Rootkit infection

View previous topic View next topic Go down

Rootkit infection

Post by soleruler on Mon Jan 02, 2012 5:31 pm

Hi keep getting BSOD and when my computer tried to run its scheduled scan on AVG free kept Doing BSOD and freezing. Seems to be doing BSOD at various intervals, but did a rootkit scan and it showed infections but said was not safe to remove. The error message files to MS are also being corrupted.

Ran OTL scan as directed by your forum and this is the contents of the OTL notepad


OTL logfile created on: 02/01/2012 17:16:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Wilsons\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.47 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 80.79% Memory free
5.30 Gb Paging File | 4.67 Gb Available in Paging File | 88.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 867.28 Gb Free Space | 93.11% Space Free | Partition Type: NTFS

Computer Name: PLAYROOM | User Name: Wilsons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 17:15:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wilsons\My Documents\Downloads\OTL.com
PRC - [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/03 11:18:32 | 000,231,296 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/08 18:15:06 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
PRC - [2010/09/30 11:47:44 | 000,093,360 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\ib\olycamdetect.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/07 11:16:28 | 000,411,192 | ---- | M] () -- C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 11:16:27 | 003,767,864 | ---- | M] () -- C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 11:14:56 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 11:14:55 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 11:14:53 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/07 07:22:33 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/08 21:57:22 | 001,929,576 | ---- | M] () -- C:\WINDOWS\system32\HPScanTRDrv_DJ3050A_J611.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/10/01 19:40:00 | 002,135,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/10/01 19:24:20 | 000,637,952 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 10:55:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2006/02/28 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [OV2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [OV2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6946EB63-FA3D-4DA3-842A-95FDE51BB338}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Wilsons\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wilsons\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/16 20:28:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/02 16:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2012/01/02 16:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/12/28 16:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2011/12/26 10:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilsons\Desktop\BSOD problems (minindump folder)
[2011/12/26 09:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OLYMPUS Camera
[2011/12/26 09:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\OLYMPUS
[2011/12/26 09:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilsons\Start Menu\Programs\OLYMPUS ib
[2011/12/26 09:58:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Wilsons\Start Menu\Programs\Administrative Tools
[2011/12/26 09:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilsons\Local Settings\Application Data\OLYMPUS
[2011/12/26 09:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OLYMPUS Digital Camera Updater
[2011/12/26 09:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/12/26 09:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OLYMPUS Viewer 2
[2011/12/26 09:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/12/26 09:49:53 | 000,095,744 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl80.dll
[2011/12/26 09:49:52 | 000,626,688 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2011/12/26 09:49:52 | 000,548,864 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2011/12/26 09:49:51 | 001,079,808 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc80u.dll
[2011/12/26 09:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\OLYMPUS
[2011/12/25 10:37:21 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2011/12/25 10:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/12/25 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2011/12/25 10:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2011/12/25 10:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilsons\Application Data\HpUpdate
[2011/12/25 10:35:41 | 000,544,616 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPMa011.dll
[2011/12/25 10:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/12/25 10:35:39 | 000,488,296 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_DJ3050A_J611.dll
[2011/12/25 10:35:36 | 000,429,928 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkstsa011.dll
[2011/12/25 10:35:36 | 000,270,696 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkstsa011LM.dll
[2011/12/25 10:35:36 | 000,216,424 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoia011.dll
[2011/12/25 10:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/12/25 10:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/12/24 13:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilsons\Local Settings\Application Data\HP
[2011/12/21 20:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilsons\My Documents\VideoPad Projects
[2011/12/21 20:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2011/12/21 20:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2011/12/21 20:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2011/12/21 20:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Video Related Programs
[2011/12/21 20:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/12/21 20:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilsons\Application Data\NCH Software
[2011/12/21 19:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilsons\Application Data\Amazon
[2011/12/21 18:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011/12/21 18:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2011/12/21 18:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilsons\Application Data\Windows Search
[2011/12/21 09:22:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/12/17 10:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wilsons\Desktop\Unused Desktop Shortcuts
[2011/12/04 13:08:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Wilsons\My Documents\My Data Sources
[2011/11/16 12:05:53 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2011/11/16 12:05:53 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/02 17:02:26 | 000,013,764 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/02 17:02:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/02 17:01:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/01/02 16:38:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003UA.job
[2012/01/02 12:38:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003Core.job
[2012/01/02 12:21:11 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\Wilsons\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/02 12:20:06 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2012/01/02 11:15:52 | 085,759,840 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/31 18:03:12 | 000,192,663 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/31 18:00:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2011/12/31 14:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/12/31 10:36:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/12/31 10:10:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/30 20:40:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/12/30 18:24:03 | 000,501,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/30 18:24:03 | 000,086,420 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/29 20:31:51 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/12/28 20:21:29 | 000,028,144 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/12/26 18:46:52 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Prism Video File Converter.lnk
[2011/12/26 10:34:06 | 000,182,149 | ---- | M] () -- C:\Documents and Settings\Wilsons\Desktop\BSOD problems (minindump folder).zip
[2011/12/26 10:21:47 | 000,001,568 | ---- | M] () -- C:\Documents and Settings\Wilsons\Desktop\ib.lnk
[2011/12/26 09:59:23 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Wilsons\Desktop\SZ-20 SZ-10 Instruction Manual.lnk
[2011/12/25 20:57:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/12/25 10:26:57 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/12/19 18:52:25 | 000,007,560 | ---- | M] () -- C:\Documents and Settings\Wilsons\.recently-used.xbel
[2011/12/19 17:31:16 | 000,000,084 | ---- | M] () -- C:\Documents and Settings\Wilsons\.gtk-bookmarks
[2011/12/17 19:39:04 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Wilsons\Desktop\Google Chrome.lnk
[2011/12/17 19:39:04 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Wilsons\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/17 11:00:37 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/15 08:26:12 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 22:50:10 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/11 12:41:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 12:20:05 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2011/12/29 20:31:50 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2011/12/28 20:21:29 | 000,028,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/12/26 18:46:52 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Prism Video File Converter.lnk
[2011/12/26 18:46:52 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Prism Video File Converter.lnk
[2011/12/26 10:34:06 | 000,182,149 | ---- | C] () -- C:\Documents and Settings\Wilsons\Desktop\BSOD problems (minindump folder).zip
[2011/12/26 10:21:47 | 000,001,568 | ---- | C] () -- C:\Documents and Settings\Wilsons\Desktop\ib.lnk
[2011/12/26 09:59:23 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Wilsons\Desktop\SZ-20 SZ-10 Instruction Manual.lnk
[2011/12/25 10:36:45 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
[2011/12/25 10:36:15 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/12/25 10:36:15 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/12/25 10:36:15 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/12/25 10:36:15 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/12/25 10:35:39 | 001,929,576 | ---- | C] () -- C:\WINDOWS\System32\HPScanTRDrv_DJ3050A_J611.dll
[2011/12/25 10:26:57 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/12/21 20:14:09 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2011/12/21 20:14:07 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk
[2011/12/21 20:13:30 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoPad Video Editor.lnk
[2011/12/19 18:52:25 | 000,007,560 | ---- | C] () -- C:\Documents and Settings\Wilsons\.recently-used.xbel
[2011/12/19 17:31:16 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Wilsons\.gtk-bookmarks
[2011/12/17 11:00:37 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/11 12:41:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/16 20:55:40 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/11/16 20:55:30 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/11/16 20:50:37 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/11/16 20:50:34 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/11/16 20:50:30 | 000,021,062 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/11/16 20:50:30 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/11/16 20:30:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/16 20:26:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/16 14:46:05 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/11/16 14:46:04 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/11/16 14:46:04 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/11/16 14:46:04 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/11/16 14:46:04 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/11/16 14:46:04 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/11/16 14:46:04 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/11/16 14:46:04 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/11/16 14:46:04 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/11/16 14:46:04 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/11/16 14:46:04 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011/11/16 14:46:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/11/16 14:46:04 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/11/16 14:46:04 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/11/16 14:46:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/11/16 14:46:04 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/11/16 14:46:04 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011/11/16 14:46:04 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011/11/16 14:46:04 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/11/16 14:43:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini
[2011/11/16 14:15:14 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Wilsons\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/16 12:23:53 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/11/16 12:23:23 | 000,029,590 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011/11/16 12:08:29 | 000,982,196 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/11/16 12:08:29 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/11/14 15:46:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/14 15:45:40 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 12:00:00 | 000,501,938 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 12:00:00 | 000,086,420 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/11/20 14:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2011/11/22 15:05:56 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/12/21 18:28:37 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2011/11/20 14:37:15 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/11/25 21:30:06 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/11/16 20:55:28 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2011/11/20 14:36:56 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/11/25 21:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/11/16 20:25:54 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/12/26 09:52:24 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2011/11/16 14:50:08 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2011/11/30 17:35:53 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2011/12/25 10:36:50 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2011/12/25 10:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/12/25 10:36:46 | 000,000,000 | ---D | M] -- C:\Program Files\HP Photo Creations
[2011/12/26 09:59:08 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/11/16 12:06:44 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/12/14 22:50:02 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/11/20 14:37:26 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/11/20 14:38:00 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/11/17 18:25:43 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/12/15 15:43:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2011/11/16 20:28:48 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/11/26 10:56:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/11/23 22:45:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/11/22 23:25:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/11/22 23:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2011/11/23 22:42:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/11/22 21:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/11/18 15:54:51 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/11/22 22:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/11/16 15:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2011/11/16 20:25:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011/12/26 09:49:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/12/26 18:46:52 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2011/11/17 18:06:27 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/12/26 09:57:14 | 000,000,000 | ---D | M] -- C:\Program Files\OLYMPUS
[2011/11/16 20:25:43 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/11/18 15:54:12 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/11/16 12:23:46 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2011/11/22 22:32:23 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/01/02 16:08:51 | 000,000,000 | ---D | M] -- C:\Program Files\Sophos
[2011/11/16 20:47:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/11/16 14:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\VIA
[2011/11/22 23:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2011/12/15 16:00:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/11/22 23:24:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/11/22 22:28:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/11/22 22:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/11/17 18:06:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/11/16 20:27:43 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2011/11/16 20:28:48 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011/11/17 17:59:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011/11/17 17:59:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/11/17 17:59:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011/11/17 17:59:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2006/02/28 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2011/11/17 17:59:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2011/11/17 17:59:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-30 18:24:59

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Wilsons\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Please help! Thanks

soleruler
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2011-12-26
Gender : Female
OS : windows xp 2002 SP3

View user profile

Back to top Go down

Re: Rootkit infection

Post by Pancake on Mon Jan 02, 2012 10:59 pm

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Double-click on MBRCheck.exe to run it.
It will open a black window...please do not fix anything (if it gives you an option).
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
Please copy and paste the contents of that log in your next reply.






[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Status :
Online
Offline

Posts : 222
Joined : 2010-03-06
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Rootkit infection

Post by soleruler on Tue Jan 03, 2012 9:15 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DEE000 Mup.sys
0xBA338000 avgrkx86.sys
0xBA4BC000 AVGIDSEH.Sys
0xBA258000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB979F000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB978B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9763000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB972C000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9708000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA5CE000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xBA268000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA548000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA278000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA288000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA298000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB96E5000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA6F6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA550000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB96CE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB96BD000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9665000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\termdd.sys


Thank you

soleruler
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2011-12-26
Gender : Female
OS : windows xp 2002 SP3

View user profile

Back to top Go down

Re: Rootkit infection

Post by Pancake on Tue Jan 03, 2012 10:19 am

Please run all these programs..


Download the [You must be registered and logged in to see this link.] and extract to your Desktop.


Execute TDSSKiller.exe by doubleclicking on it. You may be prompted to restart your machine. Type Y at the prompt.

Once complete, a log will be produced at root. It will be named

UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_27.1.2010_15.31.43_log.txt.


Attach that log here please.



====================================================





Please download Malwarebytes' Anti-Malware from one of these places:

[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.







[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Status :
Online
Offline

Posts : 222
Joined : 2010-03-06
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Rootkit infection

Post by soleruler on Tue Jan 03, 2012 11:45 am

10:51:32.0375 3656 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
10:51:32.0562 3656 ============================================================
10:51:32.0562 3656 Current date / time: 2012/01/03 10:51:32.0562
10:51:32.0562 3656 SystemInfo:
10:51:32.0562 3656
10:51:32.0562 3656 OS Version: 5.1.2600 ServicePack: 3.0
10:51:32.0562 3656 Product type: Workstation
10:51:32.0562 3656 ComputerName: PLAYROOM
10:51:32.0562 3656 UserName: Wilsons
10:51:32.0562 3656 Windows directory: C:\WINDOWS
10:51:32.0562 3656 System windows directory: C:\WINDOWS
10:51:32.0562 3656 Processor architecture: Intel x86
10:51:32.0562 3656 Number of processors: 2
10:51:32.0562 3656 Page size: 0x1000
10:51:32.0562 3656 Boot type: Normal boot
10:51:32.0562 3656 ============================================================
10:51:33.0750 3656 Initialize success
10:51:35.0437 0280 ============================================================
10:51:35.0437 0280 Scan started
10:51:35.0437 0280 Mode: Manual;
10:51:35.0437 0280 ============================================================
10:51:36.0937 0280 Abiosdsk - ok
10:51:36.0953 0280 abp480n5 - ok
10:51:37.0015 0280 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:51:37.0015 0280 ACPI - ok
10:51:37.0062 0280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:51:37.0062 0280 ACPIEC - ok
10:51:37.0062 0280 adpu160m - ok
10:51:37.0093 0280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:51:37.0093 0280 aec - ok
10:51:37.0140 0280 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:51:37.0140 0280 AegisP - ok
10:51:37.0187 0280 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:51:37.0187 0280 AFD - ok
10:51:37.0187 0280 Aha154x - ok
10:51:37.0187 0280 aic78u2 - ok
10:51:37.0203 0280 aic78xx - ok
10:51:37.0203 0280 AliIde - ok
10:51:37.0218 0280 amsint - ok
10:51:37.0234 0280 asc - ok
10:51:37.0234 0280 asc3350p - ok
10:51:37.0234 0280 asc3550 - ok
10:51:37.0265 0280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:51:37.0265 0280 AsyncMac - ok
10:51:37.0265 0280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:51:37.0265 0280 atapi - ok
10:51:37.0281 0280 Atdisk - ok
10:51:37.0296 0280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:51:37.0296 0280 Atmarpc - ok
10:51:37.0343 0280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:51:37.0343 0280 audstub - ok
10:51:37.0406 0280 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
10:51:37.0406 0280 AVGIDSDriver - ok
10:51:37.0406 0280 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
10:51:37.0406 0280 AVGIDSEH - ok
10:51:37.0421 0280 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
10:51:37.0421 0280 AVGIDSFilter - ok
10:51:37.0437 0280 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
10:51:37.0437 0280 AVGIDSShim - ok
10:51:37.0437 0280 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:51:37.0437 0280 Avgldx86 - ok
10:51:37.0453 0280 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:51:37.0453 0280 Avgmfx86 - ok
10:51:37.0453 0280 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
10:51:37.0453 0280 Avgrkx86 - ok
10:51:37.0484 0280 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
10:51:37.0484 0280 Avgtdix - ok
10:51:37.0531 0280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:51:37.0531 0280 Beep - ok
10:51:37.0578 0280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:51:37.0593 0280 cbidf2k - ok
10:51:37.0593 0280 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:51:37.0593 0280 CCDECODE - ok
10:51:37.0593 0280 cd20xrnt - ok
10:51:37.0609 0280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:51:37.0609 0280 Cdaudio - ok
10:51:37.0609 0280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:51:37.0609 0280 Cdfs - ok
10:51:37.0625 0280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:51:37.0625 0280 Cdrom - ok
10:51:37.0640 0280 Changer - ok
10:51:37.0671 0280 CmdIde - ok
10:51:37.0671 0280 Cpqarray - ok
10:51:37.0687 0280 dac2w2k - ok
10:51:37.0687 0280 dac960nt - ok
10:51:37.0703 0280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:51:37.0703 0280 Disk - ok
10:51:37.0734 0280 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:51:37.0734 0280 dmboot - ok
10:51:37.0750 0280 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:51:37.0765 0280 dmio - ok
10:51:37.0765 0280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:51:37.0765 0280 dmload - ok
10:51:37.0765 0280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:51:37.0781 0280 DMusic - ok
10:51:37.0781 0280 dpti2o - ok
10:51:37.0796 0280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:51:37.0796 0280 drmkaud - ok
10:51:37.0828 0280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:51:37.0828 0280 Fastfat - ok
10:51:37.0828 0280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:51:37.0828 0280 Fdc - ok
10:51:37.0859 0280 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:51:37.0859 0280 Fips - ok
10:51:37.0875 0280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:51:37.0875 0280 Flpydisk - ok
10:51:37.0906 0280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:51:37.0906 0280 FltMgr - ok
10:51:37.0937 0280 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
10:51:37.0937 0280 fssfltr - ok
10:51:37.0937 0280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:51:37.0937 0280 Fs_Rec - ok
10:51:37.0953 0280 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:51:37.0953 0280 Ftdisk - ok
10:51:37.0968 0280 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:51:37.0968 0280 GEARAspiWDM - ok
10:51:37.0968 0280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:51:37.0984 0280 Gpc - ok
10:51:38.0015 0280 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:51:38.0015 0280 HDAudBus - ok
10:51:38.0062 0280 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:51:38.0062 0280 hidusb - ok
10:51:38.0062 0280 hpn - ok
10:51:38.0125 0280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:51:38.0125 0280 HTTP - ok
10:51:38.0125 0280 i2omgmt - ok
10:51:38.0140 0280 i2omp - ok
10:51:38.0140 0280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
10:51:38.0140 0280 i8042prt - ok
10:51:38.0296 0280 ialm (a01bb8da8d73bca83702a4cf1cd56dce) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:51:38.0328 0280 ialm - ok
10:51:38.0343 0280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:51:38.0343 0280 Imapi - ok
10:51:38.0343 0280 ini910u - ok
10:51:38.0359 0280 IntelIde - ok
10:51:38.0406 0280 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:51:38.0406 0280 intelppm - ok
10:51:38.0421 0280 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:51:38.0421 0280 Ip6Fw - ok
10:51:38.0437 0280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:51:38.0437 0280 IpFilterDriver - ok
10:51:38.0453 0280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:51:38.0453 0280 IpInIp - ok
10:51:38.0453 0280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:51:38.0453 0280 IpNat - ok
10:51:38.0468 0280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:51:38.0468 0280 IPSec - ok
10:51:38.0484 0280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:51:38.0484 0280 IRENUM - ok
10:51:38.0484 0280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:51:38.0484 0280 isapnp - ok
10:51:38.0500 0280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:51:38.0500 0280 Kbdclass - ok
10:51:38.0500 0280 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:51:38.0500 0280 kbdhid - ok
10:51:38.0531 0280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:51:38.0546 0280 kmixer - ok
10:51:38.0546 0280 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
10:51:38.0546 0280 KMWDFILTER - ok
10:51:38.0609 0280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:51:38.0609 0280 KSecDD - ok
10:51:38.0625 0280 lbrtfdc - ok
10:51:38.0640 0280 MEMSWEEP2 - ok
10:51:38.0656 0280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:51:38.0656 0280 mnmdd - ok
10:51:38.0671 0280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:51:38.0671 0280 Modem - ok
10:51:38.0687 0280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:51:38.0687 0280 Mouclass - ok
10:51:38.0687 0280 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:51:38.0687 0280 mouhid - ok
10:51:38.0703 0280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:51:38.0703 0280 MountMgr - ok
10:51:38.0703 0280 mraid35x - ok
10:51:38.0718 0280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:51:38.0718 0280 MRxDAV - ok
10:51:38.0734 0280 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:51:38.0734 0280 MRxSmb - ok
10:51:38.0750 0280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:51:38.0750 0280 Msfs - ok
10:51:38.0765 0280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:51:38.0765 0280 MSKSSRV - ok
10:51:38.0765 0280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:51:38.0781 0280 MSPCLOCK - ok
10:51:38.0781 0280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:51:38.0781 0280 MSPQM - ok
10:51:38.0781 0280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:51:38.0796 0280 mssmbios - ok
10:51:38.0796 0280 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:51:38.0796 0280 MSTEE - ok
10:51:38.0812 0280 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
10:51:38.0812 0280 MTsensor - ok
10:51:38.0828 0280 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:51:38.0828 0280 Mup - ok
10:51:38.0843 0280 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:51:38.0843 0280 NABTSFEC - ok
10:51:38.0859 0280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:51:38.0859 0280 NDIS - ok
10:51:38.0875 0280 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:51:38.0875 0280 NdisIP - ok
10:51:38.0921 0280 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:51:38.0921 0280 NdisTapi - ok
10:51:38.0921 0280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:51:38.0921 0280 Ndisuio - ok
10:51:38.0953 0280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:51:38.0953 0280 NdisWan - ok
10:51:38.0968 0280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:51:38.0968 0280 NDProxy - ok
10:51:38.0984 0280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:51:39.0000 0280 NetBIOS - ok
10:51:39.0000 0280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:51:39.0000 0280 NetBT - ok
10:51:39.0015 0280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:51:39.0015 0280 Npfs - ok
10:51:39.0046 0280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:51:39.0062 0280 Ntfs - ok
10:51:39.0062 0280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:51:39.0062 0280 Null - ok
10:51:39.0109 0280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:51:39.0109 0280 NwlnkFlt - ok
10:51:39.0125 0280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:51:39.0125 0280 NwlnkFwd - ok
10:51:39.0140 0280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:51:39.0140 0280 Parport - ok
10:51:39.0156 0280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:51:39.0156 0280 PartMgr - ok
10:51:39.0187 0280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:51:39.0187 0280 ParVdm - ok
10:51:39.0187 0280 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:51:39.0203 0280 PCI - ok
10:51:39.0203 0280 PCIDump - ok
10:51:39.0218 0280 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:51:39.0218 0280 PCIIde - ok
10:51:39.0312 0280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:51:39.0328 0280 Pcmcia - ok
10:51:39.0437 0280 PDCOMP - ok
10:51:39.0531 0280 PDFRAME - ok
10:51:39.0625 0280 PDRELI - ok
10:51:39.0671 0280 PDRFRAME - ok
10:51:39.0765 0280 perc2 - ok
10:51:39.0859 0280 perc2hib - ok
10:51:40.0109 0280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:51:40.0109 0280 PptpMiniport - ok
10:51:40.0218 0280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:51:40.0234 0280 PSched - ok
10:51:40.0468 0280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:51:40.0468 0280 Ptilink - ok
10:51:40.0656 0280 ql1080 - ok
10:51:40.0750 0280 Ql10wnt - ok
10:51:41.0015 0280 ql12160 - ok
10:51:41.0109 0280 ql1240 - ok
10:51:41.0171 0280 ql1280 - ok
10:51:41.0312 0280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:51:41.0312 0280 RasAcd - ok
10:51:41.0437 0280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:51:41.0437 0280 Rasl2tp - ok
10:51:41.0562 0280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:51:41.0578 0280 RasPppoe - ok
10:51:41.0812 0280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:51:41.0812 0280 Raspti - ok
10:51:41.0937 0280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:51:41.0984 0280 Rdbss - ok
10:51:42.0109 0280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:51:42.0109 0280 RDPCDD - ok
10:51:42.0250 0280 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:51:42.0265 0280 rdpdr - ok
10:51:42.0390 0280 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:51:42.0406 0280 RDPWD - ok
10:51:42.0515 0280 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:51:42.0515 0280 redbook - ok
10:51:42.0750 0280 rt2870 (65a31e0eeaacc22871fe97c5ac23156c) C:\WINDOWS\system32\DRIVERS\rt2870.sys
10:51:42.0859 0280 rt2870 - ok
10:51:43.0062 0280 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:51:43.0062 0280 RTLE8023xp - ok
10:51:43.0187 0280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:51:43.0203 0280 Secdrv - ok
10:51:43.0250 0280 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:51:43.0250 0280 serenum - ok
10:51:43.0390 0280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:51:43.0390 0280 Serial - ok
10:51:43.0500 0280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:51:43.0500 0280 Sfloppy - ok
10:51:43.0562 0280 Simbad - ok
10:51:43.0718 0280 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:51:43.0718 0280 SLIP - ok
10:51:43.0765 0280 Sparrow - ok
10:51:44.0078 0280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:51:44.0078 0280 splitter - ok
10:51:44.0156 0280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:51:44.0171 0280 sr - ok
10:51:44.0343 0280 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:51:44.0375 0280 Srv - ok
10:51:44.0484 0280 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
10:51:44.0484 0280 StillCam - ok
10:51:44.0593 0280 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:51:44.0593 0280 streamip - ok
10:51:44.0703 0280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:51:44.0703 0280 swenum - ok
10:51:44.0765 0280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:51:44.0765 0280 swmidi - ok
10:51:44.0890 0280 symc810 - ok
10:51:45.0046 0280 symc8xx - ok
10:51:45.0156 0280 sym_hi - ok
10:51:45.0234 0280 sym_u3 - ok
10:51:45.0265 0280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:51:45.0265 0280 sysaudio - ok
10:51:45.0375 0280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:51:45.0437 0280 Tcpip - ok
10:51:45.0593 0280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:51:45.0593 0280 TDPIPE - ok
10:51:45.0718 0280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:51:45.0718 0280 TDTCP - ok
10:51:45.0828 0280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:51:45.0828 0280 TermDD - ok
10:51:45.0906 0280 TosIde - ok
10:51:46.0046 0280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:51:46.0078 0280 Udfs - ok
10:51:46.0203 0280 ultra - ok
10:51:46.0406 0280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:51:46.0468 0280 Update - ok
10:51:46.0546 0280 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:51:46.0546 0280 USBAAPL - ok
10:51:46.0890 0280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:51:46.0890 0280 usbccgp - ok
10:51:47.0000 0280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:51:47.0000 0280 usbehci - ok
10:51:47.0140 0280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:51:47.0140 0280 usbhub - ok
10:51:47.0265 0280 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:51:47.0265 0280 usbprint - ok
10:51:47.0359 0280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:51:47.0359 0280 usbscan - ok
10:51:47.0500 0280 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:51:47.0500 0280 USBSTOR - ok
10:51:47.0640 0280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:51:47.0640 0280 usbuhci - ok
10:51:47.0734 0280 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:51:47.0765 0280 usbvideo - ok
10:51:47.0875 0280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:51:47.0875 0280 VgaSave - ok
10:51:48.0312 0280 VIAHdAudAddService (033b4d6691770d35b91624270f1cd390) C:\WINDOWS\system32\drivers\viahduaa.sys
10:51:48.0312 0280 VIAHdAudAddService - ok
10:51:48.0375 0280 ViaIde - ok
10:51:48.0500 0280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:51:48.0500 0280 VolSnap - ok
10:51:48.0671 0280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:51:48.0687 0280 Wanarp - ok
10:51:48.0718 0280 WDICA - ok
10:51:48.0875 0280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:51:48.0890 0280 wdmaud - ok
10:51:48.0968 0280 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:51:48.0968 0280 WSTCODEC - ok
10:51:49.0109 0280 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:51:49.0125 0280 WudfPf - ok
10:51:49.0250 0280 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:51:49.0250 0280 WudfRd - ok
10:51:49.0281 0280 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:51:52.0125 0280 \Device\Harddisk0\DR0 - ok
10:51:52.0156 0280 Boot (0x1200) (6ae8cd33fa0a8b7c4d7a0b88e8e5b7f0) \Device\Harddisk0\DR0\Partition0
10:51:52.0171 0280 \Device\Harddisk0\DR0\Partition0 - ok
10:51:52.0171 0280 ============================================================
10:51:52.0171 0280 Scan finished
10:51:52.0171 0280 ============================================================
10:51:52.0171 1380 Detected object count: 0
10:51:52.0171 1380 Actual detected object count: 0
10:52:27.0656 3064 ============================================================
10:52:27.0656 3064 Scan started
10:52:27.0656 3064 Mode: Manual; SigCheck; TDLFS;
10:52:27.0656 3064 ============================================================
10:52:28.0281 3064 Abiosdsk - ok
10:52:28.0296 3064 abp480n5 - ok
10:52:28.0343 3064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:52:29.0468 3064 ACPI - ok
10:52:29.0515 3064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:52:29.0593 3064 ACPIEC - ok
10:52:29.0593 3064 adpu160m - ok
10:52:29.0640 3064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:52:29.0687 3064 aec - ok
10:52:29.0734 3064 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:52:29.0750 3064 AegisP ( UnsignedFile.Multi.Generic ) - warning
10:52:29.0750 3064 AegisP - detected UnsignedFile.Multi.Generic (1)
10:52:29.0796 3064 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:52:29.0812 3064 AFD - ok
10:52:29.0828 3064 Aha154x - ok
10:52:29.0828 3064 aic78u2 - ok
10:52:29.0843 3064 aic78xx - ok
10:52:29.0843 3064 AliIde - ok
10:52:29.0859 3064 amsint - ok
10:52:29.0859 3064 asc - ok
10:52:29.0875 3064 asc3350p - ok
10:52:29.0875 3064 asc3550 - ok
10:52:29.0921 3064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:52:29.0953 3064 AsyncMac - ok
10:52:29.0968 3064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:52:30.0046 3064 atapi - ok
10:52:30.0046 3064 Atdisk - ok
10:52:30.0062 3064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:52:30.0125 3064 Atmarpc - ok
10:52:30.0171 3064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:52:30.0218 3064 audstub - ok
10:52:30.0281 3064 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
10:52:30.0312 3064 AVGIDSDriver - ok
10:52:30.0312 3064 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
10:52:30.0328 3064 AVGIDSEH - ok
10:52:30.0328 3064 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
10:52:30.0328 3064 AVGIDSFilter - ok
10:52:30.0343 3064 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
10:52:30.0359 3064 AVGIDSShim - ok
10:52:30.0359 3064 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:52:30.0375 3064 Avgldx86 - ok
10:52:30.0375 3064 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:52:30.0390 3064 Avgmfx86 - ok
10:52:30.0390 3064 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
10:52:30.0406 3064 Avgrkx86 - ok
10:52:30.0437 3064 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
10:52:30.0437 3064 Avgtdix - ok
10:52:30.0484 3064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:52:30.0546 3064 Beep - ok
10:52:30.0593 3064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:52:30.0656 3064 cbidf2k - ok
10:52:30.0671 3064 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:52:30.0734 3064 CCDECODE - ok
10:52:30.0734 3064 cd20xrnt - ok
10:52:30.0734 3064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:52:30.0796 3064 Cdaudio - ok
10:52:30.0812 3064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:52:30.0875 3064 Cdfs - ok
10:52:30.0890 3064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:52:30.0953 3064 Cdrom - ok
10:52:30.0953 3064 Changer - ok
10:52:30.0968 3064 CmdIde - ok
10:52:30.0984 3064 Cpqarray - ok
10:52:30.0984 3064 dac2w2k - ok
10:52:30.0984 3064 dac960nt - ok
10:52:30.0984 3064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:52:31.0078 3064 Disk - ok
10:52:31.0109 3064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:52:31.0218 3064 dmboot - ok
10:52:31.0234 3064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:52:31.0296 3064 dmio - ok
10:52:31.0296 3064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:52:31.0359 3064 dmload - ok
10:52:31.0359 3064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:52:31.0421 3064 DMusic - ok
10:52:31.0437 3064 dpti2o - ok
10:52:31.0437 3064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:52:31.0515 3064 drmkaud - ok
10:52:31.0546 3064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:52:31.0640 3064 Fastfat - ok
10:52:31.0640 3064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:52:31.0703 3064 Fdc - ok
10:52:31.0703 3064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:52:31.0781 3064 Fips - ok
10:52:31.0796 3064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:52:31.0859 3064 Flpydisk - ok
10:52:31.0906 3064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:52:31.0968 3064 FltMgr - ok
10:52:31.0984 3064 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
10:52:32.0000 3064 fssfltr - ok
10:52:32.0000 3064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:52:32.0046 3064 Fs_Rec - ok
10:52:32.0062 3064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:52:32.0156 3064 Ftdisk - ok
10:52:32.0187 3064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:52:32.0187 3064 GEARAspiWDM - ok
10:52:32.0203 3064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:52:32.0265 3064 Gpc - ok
10:52:32.0281 3064 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:52:32.0343 3064 HDAudBus - ok
10:52:32.0390 3064 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:52:32.0453 3064 hidusb - ok
10:52:32.0453 3064 hpn - ok
10:52:32.0500 3064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:52:32.0515 3064 HTTP - ok
10:52:32.0546 3064 i2omgmt - ok
10:52:32.0562 3064 i2omp - ok
10:52:32.0562 3064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
10:52:32.0625 3064 i8042prt - ok
10:52:32.0765 3064 ialm (a01bb8da8d73bca83702a4cf1cd56dce) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:52:32.0937 3064 ialm - ok
10:52:32.0953 3064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:52:33.0015 3064 Imapi - ok
10:52:33.0031 3064 ini910u - ok
10:52:33.0031 3064 IntelIde - ok
10:52:33.0062 3064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:52:33.0125 3064 intelppm - ok
10:52:33.0156 3064 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:52:33.0484 3064 Ip6Fw - ok
10:52:33.0500 3064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:52:33.0578 3064 IpFilterDriver - ok
10:52:33.0578 3064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:52:33.0640 3064 IpInIp - ok
10:52:33.0656 3064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:52:33.0703 3064 IpNat - ok
10:52:33.0718 3064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:52:33.0781 3064 IPSec - ok
10:52:33.0796 3064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:52:33.0875 3064 IRENUM - ok
10:52:33.0875 3064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:52:33.0937 3064 isapnp - ok
10:52:33.0953 3064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:52:34.0015 3064 Kbdclass - ok
10:52:34.0015 3064 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:52:34.0078 3064 kbdhid - ok
10:52:34.0093 3064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:52:34.0156 3064 kmixer - ok
10:52:34.0156 3064 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
10:52:34.0187 3064 KMWDFILTER - ok
10:52:34.0250 3064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:52:34.0265 3064 KSecDD - ok
10:52:34.0281 3064 lbrtfdc - ok
10:52:34.0281 3064 MEMSWEEP2 - ok
10:52:34.0312 3064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:52:34.0359 3064 mnmdd - ok
10:52:34.0390 3064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:52:34.0437 3064 Modem - ok
10:52:34.0453 3064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:52:34.0515 3064 Mouclass - ok
10:52:34.0515 3064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:52:34.0593 3064 mouhid - ok
10:52:34.0593 3064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:52:34.0671 3064 MountMgr - ok
10:52:34.0687 3064 mraid35x - ok
10:52:34.0687 3064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:52:34.0750 3064 MRxDAV - ok
10:52:34.0796 3064 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:52:34.0828 3064 MRxSmb - ok
10:52:34.0843 3064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:52:34.0890 3064 Msfs - ok
10:52:34.0921 3064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:52:35.0000 3064 MSKSSRV - ok
10:52:35.0015 3064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:52:35.0078 3064 MSPCLOCK - ok
10:52:35.0093 3064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:52:35.0140 3064 MSPQM - ok
10:52:35.0171 3064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:52:35.0218 3064 mssmbios - ok
10:52:35.0234 3064 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:52:35.0312 3064 MSTEE - ok
10:52:35.0328 3064 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
10:52:35.0359 3064 MTsensor - ok
10:52:35.0390 3064 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:52:35.0406 3064 Mup - ok
10:52:35.0421 3064 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:52:35.0484 3064 NABTSFEC - ok
10:52:35.0484 3064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:52:35.0546 3064 NDIS - ok
10:52:35.0562 3064 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:52:35.0625 3064 NdisIP - ok
10:52:35.0656 3064 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:52:35.0671 3064 NdisTapi - ok
10:52:35.0687 3064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:52:35.0765 3064 Ndisuio - ok
10:52:35.0765 3064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:52:35.0828 3064 NdisWan - ok
10:52:35.0859 3064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:52:35.0890 3064 NDProxy - ok
10:52:35.0890 3064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:52:35.0968 3064 NetBIOS - ok
10:52:35.0984 3064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:52:36.0046 3064 NetBT - ok
10:52:36.0062 3064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:52:36.0109 3064 Npfs - ok
10:52:36.0140 3064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:52:36.0203 3064 Ntfs - ok
10:52:36.0234 3064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:52:36.0281 3064 Null - ok
10:52:36.0343 3064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:52:36.0406 3064 NwlnkFlt - ok
10:52:36.0421 3064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:52:36.0484 3064 NwlnkFwd - ok
10:52:36.0500 3064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:52:36.0578 3064 Parport - ok
10:52:36.0640 3064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:52:36.0718 3064 PartMgr - ok
10:52:36.0750 3064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:52:36.0828 3064 ParVdm - ok
10:52:36.0828 3064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:52:36.0890 3064 PCI - ok
10:52:36.0890 3064 PCIDump - ok
10:52:36.0906 3064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:52:36.0968 3064 PCIIde - ok
10:52:36.0984 3064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:52:37.0046 3064 Pcmcia - ok
10:52:37.0046 3064 PDCOMP - ok
10:52:37.0062 3064 PDFRAME - ok
10:52:37.0062 3064 PDRELI - ok
10:52:37.0078 3064 PDRFRAME - ok
10:52:37.0078 3064 perc2 - ok
10:52:37.0093 3064 perc2hib - ok
10:52:37.0109 3064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:52:37.0156 3064 PptpMiniport - ok
10:52:37.0171 3064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:52:37.0250 3064 PSched - ok
10:52:37.0250 3064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:52:37.0312 3064 Ptilink - ok
10:52:37.0312 3064 ql1080 - ok
10:52:37.0312 3064 Ql10wnt - ok
10:52:37.0312 3064 ql12160 - ok
10:52:37.0328 3064 ql1240 - ok
10:52:37.0328 3064 ql1280 - ok
10:52:37.0343 3064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:52:37.0421 3064 RasAcd - ok
10:52:37.0421 3064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:52:37.0500 3064 Rasl2tp - ok
10:52:37.0500 3064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:52:37.0562 3064 RasPppoe - ok
10:52:37.0578 3064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:52:37.0640 3064 Raspti - ok
10:52:37.0640 3064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:52:37.0703 3064 Rdbss - ok
10:52:37.0718 3064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:52:37.0765 3064 RDPCDD - ok
10:52:37.0781 3064 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:52:37.0843 3064 rdpdr - ok
10:52:37.0859 3064 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:52:37.0890 3064 RDPWD - ok
10:52:37.0906 3064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:52:37.0968 3064 redbook - ok
10:52:38.0000 3064 rt2870 (65a31e0eeaacc22871fe97c5ac23156c) C:\WINDOWS\system32\DRIVERS\rt2870.sys
10:52:38.0046 3064 rt2870 - ok
10:52:38.0093 3064 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:52:38.0093 3064 RTLE8023xp - ok
10:52:38.0140 3064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:52:38.0187 3064 Secdrv - ok
10:52:38.0203 3064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:52:38.0250 3064 serenum - ok
10:52:38.0265 3064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:52:38.0328 3064 Serial - ok
10:52:38.0343 3064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:52:38.0390 3064 Sfloppy - ok
10:52:38.0406 3064 Simbad - ok
10:52:38.0421 3064 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:52:38.0500 3064 SLIP - ok
10:52:38.0515 3064 Sparrow - ok
10:52:38.0546 3064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:52:38.0609 3064 splitter - ok
10:52:38.0625 3064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:52:38.0687 3064 sr - ok
10:52:38.0718 3064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:52:38.0734 3064 Srv - ok
10:52:38.0765 3064 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
10:52:38.0828 3064 StillCam - ok
10:52:38.0843 3064 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:52:38.0906 3064 streamip - ok
10:52:38.0906 3064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:52:38.0968 3064 swenum - ok
10:52:38.0984 3064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:52:39.0046 3064 swmidi - ok
10:52:39.0062 3064 symc810 - ok
10:52:39.0062 3064 symc8xx - ok
10:52:39.0078 3064 sym_hi - ok
10:52:39.0078 3064 sym_u3 - ok
10:52:39.0093 3064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:52:39.0156 3064 sysaudio - ok
10:52:39.0203 3064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:52:39.0218 3064 Tcpip - ok
10:52:39.0250 3064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:52:39.0328 3064 TDPIPE - ok
10:52:39.0343 3064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:52:39.0406 3064 TDTCP - ok
10:52:39.0421 3064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:52:39.0500 3064 TermDD - ok
10:52:39.0515 3064 TosIde - ok
10:52:39.0546 3064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:52:39.0593 3064 Udfs - ok
10:52:39.0609 3064 ultra - ok
10:52:39.0625 3064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:52:39.0703 3064 Update - ok
10:52:39.0734 3064 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:52:39.0750 3064 USBAAPL - ok
10:52:39.0765 3064 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:52:39.0828 3064 usbccgp - ok
10:52:39.0843 3064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:52:39.0890 3064 usbehci - ok
10:52:39.0921 3064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:52:39.0968 3064 usbhub - ok
10:52:39.0984 3064 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:52:40.0046 3064 usbprint - ok
10:52:40.0046 3064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:52:40.0125 3064 usbscan - ok
10:52:40.0140 3064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:52:40.0203 3064 USBSTOR - ok
10:52:40.0218 3064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:52:40.0281 3064 usbuhci - ok
10:52:40.0281 3064 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:52:40.0343 3064 usbvideo - ok
10:52:40.0343 3064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:52:40.0406 3064 VgaSave - ok
10:52:40.0484 3064 VIAHdAudAddService (033b4d6691770d35b91624270f1cd390) C:\WINDOWS\system32\drivers\viahduaa.sys
10:52:40.0515 3064 VIAHdAudAddService - ok
10:52:40.0515 3064 ViaIde - ok
10:52:40.0562 3064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:52:40.0625 3064 VolSnap - ok
10:52:40.0640 3064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:52:40.0703 3064 Wanarp - ok
10:52:40.0703 3064 WDICA - ok
10:52:40.0718 3064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:52:40.0765 3064 wdmaud - ok
10:52:40.0828 3064 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:52:40.0890 3064 WSTCODEC - ok
10:52:40.0921 3064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:52:40.0968 3064 WudfPf - ok
10:52:40.0984 3064 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:52:40.0984 3064 WudfRd - ok
10:52:41.0015 3064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:52:41.0171 3064 \Device\Harddisk0\DR0 - ok
10:52:41.0171 3064 Boot (0x1200) (6ae8cd33fa0a8b7c4d7a0b88e8e5b7f0) \Device\Harddisk0\DR0\Partition0
10:52:41.0171 3064 \Device\Harddisk0\DR0\Partition0 - ok
10:52:41.0187 3064 ============================================================
10:52:41.0187 3064 Scan finished
10:52:41.0187 3064 ============================================================
10:52:41.0296 1892 Detected object count: 1
10:52:41.0296 1892 Actual detected object count: 1
10:52:47.0203 1892 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
10:52:47.0203 1892 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

______________________________________________________________________________________________________________________________________________________________________

Malwarebytes Anti-Malware 1.60.0.1800
[You must be registered and logged in to see this link.]

Database version: v2012.01.03.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Wilsons :: PLAYROOM [administrator]

03/01/2012 11:52:46
mbam-log-2012-01-03 (11-52-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 167402
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






soleruler
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2011-12-26
Gender : Female
OS : windows xp 2002 SP3

View user profile

Back to top Go down

Re: Rootkit infection

Post by Pancake on Tue Jan 03, 2012 9:50 pm

Please download OTL from one of the links below:
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Save it to your desktop.
Double click on the icon on your desktop.

Under the Custom Scans/Fixes box at the bottom, paste in the following :

:files
C:\WINDOWS\system32\drivers\aegisp.sys|C:\WINDOWS\system32\dllcache\aegisp.sys /replace

Then click the Run Fix button at the top

Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.







[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Status :
Online
Offline

Posts : 222
Joined : 2010-03-06
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Rootkit infection

Post by soleruler on Wed Jan 04, 2012 3:34 pm

========== FILES ==========
File C:\WINDOWS\system32\dllcache\aegisp.sys not found.

OTL by OldTimer - Version 3.2.31.0 log created on 01042012_090411

soleruler
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2011-12-26
Gender : Female
OS : windows xp 2002 SP3

View user profile

Back to top Go down

Re: Rootkit infection

Post by Pancake on Wed Jan 04, 2012 8:32 pm

Are you still getting alerts about the rootkit.It looks all fine.






[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Status :
Online
Offline

Posts : 222
Joined : 2010-03-06
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Rootkit infection

Post by soleruler on Thu Jan 05, 2012 9:46 am

Hello Pancake

If I run the AVG anti rootkit scan I get i problem logged:

Object name:
Detection name: Corrupted section Ntfs.sys[PAGE]+0x5E614, size 1 byte
Object type: file
SDK type: Rootkit
Result: object is hidden
Action history: (this is blank)


I cannot complete a whole computer scan as it always gives me the BSOD about hapf way through eror message:
STOP: 0x0000000A (0x00780070, 0x00000002, 0x00000001, 0x806E7A16)

Thanks

soleruler
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2011-12-26
Gender : Female
OS : windows xp 2002 SP3

View user profile

Back to top Go down

Re: Rootkit infection

Post by Pancake on Thu Jan 05, 2012 10:02 am

,

Download Combofix from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : [You must be registered and logged in to see this link.]

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper












[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Status :
Online
Offline

Posts : 222
Joined : 2010-03-06
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Rootkit infection

Post by soleruler on Thu Jan 05, 2012 10:29 am

Ok I have no idea what has happened but when I first clicked on the reply it said something about a master boot repair and to put ib the XPdisc

I then logged on to repky as the repair process was not as indicated in the post I was reading and although I had clicked to repar in the reply, it is just reinstalling windows XP.

So now it is halfway through the process and I find the post on Combofix instead? Now am not sure what to do and computer needs another 36 mins to finish installing Windows. Please tell me I will not lost everything on my computer now! Also once installed do I still run Combi fix

soleruler
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2011-12-26
Gender : Female
OS : windows xp 2002 SP3

View user profile

Back to top Go down

Re: Rootkit infection

Post by soleruler on Thu Jan 05, 2012 6:48 pm

Right - I have completed (accidentally) a total re-installation and then I also re-installed AVG as it was coming up with wierd messages.

The computer has allowed me to do a full computer scan for the first time in a week without a BSOD and both that and the anti-rootkit came up clear.

So now all I need to do is wait and see if the computer continues to BSOD as it has been doing this on a more-than daily basis or if the BSOD's stop.

Thank you for your efforts in trying to help me with this.

soleruler
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2011-12-26
Gender : Female
OS : windows xp 2002 SP3

View user profile

Back to top Go down

Re: Rootkit infection

Post by Pancake on Thu Jan 05, 2012 9:07 pm

Ok.Lets run Combofix just to make sure all is well.






[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Status :
Online
Offline

Posts : 222
Joined : 2010-03-06
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Rootkit infection

Post by soleruler on Thu Jan 05, 2012 9:24 pm

This is the log report from combofix:


ComboFix 12-01-05.02 - Wilsons 05/01/2012 21:18:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3549.2790 [GMT 0:00]
Running from: c:\documents and settings\Wilsons\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
c:\windows\system32\SET882.tmp
c:\windows\system32\SET886.tmp
c:\windows\system32\SET88E.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 17:33 . 2012-01-05 17:33 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG2012
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\AVG Secure Search
2012-01-05 17:25 . 2012-01-05 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-05 17:25 . 2012-01-05 17:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-05 15:15 . 2006-02-28 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-01-05 15:14 . 2006-02-28 12:00 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-01-05 14:52 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8D.tmp
2012-01-05 14:52 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET52.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET46.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET43.tmp
2012-01-05 10:50 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-01-05 10:50 . 2006-02-28 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-01-05 10:27 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8C.tmp
2012-01-05 10:27 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET51.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET45.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET42.tmp
2012-01-05 10:19 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET120.tmp
2012-01-05 10:19 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SETE5.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SETD9.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SETD6.tmp
2012-01-04 08:46 . 2012-01-04 08:46 -------- d-----w- C:\_OTL
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Malwarebytes
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-03 11:52 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 16:08 . 2012-01-02 16:08 -------- d-----w- c:\program files\Sophos
2011-12-28 16:26 . 2011-12-28 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2011-12-26 09:58 . 2011-12-26 09:58 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\OLYMPUS
2011-12-26 09:52 . 2011-12-26 09:52 -------- d-----w- c:\program files\DIFX
2011-12-26 09:52 . 2009-09-10 15:58 29328 ----a-w- c:\windows\system32\OlyClsInstCC.dll
2011-12-26 09:52 . 2009-09-10 15:58 21648 ----a-w- c:\windows\system32\drivers\OlyCamComm.sys
2011-12-26 09:49 . 2011-12-26 09:49 -------- d-----w- c:\program files\MSXML 4.0
2011-12-26 09:49 . 2005-09-22 22:07 95744 ----a-r- c:\windows\system32\atl80.dll
2011-12-26 09:49 . 2005-09-22 22:05 626688 ----a-r- c:\windows\system32\msvcr80.dll
2011-12-26 09:49 . 2005-09-22 22:05 548864 ----a-r- c:\windows\system32\msvcp80.dll
2011-12-26 09:49 . 2005-09-23 00:16 1079808 ----a-r- c:\windows\system32\mfc80u.dll
2011-12-26 09:49 . 2011-12-26 09:57 -------- d-----w- c:\program files\OLYMPUS
2011-12-25 10:37 . 2001-08-17 13:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\Hewlett-Packard
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP Photo Creations
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-12-25 10:36 . 2012-01-02 19:15 -------- d-----w- c:\documents and settings\Wilsons\Application Data\HpUpdate
2011-12-25 10:35 . 2011-06-08 18:06 544616 ----a-w- c:\windows\system32\HPDiscoPMa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 488296 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 429928 ----a-w- c:\windows\system32\hpinkstsa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 270696 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2011-12-25 10:35 . 2011-06-08 21:57 216424 ----a-w- c:\windows\system32\hpinkcoia011.dll
2011-12-25 10:33 . 2011-12-25 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-25 10:32 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP
2011-12-24 13:33 . 2011-12-24 13:33 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\HP
2011-12-21 20:14 . 2011-12-26 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\program files\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\documents and settings\Wilsons\Application Data\NCH Software
2011-12-21 19:49 . 2011-12-21 19:49 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Amazon
2011-12-21 18:28 . 2011-12-21 18:28 -------- d-----w- c:\program files\Amazon
2011-12-21 18:25 . 2011-12-21 18:25 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 20:55 . 2011-11-16 20:55 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-11-16 20:55 . 2011-11-16 20:55 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-16 14:55 . 2011-11-16 14:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-05 17:26 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-05 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2011-08-03 231296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-12-17 40995440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2011-08-03 55168]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-05 892768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2011-11-16 1077248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Wilsons\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 06:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 01:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [05/01/2012 17:26 869216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [16/11/2011 12:05 2135280]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\81.tmp --> c:\windows\system32\81.tmp [?]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [26/12/2011 09:52 21648]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSAGENT
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGWD
*NewlyCreated* - VTOOLBARUPDATER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-05 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08 18:06]
.
2012-01-05 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08 18:06]
.
2012-01-05 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08 18:06]
.
2012-01-05 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08 18:06]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003Core.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003UA.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-01-03 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-12-26 18:46]
.
2012-01-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2011-11-25 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2011-12-29 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-12-21 20:13]
.
2011-12-25 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-12-21 20:14]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-05 21:20
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\81.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-01-05 21:21:53
ComboFix-quarantined-files.txt 2012-01-05 21:21
.
Pre-Run: 940,631,044,096 bytes free
Post-Run: 941,262,258,176 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6A4F0D69972F85B7A029AF30BCE98194


Cheers

soleruler
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2011-12-26
Gender : Female
OS : windows xp 2002 SP3

View user profile

Back to top Go down

Re: Rootkit infection

Post by Pancake on Thu Jan 05, 2012 9:52 pm


========================================

WARNING these fixes are designed for this user only and may cause damage if run on any other machine.




Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the the text in the quotebox below into it:





File::
c:\windows\*.tmp
Folder::
Registry::
Rootkit::
DDS::
RESTORE::
RegNull::
ATJob::
FireFox::
MBR::
TDL::
Netsvcs::


Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*








[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Status :
Online
Offline

Posts : 222
Joined : 2010-03-06
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Rootkit infection

Post by soleruler on Thu Jan 05, 2012 10:15 pm

Hi Pancake, here it is:


ComboFix 12-01-05.02 - Wilsons 05/01/2012 22:06:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3549.3079 [GMT 0:00]
Running from: c:\documents and settings\Wilsons\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wilsons\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 17:33 . 2012-01-05 17:33 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG2012
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\AVG Secure Search
2012-01-05 17:25 . 2012-01-05 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-05 17:25 . 2012-01-05 17:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-05 15:15 . 2006-02-28 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-01-05 15:14 . 2006-02-28 12:00 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-01-05 14:52 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8D.tmp
2012-01-05 14:52 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET52.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET46.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET43.tmp
2012-01-05 10:50 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-01-05 10:50 . 2006-02-28 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-01-05 10:27 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8C.tmp
2012-01-05 10:27 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET51.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET45.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET42.tmp
2012-01-05 10:19 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET120.tmp
2012-01-05 10:19 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SETE5.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SETD9.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SETD6.tmp
2012-01-04 08:46 . 2012-01-04 08:46 -------- d-----w- C:\_OTL
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Malwarebytes
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-03 11:52 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 16:08 . 2012-01-02 16:08 -------- d-----w- c:\program files\Sophos
2011-12-28 16:26 . 2011-12-28 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2011-12-26 09:58 . 2011-12-26 09:58 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\OLYMPUS
2011-12-26 09:52 . 2011-12-26 09:52 -------- d-----w- c:\program files\DIFX
2011-12-26 09:52 . 2009-09-10 15:58 29328 ----a-w- c:\windows\system32\OlyClsInstCC.dll
2011-12-26 09:52 . 2009-09-10 15:58 21648 ----a-w- c:\windows\system32\drivers\OlyCamComm.sys
2011-12-26 09:49 . 2011-12-26 09:49 -------- d-----w- c:\program files\MSXML 4.0
2011-12-26 09:49 . 2005-09-22 22:07 95744 ----a-r- c:\windows\system32\atl80.dll
2011-12-26 09:49 . 2005-09-22 22:05 626688 ----a-r- c:\windows\system32\msvcr80.dll
2011-12-26 09:49 . 2005-09-22 22:05 548864 ----a-r- c:\windows\system32\msvcp80.dll
2011-12-26 09:49 . 2005-09-23 00:16 1079808 ----a-r- c:\windows\system32\mfc80u.dll
2011-12-26 09:49 . 2011-12-26 09:57 -------- d-----w- c:\program files\OLYMPUS
2011-12-25 10:37 . 2001-08-17 13:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\Hewlett-Packard
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP Photo Creations
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-12-25 10:36 . 2012-01-02 19:15 -------- d-----w- c:\documents and settings\Wilsons\Application Data\HpUpdate
2011-12-25 10:35 . 2011-06-08 18:06 544616 ----a-w- c:\windows\system32\HPDiscoPMa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 488296 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 429928 ----a-w- c:\windows\system32\hpinkstsa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 270696 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2011-12-25 10:35 . 2011-06-08 21:57 216424 ----a-w- c:\windows\system32\hpinkcoia011.dll
2011-12-25 10:33 . 2011-12-25 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-25 10:32 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP
2011-12-24 13:33 . 2011-12-24 13:33 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\HP
2011-12-21 20:14 . 2011-12-26 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\program files\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\documents and settings\Wilsons\Application Data\NCH Software
2011-12-21 19:49 . 2011-12-21 19:49 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Amazon
2011-12-21 18:28 . 2011-12-21 18:28 -------- d-----w- c:\program files\Amazon
2011-12-21 18:25 . 2011-12-21 18:25 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 20:55 . 2011-11-16 20:55 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-11-16 20:55 . 2011-11-16 20:55 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-16 14:55 . 2011-11-16 14:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-05 17:26 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-05 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2011-08-03 231296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-12-17 40995440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2011-08-03 55168]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-05 892768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2011-11-16 1077248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Wilsons\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 06:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 01:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [05/01/2012 17:26 869216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [16/11/2011 12:05 2135280]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\81.tmp --> c:\windows\system32\81.tmp [?]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [26/12/2011 09:52 21648]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003Core.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003UA.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-01-03 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-12-26 18:46]
.
2012-01-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2011-11-25 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2011-12-29 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-12-21 20:13]
.
2011-12-25 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-12-21 20:14]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-05 22:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\81.tmp"
.
Completion time: 2012-01-05 22:12:29
ComboFix-quarantined-files.txt 2012-01-05 22:12
ComboFix2.txt 2012-01-05 21:21
.
Pre-Run: 941,177,196,544 bytes free
Post-Run: 941,163,724,800 bytes free
.
- - End Of File - - AEB7147C6787BC1E175C666889472A3C

Thanks

soleruler
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2011-12-26
Gender : Female
OS : windows xp 2002 SP3

View user profile

Back to top Go down

Re: Rootkit infection

Post by Pancake on Fri Jan 06, 2012 12:13 am

Ok.Just this to do and we should be done..




========================================

WARNING these fixes are designed for this user only and may cause damage if run on any other machine.




Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the the text in the quotebox below into it:





File::
c:\windows\*.tmp




Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*








[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Status :
Online
Offline

Posts : 222
Joined : 2010-03-06
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Rootkit infection

Post by soleruler on Fri Jan 06, 2012 9:20 am

Ok here it is:


ComboFix 12-01-05.04 - Wilsons 06/01/2012 9:05.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3549.2825 [GMT 0:00]
Running from: c:\documents and settings\Wilsons\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wilsons\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2012-01-06 08:59 . 2012-01-06 09:00 -------- d-----w- c:\windows\LastGood
2012-01-05 22:24 . 2004-08-03 23:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2012-01-05 22:24 . 2004-08-03 23:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2012-01-05 22:24 . 2008-11-07 18:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-01-05 22:22 . 2012-01-05 22:23 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\Nokia
2012-01-05 22:22 . 2012-01-05 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2012-01-05 22:22 . 2012-01-05 22:29 -------- d-----w- c:\documents and settings\Wilsons\Application Data\PC Suite
2012-01-05 22:22 . 2012-01-05 22:22 -------- d-----w- c:\program files\Common Files\Nokia
2012-01-05 22:22 . 2012-01-05 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2012-01-05 17:33 . 2012-01-05 17:33 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG2012
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\AVG Secure Search
2012-01-05 17:25 . 2012-01-05 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-05 17:25 . 2012-01-05 17:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-05 15:15 . 2006-02-28 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-01-05 15:14 . 2006-02-28 12:00 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-01-05 14:52 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8D.tmp
2012-01-05 14:52 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET52.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET46.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET43.tmp
2012-01-05 10:50 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-01-05 10:50 . 2006-02-28 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-01-05 10:27 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8C.tmp
2012-01-05 10:27 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET51.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET45.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET42.tmp
2012-01-05 10:19 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET120.tmp
2012-01-05 10:19 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SETE5.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SETD9.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SETD6.tmp
2012-01-04 08:46 . 2012-01-04 08:46 -------- d-----w- C:\_OTL
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Malwarebytes
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-03 11:52 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 16:08 . 2012-01-02 16:08 -------- d-----w- c:\program files\Sophos
2011-12-28 16:26 . 2011-12-28 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2011-12-26 09:58 . 2011-12-26 09:58 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\OLYMPUS
2011-12-26 09:52 . 2012-01-05 22:22 -------- d-----w- c:\program files\DIFX
2011-12-26 09:52 . 2009-09-10 15:58 29328 ----a-w- c:\windows\system32\OlyClsInstCC.dll
2011-12-26 09:52 . 2009-09-10 15:58 21648 ----a-w- c:\windows\system32\drivers\OlyCamComm.sys
2011-12-26 09:49 . 2011-12-26 09:49 -------- d-----w- c:\program files\MSXML 4.0
2011-12-26 09:49 . 2005-09-22 22:07 95744 ----a-r- c:\windows\system32\atl80.dll
2011-12-26 09:49 . 2005-09-22 22:05 626688 ----a-r- c:\windows\system32\msvcr80.dll
2011-12-26 09:49 . 2005-09-22 22:05 548864 ----a-r- c:\windows\system32\msvcp80.dll
2011-12-26 09:49 . 2005-09-23 00:16 1079808 ----a-r- c:\windows\system32\mfc80u.dll
2011-12-26 09:49 . 2011-12-26 09:57 -------- d-----w- c:\program files\OLYMPUS
2011-12-25 10:37 . 2001-08-17 13:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\Hewlett-Packard
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP Photo Creations
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-12-25 10:36 . 2012-01-02 19:15 -------- d-----w- c:\documents and settings\Wilsons\Application Data\HpUpdate
2011-12-25 10:35 . 2011-06-08 18:06 544616 ----a-w- c:\windows\system32\HPDiscoPMa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 488296 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 429928 ----a-w- c:\windows\system32\hpinkstsa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 270696 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2011-12-25 10:35 . 2011-06-08 21:57 216424 ----a-w- c:\windows\system32\hpinkcoia011.dll
2011-12-25 10:33 . 2011-12-25 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-25 10:32 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP
2011-12-24 13:33 . 2011-12-24 13:33 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\HP
2011-12-21 20:14 . 2011-12-26 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\program files\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\documents and settings\Wilsons\Application Data\NCH Software
2011-12-21 19:49 . 2011-12-21 19:49 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Amazon
2011-12-21 18:28 . 2011-12-21 18:28 -------- d-----w- c:\program files\Amazon
2011-12-21 18:25 . 2011-12-21 18:25 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 20:55 . 2011-11-16 20:55 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-11-16 20:55 . 2011-11-16 20:55 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-16 14:55 . 2011-11-16 14:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 01:07 . 2009-07-12 01:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 01:19 . 2009-07-12 01:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 19:41 . 2009-07-11 19:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2011-11-16 20:26 . 2009-08-06 19:24 53472 c:\windows\system32\wuauclt.exe
+ 2011-11-16 20:50 . 2008-11-07 18:55 26144 c:\windows\system32\spupdsvc.exe
- 2011-11-16 20:50 . 2009-05-12 15:12 26144 c:\windows\system32\spupdsvc.exe
+ 2006-02-28 12:00 . 2012-01-05 22:26 86656 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-01-05 17:16 86656 c:\windows\system32\perfc009.dat
+ 2012-01-05 22:21 . 2011-08-17 12:57 75264 c:\windows\system32\nmwcdcls.dll
+ 2012-01-05 22:21 . 2008-08-26 10:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys
+ 2012-01-05 22:21 . 2011-08-17 12:57 75264 c:\windows\system32\DRVSTORE\nmwcdnsuc_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcls.dll
+ 2012-01-05 22:21 . 2011-08-17 12:57 75264 c:\windows\system32\DRVSTORE\nmwcdnsu_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcls.dll
+ 2012-01-05 22:21 . 2011-08-17 12:57 75264 c:\windows\system32\DRVSTORE\ccdcmbo_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcls.dll
+ 2012-01-05 22:21 . 2011-08-17 12:56 23168 c:\windows\system32\DRVSTORE\ccdcmbo_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\ccdcmbo.sys
+ 2012-01-05 22:21 . 2011-08-17 12:57 75264 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcls.dll
+ 2012-01-05 22:21 . 2011-08-17 12:56 18176 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\ccdcmb.sys
+ 2009-07-14 10:35 . 2009-07-14 10:35 37608 c:\windows\system32\drivers\wdfldr.sys
+ 2012-01-05 22:21 . 2008-08-26 10:26 18816 c:\windows\system32\drivers\pccsmcfd.sys
+ 2012-01-05 22:21 . 2011-08-17 12:56 23168 c:\windows\system32\drivers\ccdcmbo.sys
+ 2012-01-05 22:21 . 2011-08-17 12:56 18176 c:\windows\system32\drivers\ccdcmb.sys
+ 2011-11-16 20:26 . 2009-08-06 19:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-02-28 12:00 . 2009-08-06 19:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2006-02-28 12:00 . 2009-08-06 19:24 96480 c:\windows\system32\cdm.dll
+ 2012-01-06 08:59 . 2006-02-28 12:00 36864 c:\windows\LastGood\system32\wups.dll
+ 2012-01-06 08:59 . 2006-02-28 12:00 66560 c:\windows\LastGood\system32\cdm.dll
+ 2012-01-05 22:21 . 2012-01-05 22:21 29184 c:\windows\Installer\1a74bd.msi
+ 2012-01-05 22:21 . 2012-01-05 22:21 78336 c:\windows\Installer\1a74b8.msi
+ 2012-01-05 22:22 . 2012-01-05 22:22 54489 c:\windows\Installer\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\ARPPRODUCTICON.exe
+ 2012-01-05 22:22 . 2012-01-05 22:22 10134 c:\windows\Installer\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}\ARPPRODUCTICON.exe
+ 2012-01-05 22:21 . 2011-08-17 13:03 8576 c:\windows\system32\DRVSTORE\nmwcdnsuc_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdnsuc.sys
+ 2012-01-05 22:21 . 2011-08-17 12:56 8192 c:\windows\system32\DRVSTORE\ccdcmbm_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\usbser_lowerflt.sys
+ 2012-01-05 22:21 . 2011-08-17 12:56 8192 c:\windows\system32\DRVSTORE\ccdcmbj_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\usbser_lowerfltj.sys
+ 2012-01-05 22:21 . 2011-08-17 12:56 8192 c:\windows\system32\drivers\usbser_lowerfltj.sys
+ 2012-01-05 22:21 . 2011-08-17 12:56 8192 c:\windows\system32\drivers\usbser_lowerflt.sys
+ 2012-01-05 22:21 . 2011-08-17 13:03 8576 c:\windows\system32\drivers\nmwcdnsuc.sys
+ 2012-01-05 22:21 . 2012-01-05 22:21 3262 c:\windows\Installer\{AF88496B-4BBA-4922-97E9-2582D3A28358}\ARPPRODUCTICON.exe
+ 2009-07-12 01:12 . 2009-07-12 01:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 01:09 . 2009-07-12 01:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 01:08 . 2009-07-12 01:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2011-11-16 20:26 . 2009-08-06 19:24 327896 c:\windows\system32\wucltui.dll
+ 2011-11-16 20:26 . 2009-08-06 19:23 575704 c:\windows\system32\wuapi.dll
+ 2006-02-28 12:00 . 2012-01-05 22:26 502174 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-01-05 17:16 502174 c:\windows\system32\perfh009.dat
+ 2012-01-05 22:21 . 2011-08-17 12:57 605696 c:\windows\system32\nmwcdcocls.dll
+ 2011-02-19 00:40 . 2011-02-19 00:40 773968 c:\windows\system32\msvcr100.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 421200 c:\windows\system32\msvcp100.dll
+ 2012-01-05 22:21 . 2011-01-03 14:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll
+ 2012-01-05 22:21 . 2011-08-17 13:03 137472 c:\windows\system32\DRVSTORE\nmwcdnsu_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdnsu.sys
+ 2012-01-05 22:21 . 2011-08-17 12:57 605696 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcocls.dll
+ 2012-01-05 22:21 . 2011-08-17 12:57 123904 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\ccdcmbwu.dll
+ 2009-07-14 10:35 . 2009-07-14 10:35 444136 c:\windows\system32\drivers\wdf01000.sys
+ 2012-01-05 22:21 . 2011-08-17 13:03 137472 c:\windows\system32\drivers\nmwcdnsu.sys
+ 2011-11-16 20:26 . 2009-08-06 19:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2011-11-16 20:26 . 2009-08-06 19:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2012-01-05 22:21 . 2011-08-17 12:57 123904 c:\windows\system32\ccdcmbwu.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 138056 c:\windows\system32\atl100.dll
+ 2012-01-06 08:59 . 2006-02-28 12:00 112640 c:\windows\LastGood\system32\wucltui.dll
+ 2012-01-06 08:59 . 2006-02-28 12:00 111104 c:\windows\LastGood\system32\wuauclt.exe
+ 2012-01-06 08:59 . 2006-02-28 12:00 430592 c:\windows\LastGood\system32\wuapi.dll
+ 2012-01-05 22:21 . 2012-01-05 22:21 496128 c:\windows\Installer\1a74c7.msi
+ 2012-01-05 22:21 . 2012-01-05 22:21 337408 c:\windows\Installer\1a74c2.msi
+ 2012-01-05 22:21 . 2012-01-05 22:21 215552 c:\windows\Installer\1a74ad.msi
+ 2012-01-05 22:21 . 2012-01-05 22:21 868864 c:\windows\Installer\1a74a8.msi
+ 2009-07-11 20:46 . 2009-07-11 20:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 20:46 . 2009-07-11 20:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2011-11-16 20:26 . 2009-08-06 19:23 1929952 c:\windows\system32\wuaueng.dll
+ 2012-01-05 22:21 . 2011-05-18 10:09 1461992 c:\windows\system32\wdfcoinstaller01009.dll
+ 2012-01-05 22:21 . 2011-01-03 13:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll
+ 2012-01-05 22:21 . 2011-05-18 10:09 1461992 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\wdfcoinstaller01009.dll
+ 2011-11-16 20:26 . 2009-08-06 19:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2012-01-06 08:59 . 2006-02-28 12:00 1134592 c:\windows\LastGood\system32\wuaueng.dll
+ 2012-01-05 22:22 . 2012-01-05 22:22 1298432 c:\windows\Installer\1a74cd.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-05 17:26 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-05 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2011-08-03 231296]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-12-17 40995440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2011-08-03 55168]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-05 892768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2011-11-16 1077248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Wilsons\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 06:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 01:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [05/01/2012 17:26 869216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [16/11/2011 12:05 2135280]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\81.tmp --> c:\windows\system32\81.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [05/01/2012 22:21 137472]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [05/01/2012 22:21 8576]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [26/12/2011 09:52 21648]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003Core.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003UA.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-06 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-01-03 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-12-26 18:46]
.
2012-01-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2011-11-25 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2011-12-29 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-12-21 20:13]
.
2011-12-25 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-12-21 20:14]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-06 09:10
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\81.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2272)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-06 09:11:31
ComboFix-quarantined-files.txt 2012-01-06 09:11
ComboFix2.txt 2012-01-05 22:12
ComboFix3.txt 2012-01-05 21:21
.
Pre-Run: 940,283,355,136 bytes free
Post-Run: 940,269,600,768 bytes free
.
- - End Of File - - 61BC4B70479E9906D3C4AAAB698857B8

Thanks

soleruler
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2011-12-26
Gender : Female
OS : windows xp 2002 SP3

View user profile

Back to top Go down

Re: Rootkit infection

Post by Pancake on Fri Jan 06, 2012 10:30 am

Ok.All done.I see no more malware.Log looks good! All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.


ComboFix /uninstall






Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download [You must be registered and logged in to see this link.] to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

=============================








[You must be registered and logged in to see this link.]

Pancake
Senior
Senior

Status :
Online
Offline

Posts : 222
Joined : 2010-03-06
Gender : Male
OS : Windows 7

View user profile

Back to top Go down

Re: Rootkit infection

Post by soleruler on Fri Jan 06, 2012 12:02 pm

Thanks for all of this - funnily enough when uninstalling COMbofix AVG detected two threats and removed to virus vault so now am in the process of installing one of the sites recomended firewalls, and am trying out Firefox!

Thanks once again - I have ordered the e-book as a token of my appreciation Thank You!

soleruler
Novice
Novice

Status :
Online
Offline

Posts : 26
Joined : 2011-12-26
Gender : Female
OS : windows xp 2002 SP3

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum