmio - ok
23:30:47.0734 1436 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:30:48.0093 1436 dmload - ok
23:30:48.0156 1436 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:30:48.0531 1436 dmserver - ok
23:30:48.0578 1436 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:30:48.0781 1436 DMusic - ok
23:30:48.0828 1436 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:30:49.0078 1436 Dnscache - ok
23:30:49.0171 1436 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:30:49.0468 1436 Dot3svc - ok
23:30:49.0484 1436 dpti2o - ok
23:30:49.0500 1436 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:30:49.0750 1436 drmkaud - ok
23:30:49.0796 1436 [ 96BC8F872F0270C10EDC3931F1C03776 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
23:30:49.0937 1436 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
23:30:49.0937 1436 drvmcdb - detected UnsignedFile.Multi.Generic (1)
23:30:49.0953 1436 [ 5AFBEC7A6AC61B211633DFDB1D9E0C89 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
23:30:50.0015 1436 drvnddm ( UnsignedFile.Multi.Generic ) - warning
23:30:50.0015 1436 drvnddm - detected UnsignedFile.Multi.Generic (1)
23:30:50.0093 1436 [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
23:30:50.0156 1436 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - warning
23:30:50.0156 1436 DVD-RAM_Service - detected UnsignedFile.Multi.Generic (1)
23:30:50.0234 1436 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:30:50.0500 1436 EapHost - ok
23:30:50.0593 1436 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:30:50.0765 1436 eeCtrl - ok
23:30:50.0828 1436 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:30:50.0875 1436 EraserUtilRebootDrv - ok
23:30:50.0953 1436 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:30:51.0203 1436 ERSvc - ok
23:30:51.0265 1436 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:30:51.0359 1436 Eventlog - ok
23:30:51.0421 1436 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:30:51.0687 1436 EventSystem - ok
23:30:51.0796 1436 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:30:52.0312 1436 Fastfat - ok
23:30:52.0390 1436 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:30:52.0531 1436 FastUserSwitchingCompatibility - ok
23:30:52.0593 1436 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
23:30:52.0843 1436 Fax - ok
23:30:52.0875 1436 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:30:53.0125 1436 Fdc - ok
23:30:53.0156 1436 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:30:53.0406 1436 Fips - ok
23:30:53.0453 1436 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:30:53.0796 1436 Flpydisk - ok
23:30:53.0843 1436 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:30:54.0218 1436 FltMgr - ok
23:30:54.0265 1436 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:30:54.0531 1436 Fs_Rec - ok
23:30:54.0593 1436 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:30:54.0921 1436 Ftdisk - ok
23:30:55.0000 1436 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:30:55.0265 1436 Gpc - ok
23:30:55.0453 1436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:30:55.0593 1436 gupdate - ok
23:30:55.0625 1436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:30:55.0656 1436 gupdatem - ok
23:30:55.0781 1436 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:30:56.0046 1436 helpsvc - ok
23:30:56.0062 1436 HidServ - ok
23:30:56.0125 1436 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:30:56.0406 1436 HidUsb - ok
23:30:56.0453 1436 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:30:56.0796 1436 hkmsvc - ok
23:30:56.0812 1436 hpn - ok
23:30:57.0078 1436 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:30:57.0125 1436 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
23:30:57.0125 1436 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
23:30:57.0171 1436 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:30:57.0203 1436 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
23:30:57.0203 1436 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
23:30:57.0250 1436 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:30:58.0093 1436 HPZid412 - ok
23:30:58.0156 1436 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:30:58.0265 1436 HPZipr12 - ok
23:30:58.0343 1436 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:30:58.0437 1436 HPZius12 - ok
23:30:58.0484 1436 [ 790ACB861176AE06D97BD7FBDDCDBBCB ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
23:30:58.0828 1436 HSFHWATI - ok
23:30:59.0078 1436 [ 9A7C0D83BD340A43E10A453960607025 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:31:00.0406 1436 HSF_DPV - ok
23:31:00.0484 1436 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:31:00.0625 1436 HTTP - ok
23:31:00.0750 1436 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:31:01.0015 1436 HTTPFilter - ok
23:31:01.0015 1436 i2omgmt - ok
23:31:01.0031 1436 i2omp - ok
23:31:01.0078 1436 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:31:01.0406 1436 i8042prt - ok
23:31:01.0968 1436 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:31:02.0359 1436 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:31:02.0359 1436 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:31:02.0390 1436 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:31:02.0703 1436 Imapi - ok
23:31:02.0781 1436 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:31:03.0031 1436 ImapiService - ok
23:31:03.0031 1436 ini910u - ok
23:31:03.0062 1436 IntelIde - ok
23:31:03.0109 1436 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:31:03.0328 1436 intelppm - ok
23:31:03.0359 1436 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:31:03.0578 1436 Ip6Fw - ok
23:31:03.0656 1436 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:31:04.0046 1436 IpFilterDriver - ok
23:31:04.0078 1436 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:31:04.0359 1436 IpInIp - ok
23:31:04.0406 1436 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:31:04.0656 1436 IpNat - ok
23:31:04.0734 1436 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:31:04.0953 1436 IPSec - ok
23:31:04.0984 1436 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:31:05.0234 1436 IRENUM - ok
23:31:05.0296 1436 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:31:05.0656 1436 isapnp - ok
23:31:07.0468 1436 [ A0D14B7538FA3AE9CB771B9E99CECF43 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:31:07.0578 1436 JavaQuickStarterService - ok
23:31:07.0609 1436 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:31:08.0000 1436 Kbdclass - ok
23:31:08.0187 1436 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:31:08.0437 1436 kmixer - ok
23:31:08.0531 1436 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:31:08.0921 1436 KSecDD - ok
23:31:08.0984 1436 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:31:09.0078 1436 lanmanserver - ok
23:31:09.0156 1436 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:31:09.0250 1436 lanmanworkstation - ok
23:31:09.0656 1436 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
23:31:10.0390 1436 Lavasoft Ad-Aware Service - ok
23:31:10.0468 1436 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
23:31:10.0531 1436 Lavasoft Kernexplorer - ok
23:31:10.0593 1436 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
23:31:11.0015 1436 Lbd - ok
23:31:11.0062 1436 lbrtfdc - ok
23:31:11.0765 1436 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
23:31:15.0828 1436 LiveUpdate - ok
23:31:15.0875 1436 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:31:16.0250 1436 LmHosts - ok
23:31:16.0265 1436 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:31:16.0328 1436 mdmxsdk - ok
23:31:16.0375 1436 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
23:31:16.0406 1436 meiudf ( UnsignedFile.Multi.Generic ) - warning
23:31:16.0406 1436 meiudf - detected UnsignedFile.Multi.Generic (1)
23:31:16.0437 1436 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:31:17.0046 1436 Messenger - ok
23:31:17.0109 1436 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:31:17.0531 1436 mnmdd - ok
23:31:17.0578 1436 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:31:17.0828 1436 mnmsrvc - ok
23:31:17.0859 1436 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:31:18.0109 1436 Modem - ok
23:31:18.0140 1436 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:31:18.0437 1436 Mouclass - ok
23:31:18.0500 1436 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:31:18.0796 1436 mouhid - ok
23:31:18.0843 1436 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:31:19.0109 1436 MountMgr - ok
23:31:19.0125 1436 mraid35x - ok
23:31:19.0140 1436 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:31:19.0390 1436 MRxDAV - ok
23:31:19.0468 1436 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:31:19.0937 1436 MRxSmb - ok
23:31:20.0015 1436 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:31:20.0687 1436 MSDTC - ok
23:31:20.0718 1436 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:31:21.0234 1436 Msfs - ok
23:31:21.0250 1436 MSIServer - ok
23:31:21.0296 1436 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:31:21.0687 1436 MSKSSRV - ok
23:31:21.0734 1436 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:31:22.0515 1436 MSPCLOCK - ok
23:31:22.0562 1436 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:31:23.0390 1436 MSPQM - ok
23:31:23.0437 1436 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:31:24.0109 1436 mssmbios - ok
23:31:24.0156 1436 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:31:24.0296 1436 Mup - ok
23:31:24.0359 1436 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:31:24.0906 1436 napagent - ok
23:31:25.0125 1436 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\naveng.sys
23:31:25.0203 1436 NAVENG - ok
23:31:25.0328 1436 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\navex15.sys
23:31:25.0531 1436 NAVEX15 - ok
23:31:25.0546 1436 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:31:26.0000 1436 NDIS - ok
23:31:26.0031 1436 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:31:26.0250 1436 NdisTapi - ok
23:31:26.0296 1436 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:31:26.0984 1436 Ndisuio - ok
23:31:27.0031 1436 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:31:27.0656 1436 NdisWan - ok
23:31:27.0703 1436 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:31:27.0828 1436 NDProxy - ok
23:31:27.0890 1436 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
23:31:27.0968 1436 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:31:27.0968 1436 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:31:28.0000 1436 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:31:28.0562 1436 NetBIOS - ok
23:31:28.0609 1436 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:31:28.0828 1436 NetBT - ok
23:31:28.0859 1436 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:31:29.0078 1436 NetDDE - ok
23:31:29.0093 1436 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:31:29.0265 1436 NetDDEdsdm - ok
23:31:29.0328 1436 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
23:31:29.0375 1436 Netdevio ( UnsignedFile.Multi.Generic ) - warning
23:31:29.0375 1436 Netdevio - detected UnsignedFile.Multi.Generic (1)
23:31:29.0421 1436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:31:29.0578 1436 Netlogon - ok
23:31:29.0625 1436 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:31:29.0812 1436 Netman - ok
23:31:29.0890 1436 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:31:29.0968 1436 Nla - ok
23:31:30.0000 1436 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:31:30.0203 1436 Npfs - ok
23:31:30.0250 1436 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:31:30.0593 1436 Ntfs - ok
23:31:30.0593 1436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:31:30.0796 1436 NtLmSsp - ok
23:31:30.0875 1436 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:31:31.0250 1436 NtmsSvc - ok
23:31:31.0312 1436 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:31:31.0562 1436 Null - ok
23:31:31.0593 1436 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:31:31.0875 1436 NwlnkFlt - ok
23:31:31.0953 1436 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:31:32.0234 1436 NwlnkFwd - ok
23:31:32.0265 1436 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:31:32.0343 1436 ose - ok
23:31:32.0390 1436 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:31:32.0656 1436 Parport - ok
23:31:32.0703 1436 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:31:32.0953 1436 PartMgr - ok
23:31:33.0000 1436 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:31:33.0281 1436 ParVdm - ok
23:31:33.0328 1436 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:31:34.0140 1436 PCI - ok
23:31:34.0156 1436 PCIDump - ok
23:31:34.0218 1436 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:31:34.0468 1436 PCIIde - ok
23:31:34.0515 1436 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:31:34.0718 1436 Pcmcia - ok
23:31:34.0734 1436 PDCOMP - ok
23:31:34.0750 1436 PDFRAME - ok
23:31:34.0765 1436 PDRELI - ok
23:31:34.0781 1436 PDRFRAME - ok
23:31:34.0796 1436 perc2 - ok
23:31:34.0812 1436 perc2hib - ok
23:31:34.0890 1436 [ 6C1618A07B49E3873582B6449E744088 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
23:31:34.0953 1436 pfc ( UnsignedFile.Multi.Generic ) - warning
23:31:34.0953 1436 pfc - detected UnsignedFile.Multi.Generic (1)
23:31:34.0984 1436 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:31:35.0015 1436 PlugPlay - ok
23:31:35.0046 1436 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
23:31:35.0062 1436 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:31:35.0062 1436 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:31:35.0093 1436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:31:35.0281 1436 PolicyAgent - ok
23:31:35.0312 1436 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:31:35.0546 1436 PptpMiniport - ok
23:31:35.0562 1436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:31:35.0765 1436 ProtectedStorage - ok
23:31:35.0781 1436 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:31:36.0062 1436 PSched - ok
23:31:36.0125 1436 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:31:36.0390 1436 Ptilink - ok
23:31:36.0437 1436 [ 25F7C4453F189F79EB3846D3E23805A0 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:31:36.0468 1436 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
23:31:36.0468 1436 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
23:31:36.0515 1436 [ C50FAA6FDA843FA2172AA2B9C3CD1DAB ] qkbfiltr C:\WINDOWS\system32\drivers\qkbfiltr.sys
23:31:36.0609 1436 qkbfiltr ( UnsignedFile.Multi.Generic ) - warning
23:31:36.0609 1436 qkbfiltr - detected UnsignedFile.Multi.Generic (1)
23:31:36.0625 1436 ql1080 - ok
23:31:36.0656 1436 Ql10wnt - ok
23:31:36.0656 1436 ql12160 - ok
23:31:36.0671 1436 ql1240 - ok
23:31:36.0687 1436 ql1280 - ok
23:31:36.0718 1436 [ 8652B9E134C3478BE948BF089DF8ED5E ] qmofiltr C:\WINDOWS\system32\drivers\qmofiltr.sys
23:31:36.0750 1436 qmofiltr ( UnsignedFile.Multi.Generic ) - warning
23:31:36.0750 1436 qmofiltr - detected UnsignedFile.Multi.Generic (1)
23:31:36.0781 1436 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:31:37.0031 1436 RasAcd - ok
23:31:37.0078 1436 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:31:37.0296 1436 RasAuto - ok
23:31:37.0343 1436 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:31:37.0593 1436 Rasl2tp - ok
23:31:37.0671 1436 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:31:37.0875 1436 RasMan - ok
23:31:37.0890 1436 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:31:38.0109 1436 RasPppoe - ok
23:31:38.0156 1436 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:31:38.0421 1436 Raspti - ok
23:31:38.0468 1436 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:31:38.0656 1436 Rdbss - ok
23:31:38.0703 1436 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:31:38.0984 1436 RDPCDD - ok
23:31:39.0046 1436 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:31:39.0156 1436 RDPWD - ok
23:31:39.0203 1436 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:31:39.0437 1436 RDSessMgr - ok
23:31:39.0453 1436 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:31:39.0687 1436 redbook - ok
23:31:39.0750 1436 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:31:40.0000 1436 RemoteAccess - ok
23:31:40.0046 1436 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:31:40.0296 1436 RpcLocator - ok
23:31:40.0328 1436 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:31:40.0390 1436 RpcSs - ok
23:31:40.0437 1436 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:31:40.0734 1436 RSVP - ok
23:31:40.0781 1436 [ 4A0AE7891FCF74ACC848B109294CB80F ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
23:31:40.0906 1436 RTL8023xp - ok
23:31:40.0968 1436 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:31:41.0187 1436 rtl8139 - ok
23:31:41.0218 1436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:31:41.0437 1436 SamSs - ok
23:31:41.0515 1436 [ 5387EAE86FB5F6B72052F5273BDD3E86 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
23:31:41.0625 1436 SavRoam - ok
23:31:41.0656 1436 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
23:31:41.0734 1436 SAVRT - ok
23:31:41.0750 1436 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
23:31:41.0796 1436 SAVRTPEL - ok
23:31:41.0843 1436 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:31:42.0125 1436 SCardSvr - ok
23:31:42.0187 1436 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:31:42.0406 1436 Schedule - ok
23:31:42.0484 1436 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:31:42.0734 1436 Secdrv - ok
23:31:42.0796 1436 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:31:43.0000 1436 seclogon - ok
23:31:43.0031 1436 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:31:43.0250 1436 SENS - ok
23:31:43.0296 1436 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
23:31:43.0546 1436 Serial - ok
23:31:43.0578 1436 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:31:43.0812 1436 Sfloppy - ok
23:31:43.0890 1436 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:31:44.0125 1436 SharedAccess - ok
23:31:44.0187 1436 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:31:44.0296 1436 ShellHWDetection - ok
23:31:44.0312 1436 Simbad - ok
23:31:44.0390 1436 [ A16722715D3206AB7E1A6463CE0B747E ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
23:31:44.0906 1436 SNDSrvc - ok
23:31:44.0906 1436 Sparrow - ok
23:31:45.0015 1436 [ EF9760A364D836A0CE6149EBDF71524D ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:31:45.0078 1436 SPBBCDrv - ok
23:31:45.0156 1436 [ 0A6BCAB3BB4AD9D25E833FB3F840CAE0 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
23:31:45.0250 1436 SPBBCSvc - ok
23:31:45.0281 1436 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:31:45.0515 1436 splitter - ok
23:31:45.0562 1436 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:31:45.0640 1436 Spooler - ok
23:31:45.0671 1436 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:31:45.0921 1436 sr - ok
23:31:45.0968 1436 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:31:46.0203 1436 srservice - ok
23:31:46.0265 1436 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:31:46.0359 1436 Srv - ok
23:31:46.0390 1436 [ 98625722AD52B40305E74AAA83C93086 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
23:31:46.0437 1436 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
23:31:46.0437 1436 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
23:31:46.0468 1436 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:31:46.0687 1436 SSDPSRV - ok
23:31:46.0703 1436 [ D79412E3942C8A257253487536D5A994 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
23:31:46.0765 1436 ssrtln ( UnsignedFile.Multi.Generic ) - warning
23:31:46.0765 1436 ssrtln - detected UnsignedFile.Multi.Generic (1)
23:31:46.0812 1436 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:31:47.0062 1436 stisvc - ok
23:31:47.0093 1436 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:31:47.0328 1436 swenum - ok
23:31:47.0343 1436 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:31:47.0984 1436 swmidi - ok
23:31:48.0000 1436 SwPrv - ok
23:31:48.0093 1436 [ 486A64AABD88E4E174681E89E9736BC9 ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
23:31:48.0187 1436 Swupdtmr ( UnsignedFile.Multi.Generic ) - warning
23:31:48.0187 1436 Swupdtmr - detected UnsignedFile.Multi.Generic (1)
23:31:48.0406 1436 [ 0023CC5610B9C48CF68571DEE4C686FC ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
23:31:48.0656 1436 Symantec AntiVirus - ok
23:31:48.0656 1436 symc810 - ok
23:31:48.0687 1436 symc8xx - ok
23:31:48.0734 1436 [ 49B20B430A4F219173F823536944474A ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:31:48.0875 1436 SymEvent - ok
23:31:48.0953 1436 [ 626F733BE7F951116C5C0804B068666C ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
23:31:49.0015 1436 SYMREDRV - ok
23:31:49.0031 1436 [ CB7CC4DDBE09E224D4CD876760BA982C ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
23:31:49.0250 1436 SYMTDI - ok
23:31:49.0281 1436 sym_hi - ok
23:31:49.0375 1436 sym_u3 - ok
23:31:49.0437 1436 [ EB363DDFBE8B6D51003CCAB29D93D744 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:31:50.0109 1436 SynTP - ok
23:31:50.0156 1436 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:31:50.0687 1436 sysaudio - ok
23:31:50.0765 1436 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:31:51.0062 1436 SysmonLog - ok
23:31:51.0093 1436 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:31:51.0328 1436 TapiSrv - ok
23:31:51.0375 1436 [ EECA2B57545E7B7BE949B5E70E31444F ] TBiosDrv C:\WINDOWS\system32\drivers\TBiosDrv.sys
23:31:51.0406 1436 TBiosDrv ( UnsignedFile.Multi.Generic ) - warning
23:31:51.0406 1436 TBiosDrv - detected UnsignedFile.Multi.Generic (1)
23:31:51.0453 1436 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:31:51.0500 1436 Tcpip - ok
23:31:51.0531 1436 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:31:51.0765 1436 TDPIPE - ok
23:31:51.0812 1436 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:31:52.0046 1436 TDTCP - ok
23:31:52.0093 1436 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:31:52.0328 1436 TermDD - ok
23:31:52.0390 1436 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:31:52.0625 1436 TermService - ok
23:31:52.0687 1436 [ D0177776E11B0B3F272EEBD262A69661 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
23:31:52.0750 1436 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
23:31:52.0750 1436 tfsnboio - detected UnsignedFile.Multi.Generic (1)
23:31:52.0781 1436 [ 599804BC938B8305A5422319774DA871 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
23:31:52.0843 1436 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
23:31:52.0843 1436 tfsncofs - detected UnsignedFile.Multi.Generic (1)
23:31:52.0859 1436 [ A1902C00ADC11C4D83F8E3ED947A6A32 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
23:31:52.0921 1436 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
23:31:52.0921 1436 tfsndrct - detected UnsignedFile.Multi.Generic (1)
23:31:52.0953 1436 [ D8DDB3F2B1BEF15CFF6728D89C042C61 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
23:31:53.0000 1436 tfsndres ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0000 1436 tfsndres - detected UnsignedFile.Multi.Generic (1)
23:31:53.0031 1436 [ C4F2DEA75300971CDAEE311007DE138D ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
23:31:53.0062 1436 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0062 1436 tfsnifs - detected UnsignedFile.Multi.Generic (1)
23:31:53.0093 1436 [ 272925BE0EA919F08286D2EE6F102B0F ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
23:31:53.0140 1436 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0140 1436 tfsnopio - detected UnsignedFile.Multi.Generic (1)
23:31:53.0171 1436 [ 7B7D955E5CEBC2FB88B03EF875D52A2F ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
23:31:53.0203 1436 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0203 1436 tfsnpool - detected UnsignedFile.Multi.Generic (1)
23:31:53.0218 1436 [ E3D01263109D800C1967C12C10A0B018 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
23:31:53.0296 1436 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0296 1436 tfsnudf - detected UnsignedFile.Multi.Generic (1)
23:31:53.0328 1436 [ B9E9C377906E3A65BC74598FFF7F7458 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
23:31:53.0359 1436 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0359 1436 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
23:31:53.0390 1436 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:31:53.0421 1436 Themes - ok
23:31:53.0421 1436 TosIde - ok
23:31:53.0500 1436 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:31:54.0031 1436 TrkWks - ok
23:31:54.0109 1436 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:31:54.0718 1436 Udfs - ok
23:31:54.0750 1436 ultra - ok
23:31:54.0812 1436 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
23:31:54.0906 1436 UMWdf - ok
23:31:54.0953 1436 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:31:55.0515 1436 Update - ok
23:31:55.0546 1436 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:31:55.0812 1436 upnphost - ok
23:31:55.0875 1436 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:31:56.0109 1436 UPS - ok
23:31:56.0171 1436 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:31:56.0437 1436 usbccgp - ok
23:31:56.0484 1436 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:31:56.0734 1436 usbehci - ok
23:31:56.0781 1436 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:31:57.0421 1436 usbhub - ok
23:31:57.0468 1436 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:31:58.0078 1436 usbohci - ok
23:31:58.0156 1436 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:31:59.0062 1436 usbprint - ok
23:31:59.0093 1436 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:31:59.0687 1436 usbscan - ok
23:31:59.0734 1436 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:32:00.0140 1436 USBSTOR - ok
23:32:00.0156 1436 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:32:00.0390 1436 VgaSave - ok
23:32:00.0406 1436 ViaIde - ok
23:32:00.0453 1436 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:32:00.0687 1436 VolSnap - ok
23:32:00.0750 1436 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:32:01.0000 1436 VSS - ok
23:32:01.0031 1436 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:32:01.0265 1436 W32Time - ok
23:32:01.0328 1436 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:32:01.0562 1436 Wanarp - ok
23:32:01.0578 1436 wanatw - ok
23:32:01.0609 1436 WDICA - ok
23:32:01.0625 1436 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:32:01.0859 1436 wdmaud - ok
23:32:01.0906 1436 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:32:02.0109 1436 WebClient - ok
23:32:02.0187 1436 [ EB5D5DD39DA6B25FFD4206892365F67C ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:32:02.0312 1436 winachsf - ok
23:32:02.0390 1436 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:32:02.0625 1436 winmgmt - ok
23:32:02.0703 1436 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:32:02.0843 1436 WmdmPmSN - ok
23:32:02.0890 1436 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:32:03.0546 1436 WmiApSrv - ok
23:32:03.0656 1436 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:32:03.0875 1436 wscsvc - ok
23:32:03.0937 1436 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:32:04.0140 1436 wuauserv - ok
23:32:04.0203 1436 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:32:04.0421 1436 WZCSVC - ok
23:32:04.0453 1436 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:32:04.0671 1436 xmlprov - ok
23:32:04.0687 1436 ================ Scan global ===============================
23:32:04.0734 1436 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:32:04.0796 1436 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:32:04.0828 1436 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:32:04.0859 1436 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:32:04.0859 1436 [Global] - ok
23:32:04.0859 1436 ================ Scan MBR ==================================
23:32:04.0890 1436 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
23:32:05.0218 1436 \Device\Harddisk0\DR0 - ok
23:32:05.0234 1436 ================ Scan VBR ==================================
23:32:05.0234 1436 [ E2910C3D779A9C3DAABFEBFB05752691 ] \Device\Harddisk0\DR0\Partition1
23:32:05.0234 1436 \Device\Harddisk0\DR0\Partition1 - ok
23:32:05.0234 1436 ================ Scan active images ========================
23:32:05.0250 1436 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
23:32:05.0250 1436 C:\WINDOWS\system32\drivers\intelppm.sys - ok
23:32:05.0265 1436 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
23:32:05.0265 1436 C:\WINDOWS\system32\drivers\videoprt.sys - ok
23:32:05.0265 1436 [ D5537CC8CC9A86668E3903BD53CAA83C ] C:\WINDOWS\system32\drivers\ati2mtag.sys
23:32:05.0265 1436 C:\WINDOWS\system32\drivers\ati2mtag.sys - ok
23:32:05.0281 1436 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
23:32:05.0281 1436 C:\WINDOWS\system32\drivers\usbport.sys - ok
23:32:05.0296 1436 [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
23:32:05.0296 1436 C:\WINDOWS\system32\drivers\usbohci.sys - ok
23:32:05.0312 1436 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
23:32:05.0312 1436 C:\WINDOWS\system32\drivers\imapi.sys - ok
23:32:05.0312 1436 [ 6C1618A07B49E3873582B6449E744088 ] C:\WINDOWS\system32\drivers\pfc.sys
23:32:05.0312 1436 C:\WINDOWS\system32\drivers\pfc.sys - ok
23:32:05.0328 1436 [ 98625722AD52B40305E74AAA83C93086 ] C:\WINDOWS\system32\drivers\sscdbhk5.sys
23:32:05.0328 1436 C:\WINDOWS\system32\drivers\sscdbhk5.sys - ok
23:32:05.0343 1436 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
23:32:05.0343 1436 C:\WINDOWS\system32\drivers\usbehci.sys - ok
23:32:05.0359 1436 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
23:32:05.0359 1436 C:\WINDOWS\system32\drivers\cdrom.sys - ok
23:32:05.0359 1436 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
23:32:05.0359 1436 C:\WINDOWS\system32\drivers\ks.sys - ok
23:32:05.0375 1436 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
23:32:05.0375 1436 C:\WINDOWS\system32\drivers\redbook.sys - ok
23:32:05.0390 1436 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
23:32:05.0390 1436 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
23:32:05.0390 1436 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
23:32:05.0390 1436 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
23:32:05.0406 1436 [ C50FAA6FDA843FA2172AA2B9C3CD1DAB ] C:\WINDOWS\system32\drivers\qkbfiltr.sys
23:32:05.0406 1436 C:\WINDOWS\system32\drivers\qkbfiltr.sys - ok
23:32:05.0421 1436 [ 8652B9E134C3478BE948BF089DF8ED5E ] C:\WINDOWS\system32\drivers\qmofiltr.sys
23:32:05.0421 1436 C:\WINDOWS\system32\drivers\qmofiltr.sys - ok
23:32:05.0437 1436 [ EB363DDFBE8B6D51003CCAB29D93D744 ] C:\WINDOWS\system32\drivers\SynTP.sys
23:32:05.0437 1436 C:\WINDOWS\system32\drivers\SynTP.sys - ok
23:32:05.0437 1436 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
23:32:05.0437 1436 C:\WINDOWS\system32\drivers\usbd.sys - ok
23:32:05.0453 1436 [ 69645F795BBC22F05BEA8B8734E3EE82 ] C:\WINDOWS\system32\drivers\ar5211.sys
23:32:05.0453 1436 C:\WINDOWS\system32\drivers\ar5211.sys - ok
23:32:05.0468 1436 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
23:32:05.0468 1436 C:\WINDOWS\system32\drivers\mouclass.sys - ok
23:32:05.0484 1436 [ 4A0AE7891FCF74ACC848B109294CB80F ] C:\WINDOWS\system32\drivers\Rtlnicxp.sys
23:32:05.0484 1436 C:\WINDOWS\system32\drivers\Rtlnicxp.sys - ok
23:32:05.0484 1436 [ 9A3BBDE74DAB737EFA82DE7EF4B40BEA ] C:\WINDOWS\system32\drivers\camc6hal.sys
23:32:05.0484 1436 C:\WINDOWS\system32\drivers\camc6hal.sys - ok
23:32:05.0500 1436 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
23:32:05.0500 1436 C:\WINDOWS\system32\drivers\drmk.sys - ok
23:32:05.0515 1436 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
23:32:05.0515 1436 C:\WINDOWS\system32\drivers\portcls.sys - ok
23:32:05.0531 1436 [ CCE1F3C7C8E7383B90372229454999CF ] C:\WINDOWS\system32\drivers\camc6aud.sys
23:32:05.0531 1436 C:\WINDOWS\system32\drivers\camc6aud.sys - ok
23:32:05.0546 1436 [ 790ACB861176AE06D97BD7FBDDCDBBCB ] C:\WINDOWS\system32\drivers\HSFHWATI.sys
23:32:05.0546 1436 C:\WINDOWS\system32\drivers\HSFHWATI.sys - ok
23:32:05.0562 1436 [ 9A7C0D83BD340A43E10A453960607025 ] C:\WINDOWS\system32\drivers\HSF_DPV.sys
23:32:05.0562 1436 C:\WINDOWS\system32\drivers\HSF_DPV.sys - ok
23:32:05.0562 1436 [ EB5D5DD39DA6B25FFD4206892365F67C ] C:\WINDOWS\system32\drivers\HSF_CNXT.sys
23:32:05.0562 1436 C:\WINDOWS\system32\drivers\HSF_CNXT.sys - ok
23:32:05.0578 1436 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
23:32:05.0578 1436 C:\WINDOWS\system32\drivers\audstub.sys - ok
23:32:05.0593 1436 [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\cmbatt.sys
23:32:05.0593 1436 C:\WINDOWS\system32\drivers\cmbatt.sys - ok
23:32:05.0609 1436 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
23:32:05.0609 1436 C:\WINDOWS\system32\drivers\modem.sys - ok
23:32:05.0609 1436 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
23:32:05.0609 1436 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
23:32:05.0625 1436 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
23:32:05.0625 1436 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
23:32:05.0640 1436 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
23:32:05.0640 1436 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
23:32:05.0640 1436 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
23:32:05.0640 1436 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
23:32:05.0656 1436 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
23:32:05.0656 1436 C:\WINDOWS\system32\drivers\tdi.sys - ok
23:32:05.0671 1436 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
23:32:05.0671 1436 C:\WINDOWS\system32\drivers\raspptp.sys - ok
23:32:05.0687 1436 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
23:32:05.0687 1436 C:\WINDOWS\system32\drivers\msgpc.sys - ok
23:32:05.0687 1436 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
23:32:05.0687 1436 C:\WINDOWS\system32\drivers\psched.sys - ok
23:32:05.0703 1436 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
23:32:05.0703 1436 C:\WINDOWS\system32\drivers\ptilink.sys - ok
23:32:05.0718 1436 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
23:32:05.0718 1436 C:\WINDOWS\system32\drivers\raspti.sys - ok
23:32:05.0734 1436 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
23:32:05.0734 1436 C:\WINDOWS\system32\drivers\termdd.sys - ok
23:32:05.0750 1436 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
23:32:05.0750 1436 C:\WINDOWS\system32\drivers\swenum.sys - ok
23:32:05.0750 1436 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
23:32:05.0750 1436 C:\WINDOWS\system32\drivers\update.sys - ok
23:32:05.0765 1436 [ 141BEFBD4F2A84A66E2F54B9E32E40D1 ] C:\WINDOWS\system32\drivers\BoiHwSetup.sys
23:32:05.0765 1436 C:\WINDOWS\system32\drivers\BoiHwSetup.sys - ok
23:32:05.0781 1436 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
23:32:05.0781 1436 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
23:32:05.0796 1436 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
23:32:05.0796 1436 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
23:32:05.0796 1436 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
23:32:05.0796 1436 C:\WINDOWS\system32\drivers\usbhub.sys - ok
23:32:05.0812 1436 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
23:32:05.0812 1436 C:\WINDOWS\system32\drivers\fdc.sys - ok
23:32:05.0828 1436 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] C:\Program Files\Symantec AntiVirus\savrt.sys
23:32:05.0828 1436 C:\Program Files\Symantec AntiVirus\savrt.sys - ok
23:32:05.0843 1436 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
23:32:05.0843 1436 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
23:32:05.0843 1436 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
23:32:05.0843 1436 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
23:32:05.0859 1436 [ 49B20B430A4F219173F823536944474A ] C:\WINDOWS\system32\drivers\SYMEVENT.SYS
23:32:05.0859 1436 C:\WINDOWS\system32\drivers\SYMEVENT.SYS - ok
23:32:05.0875 1436 [ 97E5B6F3F95465E1F59360B59D8EC64E ] C:\Program Files\Symantec AntiVirus\Savrtpel.sys
23:32:05.0875 1436 C:\Program Files\Symantec AntiVirus\Savrtpel.sys - ok
23:32:05.0875 1436 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\NAVEX15.SYS
23:32:05.0875 1436 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\NAVEX15.SYS - ok
23:32:05.0890 1436 [ 7D7A3BC6640C1A0D1442816B30856928 ] C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\NAVENG.SYS
23:32:05.0890 1436 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130322.005\NAVENG.SYS - ok
23:32:05.0906 1436 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
23:32:05.0906 1436 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
23:32:05.0921 1436 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
23:32:05.0921 1436 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
23:32:05.0937 1436 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
23:32:05.0937 1436 C:\WINDOWS\system32\drivers\null.sys - ok
23:32:05.0937 1436 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
23:32:05.0937 1436 C:\WINDOWS\system32\drivers\beep.sys - ok
23:32:05.0953 1436 [ D79412E3942C8A257253487536D5A994 ] C:\WINDOWS\system32\drivers\ssrtln.sys
23:32:05.0953 1436 C:\WINDOWS\system32\drivers\ssrtln.sys - ok
23:32:05.0968 1436 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
23:32:05.0968 1436 C:\WINDOWS\system32\drivers\vga.sys - ok
23:32:05.0984 1436 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
23:32:05.0984 1436 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
23:32:05.0984 1436 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
23:32:05.0984 1436 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
23:32:06.0000 1436 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] C:\WINDOWS\system32\drivers\meiudf.sys
23:32:06.0000 1436 C:\WINDOWS\system32\drivers\meiudf.sys - ok
23:32:06.0015 1436 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] C:\WINDOWS\system32\drivers\udfs.sys
23:32:06.0015 1436 C:\WINDOWS\system32\drivers\udfs.sys - ok
23:32:06.0031 1436 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
23:32:06.0031 1436 C:\WINDOWS\system32\drivers\msfs.sys - ok
23:32:06.0031 1436 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
23:32:06.0031 1436 C:\WINDOWS\system32\drivers\npfs.sys - ok
23:32:06.0046 1436 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
23:32:06.0046 1436 C:\WINDOWS\system32\drivers\rasacd.sys - ok
23:32:06.0062 1436 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
23:32:06.0062 1436 C:\WINDOWS\system32\drivers\ipsec.sys - ok
23:32:06.0078 1436 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
23:32:06.0078 1436 C:\WINDOWS\system32\drivers\tcpip.sys - ok
23:32:06.0093 1436 [ CB7CC4DDBE09E224D4CD876760BA982C ] C:\WINDOWS\system32\drivers\symtdi.sys
23:32:06.0093 1436 C:\WINDOWS\system32\drivers\symtdi.sys - ok
23:32:06.0093 1436 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
23:32:06.0093 1436 C:\WINDOWS\system32\drivers\ipnat.sys - ok
23:32:06.0109 1436 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
23:32:06.0109 1436 C:\WINDOWS\system32\drivers\wanarp.sys - ok
23:32:06.0125 1436 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
23:32:06.0125 1436 C:\WINDOWS\system32\drivers\netbt.sys - ok
23:32:06.0125 1436 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
23:32:06.0125 1436 C:\WINDOWS\system32\drivers\afd.sys - ok
23:32:06.0140 1436 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
23:32:06.0140 1436 C:\WINDOWS\system32\drivers\netbios.sys - ok
23:32:06.0156 1436 [ EF9760A364D836A0CE6149EBDF71524D ] C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:32:06.0156 1436 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys - ok
23:32:06.0171 1436 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
23:32:06.0171 1436 C:\WINDOWS\system32\drivers\rdbss.sys - ok
23:32:06.0171 1436 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
23:32:06.0171 1436 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
23:32:06.0187 1436 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
23:32:06.0187 1436 C:\WINDOWS\system32\drivers\fips.sys - ok
23:32:06.0203 1436 [ 85B8B4032A895A746D46A288A9B30DED ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:32:06.0203 1436 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok
23:32:06.0218 1436 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:32:06.0218 1436 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
23:32:06.0234 1436 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
23:32:06.0234 1436 C:\WINDOWS\system32\smss.exe - ok
23:32:06.0234 1436 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
23:32:06.0234 1436 C:\WINDOWS\system32\ntdll.dll - ok
23:32:06.0250 1436 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
23:32:06.0250 1436 C:\WINDOWS\system32\autochk.exe - ok
23:32:06.0265 1436 [ 7A3EA5CA1AE2C8D94DCA120E0BEA0B02 ] C:\WINDOWS\system32\lsdelete.exe
23:32:06.0265 1436 C:\WINDOWS\system32\lsdelete.exe - ok
23:32:06.0281 1436 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
23:32:06.0281 1436 C:\WINDOWS\system32\drivers\atapi.sys - ok
23:32:06.0281 1436 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
23:32:06.0281 1436 C:\WINDOWS\system32\drivers\wmilib.sys - ok
23:32:06.0296 1436 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
23:32:06.0296 1436 C:\WINDOWS\system32\drivers\dxapi.sys - ok
23:32:06.0312 1436 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
23:32:06.0312 1436 C:\WINDOWS\system32\watchdog.sys - ok
23:32:06.0328 1436 [ 860AC2E4711D2DACF12D98A42105A611 ] C:\WINDOWS\system32\win32k.sys
23:32:06.0328 1436 C:\WINDOWS\system32\win32k.sys - ok
23:32:06.0328 1436 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
23:32:06.0328 1436 C:\WINDOWS\system32\csrss.exe - ok
23:32:06.0343 1436 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
23:32:06.0343 1436 C:\WINDOWS\system32\csrsrv.dll - ok
23:32:06.0359 1436 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:32:06.0359 1436 C:\WINDOWS\system32\basesrv.dll - ok
23:32:06.0375 1436 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
23:32:06.0375 1436 C:\WINDOWS\system32\gdi32.dll - ok
23:32:06.0375 1436 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:32:06.0375 1436 C:\WINDOWS\system32\winsrv.dll - ok
23:32:06.0390 1436 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
23:32:06.0390 1436 C:\WINDOWS\system32\kernel32.dll - ok
23:32:06.0406 1436 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
23:32:06.0406 1436 C:\WINDOWS\system32\user32.dll - ok
23:32:06.0406 1436 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
23:32:06.0406 1436 C:\WINDOWS\system32\drivers\dxg.sys - ok
23:32:06.0421 1436 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
23:32:06.0421 1436 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
23:32:06.0437 1436 [ D3F64518C311887B471E505C1FA6B537 ] C:\WINDOWS\system32\ati2dvag.dll
23:32:06.0437 1436 C:\WINDOWS\system32\ati2dvag.dll - ok
23:32:06.0453 1436 [ B9E36A602CEAE4EC901DB3F51CDD1B6A ] C:\WINDOWS\system32\ati2cqag.dll
23:32:06.0453 1436 C:\WINDOWS\system32\ati2cqag.dll - ok
23:32:06.0453 1436 [ 2D7AA72D6452B8B7BD95469B2454D501 ] C:\WINDOWS\system32\atikvmag.dll
23:32:06.0453 1436 C:\WINDOWS\system32\atikvmag.dll - ok
23:32:06.0468 1436 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
23:32:06.0468 1436 C:\WINDOWS\system32\vga.dll - ok
23:32:06.0484 1436 [ BB19A019D1D43118A15539809183035D ] C:\WINDOWS\system32\ati3duag.dll
23:32:06.0484 1436 C:\WINDOWS\system32\ati3duag.dll - ok
23:32:06.0500 1436 [ 7BC895C47D36BBBFA128798A8B1AD34C ] C:\WINDOWS\system32\ativvaxx.dll
23:32:06.0500 1436 C:\WINDOWS\system32\ativvaxx.dll - ok
23:32:06.0500 1436 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
23:32:06.0500 1436 C:\WINDOWS\system32\winlogon.exe - ok
23:32:06.0515 1436 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
23:32:06.0515 1436 C:\WINDOWS\system32\advapi32.dll - ok
23:32:06.0531 1436 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
23:32:06.0531 1436 C:\WINDOWS\system32\rpcrt4.dll - ok
23:32:06.0546 1436 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
23:32:06.0546 1436 C:\WINDOWS\system32\authz.dll - ok
23:32:06.0562 1436 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
23:32:06.0562 1436 C:\WINDOWS\system32\msvcrt.dll - ok
23:32:06.0578 1436 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
23:32:06.0578 1436 C:\WINDOWS\system32\secur32.dll - ok
C:\_OTL\MovedFiles\04172013_202948\C_Documents and Settings\All Users\Application Data\DisplaySwitch.exe a variant of Win32/Kryptik.AXMT trojan
Similar threads
- Locked
-
- Locked