Jump to content

Possible Tdl3 Rootkit Infection !


eusebios
 Share

Recommended Posts

Hi Gentlemen,

I am requesting your wonderful help to remove this rootkit form my system. Below is the hijack and dds.scr report.

please let me know if you need more information.

Thank You,

eusebios

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:53:26 AM, on 8/1/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Windows folder: C:\WINDOWS

System folder: C:\WINDOWS\SYSTEM32

Hosts file: C:\WINDOWS\System32\drivers\etc\hosts

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe

C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\VMSnap3.exe

C:\WINDOWS\Domino.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Sound Control\sc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Event Log Explorer\elex.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\Alwil Software\Avast5\setup\avast.setup

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [setRefresh] c:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: Sound Control.lnk = C:\Program Files\Sound Control\sc.exe

O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Tamtum\Application Data\FlashGetBHO\GetUrl.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)

O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)

O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)

O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - E:\Downloads\HiDownload\hidownload.exe (HKCU)

O15 - Trusted Zone: http://software.kuaiche.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate1ca8b1a7722bcba) (gupdate1ca8b1a7722bcba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 14233 bytes

 

 

----

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Tamtum at 10:36:32 on 2011-08-01

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.1273 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe

C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\VMSnap3.exe

C:\WINDOWS\Domino.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Sound Control\sc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Event Log Explorer\elex.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\SRWare Iron\iron.exe

C:\WINDOWS\system32\cidaemon.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = local;*.local

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [AdobeBridge]

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [setRefresh] c:\program files\compaq\setrefresh\\SetRefresh.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [VMSnap3] c:\windows\VMSnap3.exe

mRun: [Domino] c:\windows\Domino.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\soundc~1.lnk - c:\program files\sound control\sc.exe

IE: Download all by FlashGet3 - c:\documents and settings\tamtum\application data\flashgetbho\GetAllUrl.htm

IE: Download by FlashGet3 - c:\documents and settings\tamtum\application data\flashgetbho\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: ????3?? - c:\documents and settings\tamtum\application data\flashgetbho\GetUrl.htm

IE: ????3?????? - c:\documents and settings\tamtum\application data\flashgetbho\GetAllUrl.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Trusted Zone: kuaiche.com\software

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 63.245.32.5 24.138.234.252 63.245.32.11

TCP: Interfaces\{EF28B60C-7976-4AB4-B1AC-5E3B7812C1A0} : DhcpNameServer = 63.245.32.5 24.138.234.252 63.245.32.11

Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\tamtum\application data\mozilla\firefox\profiles\635rnjf1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.refdesk.com/

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 9666

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 9050

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 9666

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\tamtum\application data\mozilla\firefox\profiles\635rnjf1.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll

FF - component: c:\documents and settings\tamtum\application data\mozilla\firefox\profiles\635rnjf1.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll

FF - component: c:\documents and settings\tamtum\application data\mozilla\firefox\profiles\635rnjf1.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\tamtum\my documents\netscape6\nppl3260.dll

FF - plugin: c:\documents and settings\tamtum\my documents\netscape6\nprjplug.dll

FF - plugin: c:\documents and settings\tamtum\my documents\netscape6\nprpjplug.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-10 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-16 309848]

R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-7-31 20216]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

R1 MpKsla6e3c90a;MpKsla6e3c90a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a55d8a42-907f-406a-8dd0-06e57ee1ebb0}\MpKsla6e3c90a.sys [2011-8-1 28752]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-16 19544]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-16 42184]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-23 54752]

R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]

S1 MpKsl0062820c;MpKsl0062820c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{566df78d-48e7-48b7-9fc3-56004ff11f46}\mpksl0062820c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{566df78d-48e7-48b7-9fc3-56004ff11f46}\MpKsl0062820c.sys [?]

S1 MpKsl05e3e8be;MpKsl05e3e8be;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{87cbca0c-2c23-41af-bad1-12a01c62cccf}\mpksl05e3e8be.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{87cbca0c-2c23-41af-bad1-12a01c62cccf}\MpKsl05e3e8be.sys [?]

S1 MpKsl0830cca8;MpKsl0830cca8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2f53af6-5a4b-41d4-be4d-f4c068651b42}\mpksl0830cca8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2f53af6-5a4b-41d4-be4d-f4c068651b42}\MpKsl0830cca8.sys [?]

S1 MpKsl08708dd8;MpKsl08708dd8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3bd31cb2-8ddd-4fa4-9213-983847225c01}\mpksl08708dd8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3bd31cb2-8ddd-4fa4-9213-983847225c01}\MpKsl08708dd8.sys [?]

S1 MpKsl095d399c;MpKsl095d399c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d24f2c1-0ca3-40a8-a5e2-c46848c69dd9}\mpksl095d399c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d24f2c1-0ca3-40a8-a5e2-c46848c69dd9}\MpKsl095d399c.sys [?]

S1 MpKsl0c43791c;MpKsl0c43791c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d12a5d1-ca80-4b5f-937f-c57918823c70}\mpksl0c43791c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d12a5d1-ca80-4b5f-937f-c57918823c70}\MpKsl0c43791c.sys [?]

S1 MpKsl0cbfd4a0;MpKsl0cbfd4a0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{069f665d-6d6c-4c2b-b002-5309199ecd6a}\mpksl0cbfd4a0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{069f665d-6d6c-4c2b-b002-5309199ecd6a}\MpKsl0cbfd4a0.sys [?]

S1 MpKsl0da4d4fa;MpKsl0da4d4fa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60eebebc-92fa-4a73-8be5-e5e00053d9d3}\mpksl0da4d4fa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60eebebc-92fa-4a73-8be5-e5e00053d9d3}\MpKsl0da4d4fa.sys [?]

S1 MpKsl1169cda3;MpKsl1169cda3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14a14352-6297-45b7-b893-a7df367b618d}\mpksl1169cda3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14a14352-6297-45b7-b893-a7df367b618d}\MpKsl1169cda3.sys [?]

S1 MpKsl13005c2b;MpKsl13005c2b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27fa18d0-90f4-4ae0-9a18-0592c7eb5399}\mpksl13005c2b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27fa18d0-90f4-4ae0-9a18-0592c7eb5399}\MpKsl13005c2b.sys [?]

S1 MpKsl1400ef74;MpKsl1400ef74;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d24f2c1-0ca3-40a8-a5e2-c46848c69dd9}\mpksl1400ef74.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d24f2c1-0ca3-40a8-a5e2-c46848c69dd9}\MpKsl1400ef74.sys [?]

S1 MpKsl155d68d1;MpKsl155d68d1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4a3c992-22da-4b33-b907-eb6ecad9d43a}\mpksl155d68d1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4a3c992-22da-4b33-b907-eb6ecad9d43a}\MpKsl155d68d1.sys [?]

S1 MpKsl1933e5e4;MpKsl1933e5e4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffa11c6a-b730-4ade-a3ed-60b231092e53}\mpksl1933e5e4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffa11c6a-b730-4ade-a3ed-60b231092e53}\MpKsl1933e5e4.sys [?]

S1 MpKsl20bf2eb0;MpKsl20bf2eb0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{07086ac7-d769-48b6-9105-a0ab95b95002}\mpksl20bf2eb0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{07086ac7-d769-48b6-9105-a0ab95b95002}\MpKsl20bf2eb0.sys [?]

S1 MpKsl234e52f6;MpKsl234e52f6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c71b6c5-ca7a-4181-b44e-21feca7eaeff}\mpksl234e52f6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c71b6c5-ca7a-4181-b44e-21feca7eaeff}\MpKsl234e52f6.sys [?]

S1 MpKsl26aafb95;MpKsl26aafb95;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3bd31cb2-8ddd-4fa4-9213-983847225c01}\mpksl26aafb95.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3bd31cb2-8ddd-4fa4-9213-983847225c01}\MpKsl26aafb95.sys [?]

S1 MpKsl26ffbc48;MpKsl26ffbc48;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4c5bfaf-40dc-47df-9315-195a796d3e73}\mpksl26ffbc48.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4c5bfaf-40dc-47df-9315-195a796d3e73}\MpKsl26ffbc48.sys [?]

S1 MpKsl29d74a01;MpKsl29d74a01;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85f12741-1760-467a-bb67-71ea68bce909}\mpksl29d74a01.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85f12741-1760-467a-bb67-71ea68bce909}\MpKsl29d74a01.sys [?]

S1 MpKsl2a922ab7;MpKsl2a922ab7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ef47269e-233e-460f-bf72-1eb145c55a63}\mpksl2a922ab7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ef47269e-233e-460f-bf72-1eb145c55a63}\MpKsl2a922ab7.sys [?]

S1 MpKsl34226978;MpKsl34226978;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{903731d9-773d-4a04-86a8-9c42c46e9472}\mpksl34226978.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{903731d9-773d-4a04-86a8-9c42c46e9472}\MpKsl34226978.sys [?]

S1 MpKsl3593f526;MpKsl3593f526;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8243420-e564-4185-8172-b80929c1f526}\mpksl3593f526.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8243420-e564-4185-8172-b80929c1f526}\MpKsl3593f526.sys [?]

S1 MpKsl359b2c54;MpKsl359b2c54;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1bdb81e-68e2-46a9-95d1-999670255447}\mpksl359b2c54.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1bdb81e-68e2-46a9-95d1-999670255447}\MpKsl359b2c54.sys [?]

S1 MpKsl36f85288;MpKsl36f85288;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed317f68-829d-4407-86c2-5af3421047f0}\mpksl36f85288.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed317f68-829d-4407-86c2-5af3421047f0}\MpKsl36f85288.sys [?]

S1 MpKsl3d52ce76;MpKsl3d52ce76;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19d52414-151a-40a4-a18f-9d1c0e93855b}\mpksl3d52ce76.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19d52414-151a-40a4-a18f-9d1c0e93855b}\MpKsl3d52ce76.sys [?]

S1 MpKsl3e1db336;MpKsl3e1db336;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f1daaf35-368e-4c29-b74b-34d0bbc98e6d}\mpksl3e1db336.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f1daaf35-368e-4c29-b74b-34d0bbc98e6d}\MpKsl3e1db336.sys [?]

S1 MpKsl3ef10ded;MpKsl3ef10ded;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0e49630-0acf-4ad4-a759-213f58febbf0}\mpksl3ef10ded.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0e49630-0acf-4ad4-a759-213f58febbf0}\MpKsl3ef10ded.sys [?]

S1 MpKsl3fa1f2bd;MpKsl3fa1f2bd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0e63132-baa4-47e5-96ca-2445c053c881}\mpksl3fa1f2bd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0e63132-baa4-47e5-96ca-2445c053c881}\MpKsl3fa1f2bd.sys [?]

S1 MpKsl4011acc7;MpKsl4011acc7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{858c51ab-cbda-4aa8-b372-76e2e758430a}\mpksl4011acc7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{858c51ab-cbda-4aa8-b372-76e2e758430a}\MpKsl4011acc7.sys [?]

S1 MpKsl40b48993;MpKsl40b48993;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffa11c6a-b730-4ade-a3ed-60b231092e53}\mpksl40b48993.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffa11c6a-b730-4ade-a3ed-60b231092e53}\MpKsl40b48993.sys [?]

S1 MpKsl41f2391e;MpKsl41f2391e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c72298d5-8ae7-43f6-ad86-9b43d1c118bd}\mpksl41f2391e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c72298d5-8ae7-43f6-ad86-9b43d1c118bd}\MpKsl41f2391e.sys [?]

S1 MpKsl4227634a;MpKsl4227634a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{815047ad-4781-49bf-a4a1-5695d6e032e3}\mpksl4227634a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{815047ad-4781-49bf-a4a1-5695d6e032e3}\MpKsl4227634a.sys [?]

S1 MpKsl46e6a53f;MpKsl46e6a53f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2f53af6-5a4b-41d4-be4d-f4c068651b42}\mpksl46e6a53f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2f53af6-5a4b-41d4-be4d-f4c068651b42}\MpKsl46e6a53f.sys [?]

S1 MpKsl48572518;MpKsl48572518;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{95e8dad5-9a7d-437f-8c4c-65ac9d15a4be}\mpksl48572518.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{95e8dad5-9a7d-437f-8c4c-65ac9d15a4be}\MpKsl48572518.sys [?]

S1 MpKsl4a32284a;MpKsl4a32284a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f2dfd2e-1e6c-4755-9992-9fda63fa272c}\mpksl4a32284a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f2dfd2e-1e6c-4755-9992-9fda63fa272c}\MpKsl4a32284a.sys [?]

S1 MpKsl516bc985;MpKsl516bc985;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d05cf8d-1834-4b86-a8f2-ee48fbf16ee9}\mpksl516bc985.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d05cf8d-1834-4b86-a8f2-ee48fbf16ee9}\MpKsl516bc985.sys [?]

S1 MpKsl517fe212;MpKsl517fe212;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6198fcd2-73b8-4d27-baeb-132b7a43669d}\mpksl517fe212.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6198fcd2-73b8-4d27-baeb-132b7a43669d}\MpKsl517fe212.sys [?]

S1 MpKsl5204124b;MpKsl5204124b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f900d95-dd6e-4da8-b853-854c21209c88}\mpksl5204124b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f900d95-dd6e-4da8-b853-854c21209c88}\MpKsl5204124b.sys [?]

S1 MpKsl541c941c;MpKsl541c941c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{903731d9-773d-4a04-86a8-9c42c46e9472}\mpksl541c941c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{903731d9-773d-4a04-86a8-9c42c46e9472}\MpKsl541c941c.sys [?]

S1 MpKsl564ce894;MpKsl564ce894;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c34da673-8d55-4022-a462-0596bbbf9490}\mpksl564ce894.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c34da673-8d55-4022-a462-0596bbbf9490}\MpKsl564ce894.sys [?]

S1 MpKsl57fc41cc;MpKsl57fc41cc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17cfb135-64c0-4a42-8013-83520c22c4bd}\mpksl57fc41cc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17cfb135-64c0-4a42-8013-83520c22c4bd}\MpKsl57fc41cc.sys [?]

S1 MpKsl58993284;MpKsl58993284;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17cfb135-64c0-4a42-8013-83520c22c4bd}\mpksl58993284.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17cfb135-64c0-4a42-8013-83520c22c4bd}\MpKsl58993284.sys [?]

S1 MpKsl5b2f3606;MpKsl5b2f3606;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14a14352-6297-45b7-b893-a7df367b618d}\mpksl5b2f3606.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14a14352-6297-45b7-b893-a7df367b618d}\MpKsl5b2f3606.sys [?]

S1 MpKsl5dd94069;MpKsl5dd94069;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bffe856d-0357-4b2c-81eb-476802a00b3a}\mpksl5dd94069.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bffe856d-0357-4b2c-81eb-476802a00b3a}\MpKsl5dd94069.sys [?]

S1 MpKsl60fb0b74;MpKsl60fb0b74;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9eff8977-9bee-49a5-b829-bac9c28dd078}\mpksl60fb0b74.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9eff8977-9bee-49a5-b829-bac9c28dd078}\MpKsl60fb0b74.sys [?]

S1 MpKsl6166bfbd;MpKsl6166bfbd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{287e2510-967f-45b2-bb03-3e06679ac188}\mpksl6166bfbd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{287e2510-967f-45b2-bb03-3e06679ac188}\MpKsl6166bfbd.sys [?]

S1 MpKsl6167cc78;MpKsl6167cc78;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17cfb135-64c0-4a42-8013-83520c22c4bd}\mpksl6167cc78.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17cfb135-64c0-4a42-8013-83520c22c4bd}\MpKsl6167cc78.sys [?]

S1 MpKsl635aac9c;MpKsl635aac9c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8243420-e564-4185-8172-b80929c1f526}\mpksl635aac9c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8243420-e564-4185-8172-b80929c1f526}\MpKsl635aac9c.sys [?]

S1 MpKsl64f882d1;MpKsl64f882d1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0e63132-baa4-47e5-96ca-2445c053c881}\mpksl64f882d1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0e63132-baa4-47e5-96ca-2445c053c881}\MpKsl64f882d1.sys [?]

S1 MpKsl68633118;MpKsl68633118;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{83990b25-785d-4197-a867-1b252d3f9756}\mpksl68633118.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{83990b25-785d-4197-a867-1b252d3f9756}\MpKsl68633118.sys [?]

S1 MpKsl68b30fce;MpKsl68b30fce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c2d51da-ebc5-419b-bedd-3f7868fbf53c}\mpksl68b30fce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c2d51da-ebc5-419b-bedd-3f7868fbf53c}\MpKsl68b30fce.sys [?]

S1 MpKsl6e6d6d15;MpKsl6e6d6d15;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6a01473-7f05-4999-a131-5aeacfa22dad}\mpksl6e6d6d15.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6a01473-7f05-4999-a131-5aeacfa22dad}\MpKsl6e6d6d15.sys [?]

S1 MpKsl6efdef7a;MpKsl6efdef7a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c71b6c5-ca7a-4181-b44e-21feca7eaeff}\mpksl6efdef7a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c71b6c5-ca7a-4181-b44e-21feca7eaeff}\MpKsl6efdef7a.sys [?]

S1 MpKsl76c1f2d0;MpKsl76c1f2d0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b58869f-223c-40f4-a2f4-994c8cec10be}\mpksl76c1f2d0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b58869f-223c-40f4-a2f4-994c8cec10be}\MpKsl76c1f2d0.sys [?]

S1 MpKsl77bdabaf;MpKsl77bdabaf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d3b832ae-a635-4f34-a853-e03580363bbe}\mpksl77bdabaf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d3b832ae-a635-4f34-a853-e03580363bbe}\MpKsl77bdabaf.sys [?]

S1 MpKsl7ac8689c;MpKsl7ac8689c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{171914c6-a61a-4460-b30d-27c5dd421406}\mpksl7ac8689c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{171914c6-a61a-4460-b30d-27c5dd421406}\MpKsl7ac8689c.sys [?]

S1 MpKsl84bc1394;MpKsl84bc1394;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{171914c6-a61a-4460-b30d-27c5dd421406}\mpksl84bc1394.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{171914c6-a61a-4460-b30d-27c5dd421406}\MpKsl84bc1394.sys [?]

S1 MpKsl8d15d389;MpKsl8d15d389;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cbdda7bc-da5f-4043-a433-c2b05a775310}\mpksl8d15d389.sys --> c:\documents and settings\all users\applicat

Link to comment
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Hi,

 

Below is more on this failure the system has crashed already with this error.

 

Thanks for your help Posted Image

 

Error code 00000050, parameter1 d0d0b500, parameter2 00000000, parameter3 804e8dc4, parameter4 00000000.

 

0000: 53 79 73 74 65 6D 20 45 72 72 6F 72 20 20 45 72 System Error Er

 

0010: 72 6F 72 20 63 6F 64 65 20 30 30 30 30 30 30 35 ror code 0000005

0020: 30 20 20 50 61 72 61 6D 65 74 65 72 73 20 64 30 0 Parameters d0

0030: 64 30 62 35 30 30 2C 20 30 30 30 30 30 30 30 30 d0b500, 00000000

0040: 2C 20 38 30 34 65 38 64 63 34 2C 20 30 30 30 30 , 804e8dc4, 0000

0050: 30 30 30 30 0000

 

+----------------------------------------------------

| Trend Micro RootkitBuster

| Module version: 3.60.0.1016

| Computer Name: CHICHITOS

| User Name: Tamtum

+----------------------------------------------------

 

 

--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--

No hidden files found.

 

--== Dump Hidden Registry Value on HKLM ==--

No hidden registry entries found.

 

 

--== Dump Hidden Process ==--

No hidden processes found.

 

--== Dump Hidden Driver ==--

No hidden drivers found.

 

--== Service Win32 API Hook List ==--

[HOOKED_SERVICE_API]:

Service API : ZwAddBootEntry

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80650dff

CurrentHandler : 0xa8ed3202

ServiceNumber : 0x9

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwAllocateVirtualMemory

Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS

OriginalHandler : 0x80570bc5

CurrentHandler : 0xa8f61d8c

ServiceNumber : 0x11

ModuleName : aswSP.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwClose

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8056f8d7

CurrentHandler : 0xa8ef76c1

ServiceNumber : 0x19

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateEvent

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x805744f6

CurrentHandler : 0xa8ed57f0

ServiceNumber : 0x23

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateEventPair

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80650ef4

CurrentHandler : 0xa8ed5848

ServiceNumber : 0x24

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateIoCompletion

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x805e73f1

CurrentHandler : 0xa8ed595e

ServiceNumber : 0x26

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateKey

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80578ab4

CurrentHandler : 0xa8ef7075

ServiceNumber : 0x29

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateMutant

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8058408d

CurrentHandler : 0xa8ed5746

ServiceNumber : 0x2b

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateSection

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8056db66

CurrentHandler : 0xa8ed5898

ServiceNumber : 0x32

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateSemaphore

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8057fd03

CurrentHandler : 0xa8ed579a

ServiceNumber : 0x33

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateTimer

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8059efe9

CurrentHandler : 0xa8ed590c

ServiceNumber : 0x36

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwDeleteBootEntry

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8063417a

CurrentHandler : 0xa8ed3226

ServiceNumber : 0x3d

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwDeleteKey

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8059a5c9

CurrentHandler : 0xa8ef7d87

ServiceNumber : 0x3f

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwDeleteValueKey

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x805991e8

CurrentHandler : 0xa8ef803d

ServiceNumber : 0x41

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwDuplicateObject

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8057f18d

CurrentHandler : 0xa8ed5be2

ServiceNumber : 0x44

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwEnumerateKey

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8057f002

CurrentHandler : 0xa8ef7bf2

ServiceNumber : 0x47

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwEnumerateValueKey

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80590232

CurrentHandler : 0xa8ef7a5d

ServiceNumber : 0x49

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwFreeVirtualMemory

Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS

OriginalHandler : 0x805710bf

CurrentHandler : 0xa8f61e3c

ServiceNumber : 0x53

ModuleName : aswSP.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwLoadDriver

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x805b52f0

CurrentHandler : 0xa8ed2ff0

ServiceNumber : 0x61

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwModifyBootEntry

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8063417a

CurrentHandler : 0xa8ed324a

ServiceNumber : 0x6d

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwNotifyChangeKey

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80596d8a

CurrentHandler : 0xa8ed5d56

ServiceNumber : 0x6f

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwNotifyChangeMultipleKeys

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80596b9c

CurrentHandler : 0xa8ed3cda

ServiceNumber : 0x70

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenEvent

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80589d61

CurrentHandler : 0xa8ed5820

ServiceNumber : 0x72

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenEventPair

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80650fe5

CurrentHandler : 0xa8ed5870

ServiceNumber : 0x73

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenIoCompletion

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80621643

CurrentHandler : 0xa8ed5988

ServiceNumber : 0x75

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenKey

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80572bdf

CurrentHandler : 0xa8ef73d1

ServiceNumber : 0x77

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenMutant

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8058413b

CurrentHandler : 0xa8ed5772

ServiceNumber : 0x78

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenProcess

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8057f93a

CurrentHandler : 0xa8ed5a1a

ServiceNumber : 0x7a

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenSection

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80579192

CurrentHandler : 0xa8ed58d8

ServiceNumber : 0x7d

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenSemaphore

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x805ad95a

CurrentHandler : 0xa8ed57c8

ServiceNumber : 0x7e

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenThread

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80596743

CurrentHandler : 0xa8ed5afe

ServiceNumber : 0x80

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenTimer

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80650e1b

CurrentHandler : 0xa8ed5936

ServiceNumber : 0x83

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwProtectVirtualMemory

Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS

OriginalHandler : 0x8057f56b

CurrentHandler : 0xa8f61ed4

ServiceNumber : 0x89

ModuleName : aswSP.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwQueryKey

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8057ec02

CurrentHandler : 0xa8ef78d8

ServiceNumber : 0xa0

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwQueryObject

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8058a65e

CurrentHandler : 0xa8ed3ba0

ServiceNumber : 0xa3

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwQueryValueKey

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80572f19

CurrentHandler : 0xa8ef772a

ServiceNumber : 0xb1

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwRenameKey

Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS

OriginalHandler : 0x8065684c

CurrentHandler : 0xa8f6a10e

ServiceNumber : 0xc0

ModuleName : aswSP.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwRestoreKey

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80656d3d

CurrentHandler : 0xa8ef66e8

ServiceNumber : 0xcc

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwSetBootEntryOrder

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80650dff

CurrentHandler : 0xa8ed326e

ServiceNumber : 0xd3

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwSetBootOptions

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80650dff

CurrentHandler : 0xa8ed3292

ServiceNumber : 0xd4

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwSetSystemInformation

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x805bfdb1

CurrentHandler : 0xa8ed304a

ServiceNumber : 0xf0

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwSetSystemPowerState

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x806700e7

CurrentHandler : 0xa8ed3186

ServiceNumber : 0xf1

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwSetValueKey

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80580088

CurrentHandler : 0xa8ef7e8e

ServiceNumber : 0xf7

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwShutdownSystem

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8064f29b

CurrentHandler : 0xa8ed3162

ServiceNumber : 0xf9

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwSystemDebugControl

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x80651a75

CurrentHandler : 0xa8ed31aa

ServiceNumber : 0xff

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwVdmControl

Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x805c28f0

CurrentHandler : 0xa8ed32b6

ServiceNumber : 0x10c

ModuleName : aswSnx.SYS

SDTType : 0x0

 

 

--== Dump Hidden Port ==--

No hidden ports found.

 

--== Dump Kernel Code Patching ==--

[KERNEL_CODE][PATCHED]:

Service API : ZwCreateProcessEx

Address : 8058B9EC

CurrentCode : E9ABB99E28

ExpectedCode : 6A0C6818F6

ServiceNumber : 0x30

SDTType : 0x0

1 Kernel code patching found.

 

--== Dump Hidden Services ==--

No hidden services found.

Link to comment
Share on other sites

Hello eusebios and :wp:

 

My name is JonTom

 

  • Malware Logs can sometimes take a lot of time to research and interpret.

  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.

When you ran DDS two logs would have been produced. I would like to see the attach.txt log. Please post it in your next reply along with the logs from the following scans:

 

 

  • aswMBR

     

     

    • Download aswMBR.exe to your desktop.
    • Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan.

    Posted Image

     

    • On completion of the scan click save log, save it to your desktop and post in your next reply.

    Posted Image

     

  • Please scan your system with GMER

     

     

    Posted Image

    Download GMER Rootkit Scanner from here or here.

    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and post it in your reply.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries

 

Please post the attach.txt, aswMBR and GMER logs in your next reply.

 

If you encounter any problems with the scans come back and let me know.

 

 

Link to comment
Share on other sites

Hi JonTom,

 

Thank you very much for help me with this nightmare-ghost. I appreciate your help very much.

 

Well, sorry to be to late, i was working with a problem with aswmbr that abort while running.

 

Bellow are the TXT files you requested except for the awsmbr that abort.

 

Please if you know let me know how I can resolve the issue for the aswMBR.

 

Thank you again for your support.

 

----

 

ATTACH.TXT FROM DDS

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/22/2010 10:02:31 AM

System Uptime: 8/1/2011 7:21:44 AM (3 hours ago)

.

Motherboard: Hewlett-Packard | | 097Ch

Processor: Intel® Pentium® 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 37 GiB total, 3.254 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 112 GiB total, 26.799 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP464: 6/29/2011 12:20:12 PM - Installed Rights Management Add-on for Internet Explorer

RP465: 6/29/2011 1:53:27 PM - Software Distribution Service 3.0

RP466: 7/3/2011 2:13:55 PM - System Checkpoint

RP467: 7/4/2011 6:02:56 PM - Software Distribution Service 3.0

RP468: 7/6/2011 3:10:16 PM - System Checkpoint

RP469: 7/7/2011 3:51:46 PM - Software Distribution Service 3.0

RP470: 7/9/2011 7:13:43 PM - Software Distribution Service 3.0

RP471: 7/11/2011 6:41:26 PM - Software Distribution Service 3.0

RP472: 7/12/2011 9:24:11 PM - Software Distribution Service 3.0

RP473: 7/12/2011 10:38:03 PM - Software Distribution Service 3.0

RP474: 7/15/2011 10:18:02 AM - Software Distribution Service 3.0

RP475: 7/16/2011 11:48:36 PM - Software Distribution Service 3.0

RP476: 7/18/2011 8:12:02 AM - Software Distribution Service 3.0

RP477: 7/18/2011 10:19:55 AM - Software Distribution Service 3.0

RP478: 7/19/2011 12:48:49 PM - Software Distribution Service 3.0

RP479: 7/20/2011 8:40:11 PM - Software Distribution Service 3.0

RP480: 7/21/2011 9:10:27 PM - Software Distribution Service 3.0

RP481: 7/23/2011 4:50:59 PM - Software Distribution Service 3.0

RP482: 7/24/2011 2:42:14 AM - Installed Java 6 Update 26

RP483: 7/25/2011 9:58:41 AM - Software Distribution Service 3.0

RP484: 7/26/2011 6:05:08 PM - Software Distribution Service 3.0

RP485: 7/27/2011 7:27:24 PM - Software Distribution Service 3.0

RP486: 7/28/2011 9:11:22 PM - Software Distribution Service 3.0

RP487: 7/30/2011 4:57:39 PM - Software Distribution Service 3.0

RP488: 8/1/2011 7:34:33 AM - Software Distribution Service 3.0

RP489: 8/1/2011 9:07:17 AM - Installed Log Parser 2.2

RP490: 8/1/2011 9:56:14 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

µTorrent

2007 Microsoft Office Suite Service Pack 2 (SP2)

A4 TECH PC Camera H

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Reader X (10.1.0)

AM-DeadLink 4.4

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

avast! Free Antivirus

BitTorrent

BitTorrentBar Toolbar

Bonjour

Broadcom Management Programs

Broadcom NetXtreme Ethernet Controller

Calculator Powertoy for Windows XP

CCleaner

CmdHere Powertoy For Windows XP

Conduit Engine

Debugging Tools for Windows (x86)

DivX Setup

Event Log Explorer 3.3

FastStone Capture 6.6

ffdshow (remove only)

Foxit PDF Editor

Gadwin PrintScreen

Google Chrome

Google Hacks

Google Update Helper

HeavyLoad V3.0

HiDownload

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

hp deskjet 3600

HP SetRefresh

HWiNFO32 Version 3.82

Image Resizer Powertoy for Windows XP

Intel® Graphics Media Accelerator Driver

iTunes

Japanese Fonts Support For Adobe Reader 9

Java Auto Updater

Java 6 Update 26

JDownloader

Junk Mail filter update

Log Parser 2.2

LWS Twitter

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Baseline Security Analyzer 2.2

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Network Monitor 3.4

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 5.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nitro PDF Reader

OGA Notifier 2.0.0048.0

Opera 11.50

PrimoPDF -- brought to you by Nitro PDF Software

QuickTime

RAR Password Cracker 4.12

RealPlayer

RealUpgrade 1.0

Rights Management Add-on for Internet Explorer

Safari

ScholarWord

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office 2007 System (KB2541012)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2541007)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB923789)

Segoe UI

Shockwave 7.0.3 Player

Skype Toolbars

Skype™ 5.3

Snagit 10

SolSuite 2010 v10.1

Sound Control v2.48 BETA

SoundMAX

Spelling Dictionaries Support For Adobe Reader 9

SRWare Iron 12.0.750.0

Super Internet TV v8.1 (Free Edition)

TeraCopy 2.12

TreeSize Free V2.3.3

Ultimate Solitaire

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Outlook 2007 Junk Email Filter (KB2553975)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

VC80CRTRedist - 8.0.50727.4053

VLC media player 1.1.10

VP-EYE

WebFldrs XP

WinDirStat 1.1.2

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows Movie Maker 2.0

Windows Rights Management Client

Windows Rights Management Client Backwards Compatibility

WinPcap 4.1.2

WinRAR archiver

Xvid Video Codec

.

==== Event Viewer Messages From Past Week ========

.

8/1/2011 7:22:55 AM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.

7/29/2011 7:09:49 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0013215F8469 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

7/28/2011 11:10:12 AM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/22/2010 10:02:31 AM

System Uptime: 8/1/2011 7:21:44 AM (3 hours ago)

.

Motherboard: Hewlett-Packard | | 097Ch

Processor: Intel® Pentium® 4 CPU 3.00GHz | XU1 PROCESSOR | 2992/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 37 GiB total, 3.254 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 112 GiB total, 26.799 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP464: 6/29/2011 12:20:12 PM - Installed Rights Management Add-on for Internet Explorer

RP465: 6/29/2011 1:53:27 PM - Software Distribution Service 3.0

RP466: 7/3/2011 2:13:55 PM - System Checkpoint

RP467: 7/4/2011 6:02:56 PM - Software Distribution Service 3.0

RP468: 7/6/2011 3:10:16 PM - System Checkpoint

RP469: 7/7/2011 3:51:46 PM - Software Distribution Service 3.0

RP470: 7/9/2011 7:13:43 PM - Software Distribution Service 3.0

RP471: 7/11/2011 6:41:26 PM - Software Distribution Service 3.0

RP472: 7/12/2011 9:24:11 PM - Software Distribution Service 3.0

RP473: 7/12/2011 10:38:03 PM - Software Distribution Service 3.0

RP474: 7/15/2011 10:18:02 AM - Software Distribution Service 3.0

RP475: 7/16/2011 11:48:36 PM - Software Distribution Service 3.0

RP476: 7/18/2011 8:12:02 AM - Software Distribution Service 3.0

RP477: 7/18/2011 10:19:55 AM - Software Distribution Service 3.0

RP478: 7/19/2011 12:48:49 PM - Software Distribution Service 3.0

RP479: 7/20/2011 8:40:11 PM - Software Distribution Service 3.0

RP480: 7/21/2011 9:10:27 PM - Software Distribution Service 3.0

RP481: 7/23/2011 4:50:59 PM - Software Distribution Service 3.0

RP482: 7/24/2011 2:42:14 AM - Installed Java 6 Update 26

RP483: 7/25/2011 9:58:41 AM - Software Distribution Service 3.0

RP484: 7/26/2011 6:05:08 PM - Software Distribution Service 3.0

RP485: 7/27/2011 7:27:24 PM - Software Distribution Service 3.0

RP486: 7/28/2011 9:11:22 PM - Software Distribution Service 3.0

RP487: 7/30/2011 4:57:39 PM - Software Distribution Service 3.0

RP488: 8/1/2011 7:34:33 AM - Software Distribution Service 3.0

RP489: 8/1/2011 9:07:17 AM - Installed Log Parser 2.2

RP490: 8/1/2011 9:56:14 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

µTorrent

2007 Microsoft Office Suite Service Pack 2 (SP2)

A4 TECH PC Camera H

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Reader X (10.1.0)

AM-DeadLink 4.4

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

avast! Free Antivirus

BitTorrent

BitTorrentBar Toolbar

Bonjour

Broadcom Management Programs

Broadcom NetXtreme Ethernet Controller

Calculator Powertoy for Windows XP

CCleaner

CmdHere Powertoy For Windows XP

Conduit Engine

Debugging Tools for Windows (x86)

DivX Setup

Event Log Explorer 3.3

FastStone Capture 6.6

ffdshow (remove only)

Foxit PDF Editor

Gadwin PrintScreen

Google Chrome

Google Hacks

Google Update Helper

HeavyLoad V3.0

HiDownload

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

hp deskjet 3600

HP SetRefresh

HWiNFO32 Version 3.82

Image Resizer Powertoy for Windows XP

Intel® Graphics Media Accelerator Driver

iTunes

Japanese Fonts Support For Adobe Reader 9

Java Auto Updater

Java 6 Update 26

JDownloader

Junk Mail filter update

Log Parser 2.2

LWS Twitter

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Baseline Security Analyzer 2.2

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Network Monitor 3.4

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 5.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nitro PDF Reader

OGA Notifier 2.0.0048.0

Opera 11.50

PrimoPDF -- brought to you by Nitro PDF Software

QuickTime

RAR Password Cracker 4.12

RealPlayer

RealUpgrade 1.0

Rights Management Add-on for Internet Explorer

Safari

ScholarWord

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office 2007 System (KB2541012)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2541007)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB923789)

Segoe UI

Shockwave 7.0.3 Player

Skype Toolbars

Skype™ 5.3

Snagit 10

SolSuite 2010 v10.1

Sound Control v2.48 BETA

SoundMAX

Spelling Dictionaries Support For Adobe Reader 9

SRWare Iron 12.0.750.0

Super Internet TV v8.1 (Free Edition)

TeraCopy 2.12

TreeSize Free V2.3.3

Ultimate Solitaire

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Outlook 2007 Junk Email Filter (KB2553975)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

VC80CRTRedist - 8.0.50727.4053

VLC media player 1.1.10

VP-EYE

WebFldrs XP

WinDirStat 1.1.2

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows Movie Maker 2.0

Windows Rights Management Client

Windows Rights Management Client Backwards Compatibility

WinPcap 4.1.2

WinRAR archiver

Xvid Video Codec

.

==== Event Viewer Messages From Past Week ========

.

8/1/2011 7:22:55 AM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.

7/29/2011 7:09:49 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0013215F8469 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

7/28/2011 11:10:12 AM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

 

 

 

PARTIAL ASSMBR

 

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software

Run date: 2011-08-04 05:44:31

-----------------------------

05:44:31.062 OS Version: Windows 5.1.2600 Service Pack 3

05:44:31.062 Number of processors: 2 586 0x401

05:44:31.062 ComputerName: CHICHITOS UserName: Tamtum

05:44:32.046 Initialize success

05:44:32.203 AVAST engine defs: 11080301

05:44:38.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

05:44:38.703 Disk 0 Vendor: WDC_WD400JD-75HKA1 14.03G14 Size: 38146MB BusType: 3

05:44:38.703 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19

05:44:38.703 Disk 1 Vendor: ST3120026AS 3.43 Size: 114473MB BusType: 3

05:44:38.765 Disk 0 MBR read successfully

05:44:38.781 Disk 0 MBR scan

05:44:38.781 Disk 0 Windows XP default MBR code

05:44:38.796 Disk 0 scanning sectors +78108030

05:44:55.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tamtum\Desktop\MBR.dat"

05:44:55.531 The log file has been saved successfully to "C:\Documents and Settings\Tamtum\Desktop\aswMBR.txt"

 

abort a this point....

 

 

GMER.LOG

 

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-08-04 08:00:10

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD400JD-75HKA1 rev.14.03G14

Running: gmer.exe; Driver: C:\DOCUME~1\Tamtum\LOCALS~1\Temp\fglyipog.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA4869202]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA48F7D8C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA488D6C1]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA486B7F0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA486B848]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA486B95E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA488D075]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA486B746]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA486B898]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA486B79A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA486B90C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA4869226]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA488DD87]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA488E03D]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA486BBE2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA488DBF2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA488DA5D]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA48F7E3C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA4868FF0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA486924A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA486BD56]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA4869CDA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA486B820]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA486B870]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA486B988]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA488D3D1]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA486B772]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA486BA1A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA486B8D8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA486B7C8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA486BAFE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA486B936]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA48F7ED4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA488D8D8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA4869BA0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA488D72A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA490010E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA488C6E8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA486926E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA4869292]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA486904A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA4869186]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA488DE8E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA4869162]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA48691AA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA48692B6]

 

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA490D398]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntoskrnl.exe!ZwYieldExecution + 3A6 804E4C00 4 Bytes [E8, C6, 88, A4]

PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP A490A7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL A486A335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP A490D39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP A4908D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

.text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP A486CCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP A486CBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP A486BF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP A486CE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP A486D014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP A486CB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP A486BE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP A486C180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP A486C326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP A486BE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP A486CBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP A486C2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP A486CD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP A486CF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP A486BFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP A486C03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP A486C0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP A486C0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP A486BD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP A486BEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP A486C008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP A486C440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP A486CECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

? C:\DOCUME~1\Tamtum\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

.text kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text WMVCore.dll!WMCreateLicenseRevocationAgentPrivate 151114BD 105 Bytes [83, B4, 01, 00, 00, E8, A4, ...]

.text WMVCore.dll!WMCreateLicenseRevocationAgentPrivate 15111528 9 Bytes [6A, 05, 8B, CB, 88, 83, 59, ...]

.text WMVCore.dll!WMCreateLicenseRevocationAgentPrivate 15111532 184 Bytes [E8, 48, F6, FF, FF, 3B, C7, ...]

.text WMVCore.dll!WMCreateLicenseRevocationAgentPrivate 151115EB 58 Bytes [bB, BC, 01, 00, 00, 89, BB, ...]

.text WMVCore.dll!WMCreateLicenseRevocationAgentPrivate 15111626 23 Bytes [00, 8B, CE, E8, 03, E1, FF, ...]

.text ...

.text WMVCore.dll!DllRegisterServer + 41 1512BB85 212 Bytes [EB, DB, 55, 8B, EC, 81, EC, ...]

.text WMVCore.dll!DllRegisterServer + 116 1512BC5A 32 Bytes [75, 14, 8B, 08, FF, 75, 10, ...]

.text WMVCore.dll!DllRegisterServer + 137 1512BC7B 141 Bytes [75, 10, 33, FF, FF, 75, 0C, ...]

.text WMVCore.dll!DllRegisterServer + 1C5 1512BD09 124 Bytes [75, 28, 68, C2, 02, 00, 00, ...]

.text WMVCore.dll!DllRegisterServer + 242 1512BD86 122 Bytes [45, 10, 89, 86, 7C, 10, 00, ...]

.text ...

.text WMVCore.dll!WMCreateReaderPriv + 11 1512C8EF 48 Bytes [8D, 85, F4, FD, FF, FF, 50, ...]

.text WMVCore.dll!WMCreateReaderPriv + 42 1512C920 10 Bytes [15, E0, 14, 60, 32, 85, C0, ...]

.text WMVCore.dll!WMCreateReaderPriv + 4D 1512C92B 11 Bytes [60, 32, 74, 29, 8B, 45, 14, ...] {PUSHA ; XOR DH, [ECX+EBP-0x75]; INC EBP; ADC AL, 0x3b; TEST EAX, EBP; STI }

.text WMVCore.dll!WMCreateReaderPriv + 59 1512C937 47 Bytes [FF, 74, 4A, 68, 38, 02, 00, ...]

.text WMVCore.dll!WMCreateReader + 26 1512C968 42 Bytes [D3, 8D, 85, F4, FD, FF, FF, ...]

.text WMVCore.dll!WMCreateReader + 51 1512C993 184 Bytes [57, 8D, 8E, AC, 02, 00, 00, ...]

.text WMVCore.dll!WMCreateReader + 10B 1512CA4D 19 Bytes [8B, 08, 50, FF, 51, 10, 50, ...]

.text WMVCore.dll!WMCreateReader + 11F 1512CA61 21 Bytes [FF, 56, 50, E8, 7D, 60, 70, ...]

.text WMVCore.dll!WMCreateReader + 135 1512CA77 35 Bytes [68, 88, 4D, A7, 32, 68, 65, ...]

.text ...

.text WMVCore.dll!WMIsContentProtected + 2 1512CC6A 168 Bytes [15, 64, 14, 60, 32, 8B, 4D, ...]

.text WMVCore.dll!WMIsContentProtected + AB 1512CD13 36 Bytes [33, C0, 50, 50, 50, FF, 75, ...]

.text WMVCore.dll!WMIsContentProtected + D0 1512CD38 1 Byte [57]

.text WMVCore.dll!WMIsContentProtected + D0 1512CD38 471 Bytes [57, 8B, F1, E8, 5B, 9E, 94, ...]

.text WMVCore.dll!WMIsContentProtected + 2A8 1512CF10 123 Bytes [E8, A2, 91, 6D, FF, 8D, 8E, ...]

.text ...

.text WMVCore.dll!WMCreateSyncReaderPriv 1513699C 39 Bytes [6D, 00, 73, 00, 3E, 00, 3C, ...]

.text WMVCore.dll!WMCreateSyncReaderPriv + 28 151369C4 13 Bytes [72, 00, 69, 00, 6E, 00, 67, ...] {JB 0x2; IMUL EAX, [EAX], 0x67006e; ADD DS:[EAX+EAX], BH; DAS }

.text WMVCore.dll!WMCreateSyncReaderPriv + 36 151369D2 53 Bytes [73, 00, 74, 00, 72, 00, 69, ...]

.text WMVCore.dll!WMCreateSyncReader + B 15136A08 3 Bytes [61, 00, 6D]

.text WMVCore.dll!WMCreateSyncReader + F 15136A0C 183 Bytes [3E, 00, 3C, 00, 76, 00, 61, ...]

.text WMVCore.dll!WMCreateSyncReader + C7 15136AC4 61 Bytes [72, 00, 61, 00, 6D, 00, 73, ...]

.text WMVCore.dll!WMCreateSyncReader + 105 15136B02 18 Bytes [39, 9D, E0, FD, FF, FF, 89, ...] {CMP [EBP-0x220], EBX; MOV [EBP-0x218], EBX; JLE 0xfffffffffffffd11}

.text WMVCore.dll!WMCreateSyncReader + 118 15136B15 130 Bytes [85, D4, FD, FF, FF, 89, 9D, ...]

.text ...

.text WMVCore.dll!WMValidateData + 2 15139E92 84 Bytes [51, 20, 8B, F0, 3B, F3, 0F, ...]

.text WMVCore.dll!WMValidateData + 57 15139EE7 26 Bytes [11, 89, 1C, 82, 40, 3B, 85, ...]

.text WMVCore.dll!WMValidateData + 72 15139F02 21 Bytes [8B, 85, 54, FD, FF, FF, 89, ...]

.text WMVCore.dll!WMValidateData + 88 15139F18 11 Bytes [34, FD, FF, FF, 83, C6, 1C, ...]

.text WMVCore.dll!WMValidateData + 94 15139F24 167 Bytes [50, 57, FF, B5, 34, FD, FF, ...]

.text WMVCore.dll!WMCheckURLScheme + 2 15139FCC 117 Bytes [FF, FF, F6, 45, 08, 01, 74, ...]

.text WMVCore.dll!WMCheckURLScheme + 78 1513A042 7 Bytes [39, 47, 0C, 0F, 84, CE, 02]

.text WMVCore.dll!WMCheckURLScheme + 80 1513A04A 101 Bytes [00, 50, BE, 04, 01, 00, 00, ...]

.text WMVCore.dll!WMCheckURLScheme + E7 1513A0B1 21 Bytes [E8, A2, 43, 6A, FF, 8D, 8D, ...]

.text WMVCore.dll!WMCheckURLScheme + FD 1513A0C7 1 Byte [C3]

.text ...

.text WMVCore.dll!WMIsAvailableOffline + 112 1514125C 47 Bytes [FF, FF, 15, 4C, 10, 60, 32, ...]

.text WMVCore.dll!WMIsAvailableOffline + 142 1514128C 26 Bytes [00, BF, 05, 01, 00, 00, 57, ...]

.text WMVCore.dll!WMIsAvailableOffline + 15D 151412A7 22 Bytes [15, 58, 10, 60, 32, 85, C0, ...]

.text WMVCore.dll!WMIsAvailableOffline + 174 151412BE 210 Bytes [02, 00, 56, 8D, 85, F0, FD, ...]

.text WMVCore.dll!WMIsAvailableOffline + 247 15141391 44 Bytes [8B, CB, E8, F5, 5E, 6D, FF, ...]

.text ...

.text WMVCore.dll!WMCreateWriterPriv + 2 15189B1D 8 Bytes [10, C7, 85, 9C, EB, FF, FF, ...]

.text WMVCore.dll!WMCreateWriterPriv + B 15189B26 5 Bytes [88, 01, 74, 31, 8D]

.text WMVCore.dll!WMCreateWriterPriv + 11 15189B2C 51 Bytes [AC, ED, FF, FF, 50, E8, 16, ...]

.text WMVCore.dll!WMCreateWriterPriv + 45 15189B60 31 Bytes [FF, 01, 74, 2D, 8D, 85, AC, ...]

.text WMVCore.dll!WMCreateWriter + F 15189B80 31 Bytes [88, 01, E8, C0, 6C, 63, FF, ...]

.text WMVCore.dll!WMCreateWriter + 2F 15189BA0 304 Bytes [50, E8, A6, AC, 62, FF, 8B, ...]

.text WMVCore.dll!WMCreateWriter + 160 15189CD1 39 Bytes [FF, EB, E6, 55, 8B, EC, 56, ...]

.text WMVCore.dll!WMCreateWriter + 188 15189CF9 20 Bytes [07, 74, 1C, 6B, C0, 38, 89, ...]

.text WMVCore.dll!WMCreateWriter + 19D 15189D0E 16 Bytes [07, 89, 46, 08, 33, C0, 40, ...] {POP ES; MOV [ESI+0x8], EAX; XOR EAX, EAX; INC EAX; POP EDI; JMP 0xffffffffffffffd5; IMUL EAX, EAX, 0x24; JMP 0xfffffffffffffff1; PUSH EBP}

.text ...

.text WMVCore.dll!WMCreateWriterFileSink + 5C 151A5983 86 Bytes [89, 43, 4C, 89, 43, 50, 89, ...]

.text WMVCore.dll!WMCreateWriterFileSink + B3 151A59DA 101 Bytes [06, 57, 8B, 7D, 18, 56, 89, ...]

.text WMVCore.dll!WMCreateWriterFileSink + 119 151A5A40 27 Bytes [2B, FB, 85, C0, 74, 03, 83, ...]

.text WMVCore.dll!WMCreateWriterFileSink + 135 151A5A5C 74 Bytes CALL 991A5A5E

.text WMVCore.dll!WMCreateWriterFileSink + 181 151A5AA8 1 Byte [51]

.text ...

.text WMVCore.dll!WMCreateWriterNetworkSink + 2 151A76DD 44 Bytes [E9, 41, FE, FF, FF, C7, 85, ...]

.text WMVCore.dll!WMCreateWriterNetworkSink + 2F 151A770A 2 Bytes [CD, FD] {INT 0xfd}

.text WMVCore.dll!WMCreateWriterNetworkSink + 34 151A770F 25 Bytes [4D, FC, 8B, F0, 85, F6, 7C, ...]

.text WMVCore.dll!WMCreateWriterNetworkSink + 4E 151A7729 235 Bytes [8B, C6, 5E, C9, C3, 90, 90, ...]

.text WMVCore.dll!WMCreateWriterNetworkSink + 13A 151A7815 13 Bytes [8B, 45, F8, 59, EB, A9, C7, ...] {MOV EAX, [EBP-0x8]; POP ECX; JMP 0xffffffffffffffaf; MOV DWORD [EBP-0x8], 0x1}

.text ...

.text WMVCore.dll!WMCreateWriterPushSink + 39 151B14D2 35 Bytes [FF, 50, 10, 8B, 8D, 64, FE, ...]

.text WMVCore.dll!WMCreateWriterPushSink + 5D 151B14F6 33 Bytes [01, FF, 50, 24, 8B, 8D, 64, ...]

.text WMVCore.dll!WMCreateWriterPushSink + 80 151B1519 15 Bytes [0F, 84, 6B, FE, FF, FF, E8, ...]

.text WMVCore.dll!WMCreateWriterPushSink + 91 151B152A 17 Bytes [E8, 13, 6C, 6D, FF, 8D, 8D, ...]

.text WMVCore.dll!WMCreateWriterPushSink + A3 151B153C 8 Bytes [F4, FE, FF, FF, E8, 72, 4B, ...]

.text ...

.text WMVCore.dll!WMCreateProfileManager + 2D 151D1055 13 Bytes [21, E8, 3A, AE, FF, FF, 85, ...]

.text WMVCore.dll!WMCreateProfileManager + 3B 151D1063 112 Bytes [00, 68, D4, FE, A7, 32, 68, ...]

.text WMVCore.dll!WMCreateProfileManager + AC 151D10D4 14 Bytes [CF, E8, D5, E7, 68, FF, 8B, ...]

.text WMVCore.dll!WMCreateProfileManager + BB 151D10E3 41 Bytes [FF, 68, B4, 12, 00, 00, 68, ...]

.text WMVCore.dll!WMCreateProfileManager + E5 151D110D 35 Bytes [68, 75, 62, 79, 73, E9, CC, ...]

.text ...

.text WMVCore.dll!WMCreateEditor + 25 151ED99E 114 Bytes [F9, 89, 75, FC, E8, C3, AA, ...]

.text WMVCore.dll!WMCreateEditor + 98 151EDA11 3 Bytes [26, B8, 6C]

.text WMVCore.dll!WMCreateEditor + 9C 151EDA15 38 Bytes [8D, 45, E4, 50, FF, 75, FC, ...]

.text WMVCore.dll!WMCreateEditor + C3 151EDA3C 37 Bytes [6A, 17, FF, 75, FC, 8D, 8D, ...]

.text WMVCore.dll!WMCreateEditor + E9 151EDA62 17 Bytes [CC, 50, 6A, 18, FF, 75, FC, ...]

.text ...

.text WMVCore.dll!WMCreateIndexer + 66 151F53CB 17 Bytes [C2, 08, 00, 33, C0, 40, EB, ...]

.text WMVCore.dll!WMCreateIndexer + 78 151F53DD 15 Bytes [8B, 07, 85, C0, C7, 06, 4C, ...] {MOV EAX, [EDI]; TEST EAX, EAX; MOV DWORD [ESI], 0x32a8204c; JZ 0x15; MOV ECX, [EAX]; PUSH EAX}

.text WMVCore.dll!WMCreateIndexer + 88 151F53ED 108 Bytes [51, 08, 83, 27, 00, 8D, BE, ...]

.text WMVCore.dll!WMCreateIndexer + F5 151F545A 29 Bytes [09, B8, 03, 40, 00, 80, 5D, ...]

.text WMVCore.dll!WMCreateIndexer + 113 151F5478 159 Bytes [75, 0C, 6A, 04, 59, BF, 20, ...]

.text ...

.text WMVCore.dll!WMCreateBackupRestorerPrivate + E 151F75D1 32 Bytes [01, 00, 68, DC, 5F, B7, 32, ...]

.text WMVCore.dll!WMCreateBackupRestorerPrivate + 2F 151F75F2 68 Bytes [50, FF, 51, 08, 89, 75, F8, ...]

.text WMVCore.dll!WMCreateBackupRestorer + 1 151F7637 22 Bytes [F8, 3B, FE, 7C, AD, 8D, 45, ...]

.text WMVCore.dll!WMCreateBackupRestorer + 18 151F764E 35 Bytes [5D, 14, 3B, DE, 74, 95, FF, ...]

.text WMVCore.dll!WMCreateBackupRestorer + 3C 151F7672 1 Byte [55]

.text WMVCore.dll!WMCreateBackupRestorer + 3C 151F7672 25 Bytes [55, 8B, EC, 83, EC, 1C, 56, ...]

.text WMVCore.dll!WMCreateBackupRestorer + 56 151F768C 45 Bytes [F6, 89, 75, F8, 89, 75, FC, ...]

.text ...

.text WMVCore.dll!WMCreateLicenseRevocationAgentPrivate + 17 151F7C33 4 Bytes [FC, F2, 6E, FF]

.text WMVCore.dll!WMCreateLicenseRevocationAgentPrivate + 1D 151F7C39 230 Bytes [74, 18, 8B, 45, FC, 6B, C0, ...]

.text WMVCore.dll!WMCreateLicenseRevocationAgentPrivate + 104 151F7D20 39 Bytes [85, A8, EF, FF, FF, 8B, 08, ...]

.text WMVCore.dll!WMCreateLicenseRevocationAgentPrivate + 12C 151F7D48 2 Bytes [47, 8B]

.text WMVCore.dll!WMCreateLicenseRevocationAgentPrivate + 12F 151F7D4B 14 Bytes [A8, EF, FF, FF, 3B, C6, 74, ...]

.text ...

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[172] ADVAPI32.dll!SetServiceObject

Link to comment
Share on other sites

Hello eusebios

 

Thank you for the logs.

 

Lets start with the following:

 

 

  • Security Programs

     

     

    • I can see from your log that you have a number of real-time security programs running, namely avast! Free Antivirus and Microsoft Security Essentials.
    • Whilst both of these programs provide good security, they may clash with each other which can leave your system vulnerable to infection.
    • You are advised to remove one of these programs.
    • Please make sure that you only have ONE Firewall and ONE real-time Antivirus running on your system.

  • P2P Programs:

     

     

    • P2P programs are a major source of Malware infections.
    • From your log I see you have µTorrent and BitTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
    • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
    • If you wish to keep the program(s), please do not use them until your computer is cleaned.

    • Information regarding the risk of using these programs can be found from here and here.

    • We strongly recommend that you uninstall any P2P programs you have on your system.

    • To do this, Click on "Start" then on "Control Panel" and then on "Add or remove programs".
    • A list of currently installed programs will be displayed.
    • Find each program, click on it once and then click on the "Remove" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.

       

       

      PLEASE NOTE:

    • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.

  • Toolbars

     

     

    • I can see that you have BitTorrentBar Toolbar and Ask Toolbar toolbars installed.
    • We recommend that you uninstall these toolbars from your machine.
    • To do this, Click on "Start" then on "Control Panel" and then on "Add or remove programs".
    • A list of currently installed programs will be displayed.
    • Find the "BitTorrentBar Toolbar" program, click on it once and then click on the "Remove" button.
    • Repeat this procedure for "Ask Toolbar"
    • If you are prompted to re-boot your computer to complete the uninstall please do so.

  • CKScanner

     

     

    • Download CKScanner by askey127 from here and save it to your Desktop.
    • Double click CKScanner.exe then click on Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify the file saved.
    • Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

  • TDSS Killer

     

     

    • Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and double click on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Please post the CKScanner and TDSSKiller log in your next reply.

Link to comment
Share on other sites

Hi JonTom,

 

I will remove all the P2Pware you mentioned before.

 

Here are the logs, seems that is not what I expected, there should be something else because the PC restart itself with working with it.

 

these are the errors:

 

 

Type : Error

Date : 8/3/2011

Time : 4:32:25 PM

Event : 1003

Source : System Error

Category : (102)

User : N/A

Computer : CHICHITOS

Description:

Error code 1000008e, parameter1 c0000005, parameter2 bf812546, parameter3 a8b7733c, parameter4 00000000.

 

 

Type : Error

 

 

Date : 8/1/2011

Time : 1:50:45 PM

Event : 1003

Source : System Error

Category : (102)

User : N/A

Computer : CHICHITOS

Description:

Error code 00000050, parameter1 d0d0b500, parameter2 00000000, parameter3 804e8dc4, parameter4 00000000.

 

Please advice.

 

Thank You very much.

 

------LOGS----

 

 

CKScanner - Additional Security Risks - These are not necessarily bad

c:\documents and settings\tamtum\start menu\programs\rar password cracker\license agreement.lnk

c:\documents and settings\tamtum\start menu\programs\rar password cracker\rar password cracker registration.lnk

c:\documents and settings\tamtum\start menu\programs\rar password cracker\rar password cracker wizard.lnk

c:\documents and settings\tamtum\start menu\programs\rar password cracker\rar password cracker.lnk

c:\documents and settings\tamtum\start menu\programs\rar password cracker\readme.lnk

c:\documents and settings\tamtum\start menu\programs\rar password cracker\uninstall.lnk

c:\documents and settings\tamtum\start menu\programs\rar password cracker\Äëÿ ðóññêèõ.lnk

c:\program files\rar password cracker\example.rpc

c:\program files\rar password cracker\example1.rar

c:\program files\rar password cracker\example2.rar

c:\program files\rar password cracker\license.txt

c:\program files\rar password cracker\readme.txt

c:\program files\rar password cracker\rpc.exe

c:\program files\rar password cracker\special.chr

c:\program files\rar password cracker\uninstall.exe

c:\program files\rar password cracker\Äëÿ ðóññêèõ.txt

c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\keygen.exe

c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\keygen.rar

hosts 127.0.0.1 activate.adobe.com

scanner sequence 3.IJ.11.SNAPHV

----- EOF -----

 

 

2011/08/04 21:10:16.0812 3340 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11

2011/08/04 21:10:18.0812 3340

 

================================================================================

2011/08/04 21:10:18.0812 3340 SystemInfo:

2011/08/04 21:10:18.0812 3340

2011/08/04 21:10:18.0812 3340 OS Version: 5.1.2600 ServicePack: 3.0

2011/08/04 21:10:18.0812 3340 Product type: Workstation

2011/08/04 21:10:18.0812 3340 ComputerName: CHICHITOS

2011/08/04 21:10:18.0812 3340 UserName: Tamtum

2011/08/04 21:10:18.0812 3340 Windows directory: C:\WINDOWS

2011/08/04 21:10:18.0812 3340 System windows directory: C:\WINDOWS

2011/08/04 21:10:18.0812 3340 Processor architecture: Intel x86

2011/08/04 21:10:18.0812 3340 Number of processors: 2

2011/08/04 21:10:18.0812 3340 Page size: 0x1000

2011/08/04 21:10:18.0812 3340 Boot type: Normal boot

2011/08/04 21:10:18.0812 3340

 

================================================================================

2011/08/04 21:10:22.0875 3340 Initialize success

2011/08/04 21:10:54.0265 3408

 

================================================================================

2011/08/04 21:10:54.0265 3408 Scan started

2011/08/04 21:10:54.0265 3408 Mode: Manual;

2011/08/04 21:10:54.0265 3408

 

================================================================================

2011/08/04 21:10:55.0187 3408 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716)

 

C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/08/04 21:10:56.0000 3408 ACPI (8fd99680a539792a30e97944fdaecf17)

 

C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/08/04 21:10:56.0265 3408 ACPIEC (9859c0f6936e723e4892d7141b1327d5)

 

C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/08/04 21:10:56.0953 3408 aeaudio (3cb6ae5435987b1f8c83fd2730479878)

 

C:\WINDOWS\system32\drivers\aeaudio.sys

2011/08/04 21:10:57.0328 3408 aec (8bed39e3c35d6a489438b8141717a557)

 

C:\WINDOWS\system32\drivers\aec.sys

2011/08/04 21:10:57.0796 3408 AFD (355556d9e580915118cd7ef736653a89)

 

C:\WINDOWS\System32\drivers\afd.sys

2011/08/04 21:11:00.0187 3408 aswFsBlk (861cb512e4e850e87dd2316f88d69330)

 

C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/08/04 21:11:00.0453 3408 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9)

 

C:\WINDOWS\system32\drivers\aswMon2.sys

2011/08/04 21:11:00.0734 3408 aswRdr (8db043bf96bb6d334e5b4888e709e1c7)

 

C:\WINDOWS\system32\drivers\aswRdr.sys

2011/08/04 21:11:01.0109 3408 aswSnx (17230708a2028cd995656df455f2e303)

 

C:\WINDOWS\system32\drivers\aswSnx.sys

2011/08/04 21:11:01.0578 3408 aswSP (dbedd9d43b00630966ef05d2d8d04cee)

 

C:\WINDOWS\system32\drivers\aswSP.sys

2011/08/04 21:11:01.0796 3408 aswTdi (984cfce2168286c2511695c2f9621475)

 

C:\WINDOWS\system32\drivers\aswTdi.sys

2011/08/04 21:11:02.0171 3408 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc)

 

C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/08/04 21:11:02.0531 3408 atapi (9f3a2f5aa6875c72bf062c712cfa2674)

 

C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/08/04 21:11:02.0984 3408 Atmarpc (9916c1225104ba14794209cfa8012159)

 

C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/08/04 21:11:03.0343 3408 audstub (d9f724aa26c010a217c97606b160ed68)

 

C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/08/04 21:11:03.0765 3408 b57w2k (0bb5248a2a5c6fbb50584c75c32ac2d0)

 

C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/08/04 21:11:04.0062 3408 BASFND (77542f1cb1c3260f0c5c922c5e548fb8) C:\Program

 

Files\Broadcom\BACS\BASFND.sys

2011/08/04 21:11:04.0328 3408 Beep (da1f27d85e0d1525f6621372e7b685e9)

 

C:\WINDOWS\system32\drivers\Beep.sys

2011/08/04 21:11:04.0593 3408 Blfp (0bfa1c8df0ed5b14b2eb43200f721cc4)

 

C:\WINDOWS\system32\DRIVERS\baspxp32.sys

2011/08/04 21:11:04.0875 3408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9)

 

C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/08/04 21:11:05.0281 3408 CCDECODE (0be5aef125be881c4f854c554f2b025c)

 

C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/08/04 21:11:05.0718 3408 Cdaudio (c1b486a7658353d33a10cc15211a873b)

 

C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/08/04 21:11:05.0984 3408 Cdfs (c885b02847f5d2fd45a24e219ed93b32)

 

C:\WINDOWS\system32\drivers\Cdfs.sys

2011/08/04 21:11:06.0250 3408 Cdrom (1f4260cc5b42272d71f79e570a27a4fe)

 

C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/08/04 21:11:08.0375 3408 Disk (044452051f3e02e7963599fc8f4f3e25)

 

C:\WINDOWS\system32\DRIVERS\disk.sys

2011/08/04 21:11:08.0984 3408 dmboot (d992fe1274bde0f84ad826acae022a41)

 

C:\WINDOWS\system32\drivers\dmboot.sys

2011/08/04 21:11:09.0546 3408 dmio (7c824cf7bbde77d95c08005717a95f6f)

 

C:\WINDOWS\system32\DRIVERS\dmio.sys

2011/08/04 21:11:09.0812 3408 dmload (e9317282a63ca4d188c0df5e09c6ac5f)

 

C:\WINDOWS\system32\drivers\dmload.sys

2011/08/04 21:11:10.0171 3408 DMusic (8a208dfcf89792a484e76c40e5f50b45)

 

C:\WINDOWS\system32\drivers\DMusic.sys

2011/08/04 21:11:10.0796 3408 drmkaud (8f5fcff8e8848afac920905fbd9d33c8)

 

C:\WINDOWS\system32\drivers\drmkaud.sys

2011/08/04 21:11:11.0109 3408 Fastfat (38d332a6d56af32635675f132548343e)

 

C:\WINDOWS\system32\drivers\Fastfat.sys

2011/08/04 21:11:11.0359 3408 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81)

 

C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/08/04 21:11:11.0609 3408 Fips (d45926117eb9fa946a6af572fbe1caa3)

 

C:\WINDOWS\system32\drivers\Fips.sys

2011/08/04 21:11:11.0812 3408 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0)

 

C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/08/04 21:11:12.0171 3408 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0)

 

C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/08/04 21:11:12.0484 3408 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de)

 

C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/08/04 21:11:12.0703 3408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a)

 

C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/08/04 21:11:13.0015 3408 FTDIBUS (aae37f0f2f613218dce17b42a18c38db)

 

C:\WINDOWS\system32\drivers\ftdibus.sys

2011/08/04 21:11:13.0437 3408 Ftdisk (6ac26732762483366c3969c9e4d2259d)

 

C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/08/04 21:11:13.0687 3408 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2)

 

C:\WINDOWS\system32\drivers\ftser2k.sys

2011/08/04 21:11:14.0000 3408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e)

 

C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/08/04 21:11:14.0250 3408 Gpc (0a02c63c8b144bd8c86b103dee7c86a2)

 

C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/08/04 21:11:14.0546 3408 HidUsb (ccf82c5ec8a7326c3066de870c06daf1)

 

C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/08/04 21:11:15.0125 3408 HTTP (f80a415ef82cd06ffaf0d971528ead38)

 

C:\WINDOWS\system32\Drivers\HTTP.sys

2011/08/04 21:11:15.0406 3408 HWiNFO32 (a8631a5c888203d9ebef43a474d7613f) C:\Program

 

Files\HWiNFO32\HWiNFO32.SYS

2011/08/04 21:11:16.0640 3408 i8042prt (4a0b06aa8943c1e332520f7440c0aa30)

 

C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/08/04 21:11:17.0500 3408 ialm (9a883c3c4d91292c0d09de7c728e781c)

 

C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/08/04 21:11:18.0203 3408 Imapi (083a052659f5310dd8b6a6cb05edcf8e)

 

C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/08/04 21:11:18.0656 3408 IntelIde (b5466a9250342a7aa0cd1fba13420678)

 

C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/08/04 21:11:18.0953 3408 intelppm (8c953733d8f36eb2133f5bb58808b66b)

 

C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/08/04 21:11:19.0375 3408 Ip6Fw (3bb22519a194418d5fec05d800a19ad0)

 

C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/08/04 21:11:19.0875 3408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182)

 

C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/08/04 21:11:20.0078 3408 IpInIp (b87ab476dcf76e72010632b5550955f5)

 

C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/08/04 21:11:20.0390 3408 IpNat (cc748ea12c6effde940ee98098bf96bb)

 

C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/08/04 21:11:20.0640 3408 IPSec (23c74d75e36e7158768dd63d92789a91)

 

C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/08/04 21:11:21.0125 3408 IRENUM (c93c9ff7b04d772627a3646d89f7bf89)

 

C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/08/04 21:11:21.0437 3408 isapnp (05a299ec56e52649b1cf2fc52d20f2d7)

 

C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/08/04 21:11:21.0703 3408 Kbdclass (463c1ec80cd17420a542b7f36a36f128)

 

C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/08/04 21:11:22.0156 3408 kbdhid (9ef487a186dea361aa06913a75b3fa99)

 

C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/08/04 21:11:22.0531 3408 kmixer (692bcf44383d056aed41b045a323d378)

 

C:\WINDOWS\system32\drivers\kmixer.sys

2011/08/04 21:11:22.0890 3408 KSecDD (b467646c54cc746128904e1654c750c1)

 

C:\WINDOWS\system32\drivers\KSecDD.sys

2011/08/04 21:11:24.0062 3408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6)

 

C:\WINDOWS\system32\drivers\mnmdd.sys

2011/08/04 21:11:24.0328 3408 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1)

 

C:\WINDOWS\system32\drivers\Modem.sys

2011/08/04 21:11:24.0656 3408 Mouclass (35c9e97194c8cfb8430125f8dbc34d04)

 

C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/08/04 21:11:25.0093 3408 mouhid (b1c303e17fb9d46e87a98e4ba6769685)

 

C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/08/04 21:11:25.0484 3408 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd)

 

C:\WINDOWS\system32\drivers\MountMgr.sys

2011/08/04 21:11:25.0906 3408 MpFilter (fee0baded54222e9f1dae9541212aab1)

 

C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/08/04 21:11:30.0703 3408 MpKslde379161 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All

 

Users\Application Data\Microsoft\Microsoft Antimalware\Definition

 

Updates\{5390BD6E-5A25-4295-8A9A-36D0071EE2FD}\MpKslde379161.sys

2011/08/04 21:11:32.0078 3408 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd)

 

C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/08/04 21:11:32.0625 3408 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa)

 

C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/08/04 21:11:33.0062 3408 Msfs (c941ea2454ba8350021d774daf0f1027)

 

C:\WINDOWS\system32\drivers\Msfs.sys

2011/08/04 21:11:33.0390 3408 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1)

 

C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/08/04 21:11:33.0640 3408 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e)

 

C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/08/04 21:11:33.0859 3408 MSPQM (bad59648ba099da4a17680b39730cb3d)

 

C:\WINDOWS\system32\drivers\MSPQM.sys

2011/08/04 21:11:34.0125 3408 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136)

 

C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/08/04 21:11:34.0406 3408 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d)

 

C:\WINDOWS\system32\drivers\MSTEE.sys

2011/08/04 21:11:34.0718 3408 Mup (de6a75f5c270e756c5508d94b6cf68f5)

 

C:\WINDOWS\system32\drivers\Mup.sys

2011/08/04 21:11:35.0062 3408 NABTSFEC (5b50f1b2a2ed47d560577b221da734db)

 

C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/08/04 21:11:35.0484 3408 NDIS (1df7f42665c94b825322fae71721130d)

 

C:\WINDOWS\system32\drivers\NDIS.sys

2011/08/04 21:11:35.0765 3408 NdisIP (7ff1f1fd8609c149aa432f95a8163d97)

 

C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/08/04 21:11:36.0046 3408 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f)

 

C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/08/04 21:11:36.0343 3408 Ndisuio (f927a4434c5028758a842943ef1a3849)

 

C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/08/04 21:11:36.0578 3408 NdisWan (edc1531a49c80614b2cfda43ca8659ab)

 

C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/08/04 21:11:36.0859 3408 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b)

 

C:\WINDOWS\system32\drivers\NDProxy.sys

2011/08/04 21:11:37.0265 3408 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0)

 

C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/08/04 21:11:37.0718 3408 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d)

 

C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/08/04 21:11:38.0265 3408 nm (1e421a6bcf2203cc61b821ada9de878b)

 

C:\WINDOWS\system32\DRIVERS\NMnt.sys

2011/08/04 21:11:38.0593 3408 NPF (b48dc6abcd3aeff8618350ccbdc6b09a)

 

C:\WINDOWS\system32\drivers\npf.sys

2011/08/04 21:11:38.0875 3408 Npfs (3182d64ae053d6fb034f44b6def8034a)

 

C:\WINDOWS\system32\drivers\Npfs.sys

2011/08/04 21:11:39.0406 3408 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca)

 

C:\WINDOWS\system32\drivers\Ntfs.sys

2011/08/04 21:11:39.0906 3408 Null (73c1e1f395918bc2c6dd67af7591a3ad)

 

C:\WINDOWS\system32\drivers\Null.sys

2011/08/04 21:11:40.0187 3408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57)

 

C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/08/04 21:11:40.0437 3408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9)

 

C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/08/04 21:11:40.0843 3408 Parport (5575faf8f97ce5e713d108c2a58d7c7c)

 

C:\WINDOWS\system32\DRIVERS\parport.sys

2011/08/04 21:11:41.0109 3408 PartMgr (beb3ba25197665d82ec7065b724171c6)

 

C:\WINDOWS\system32\drivers\PartMgr.sys

2011/08/04 21:11:41.0390 3408 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1)

 

C:\WINDOWS\system32\drivers\ParVdm.sys

2011/08/04 21:11:41.0687 3408 PCI (a219903ccf74233761d92bef471a07b1)

 

C:\WINDOWS\system32\DRIVERS\pci.sys

2011/08/04 21:11:42.0234 3408 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0)

 

C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/08/04 21:11:42.0593 3408 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1)

 

C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/08/04 21:11:44.0484 3408 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99)

 

C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/08/04 21:11:44.0812 3408 PSched (09298ec810b07e5d582cb3a3f9255424)

 

C:\WINDOWS\system32\DRIVERS\psched.sys

2011/08/04 21:11:45.0156 3408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd)

 

C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/08/04 21:11:45.0484 3408 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e)

 

C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/08/04 21:11:46.0859 3408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c)

 

C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/08/04 21:11:47.0156 3408 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6)

 

C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/08/04 21:11:47.0453 3408 RasPppoe (5bc962f2654137c9909c3d4603587dee)

 

C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/08/04 21:11:47.0734 3408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242)

 

C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/08/04 21:11:48.0078 3408 Rdbss (7ad224ad1a1437fe28d89cf22b17780a)

 

C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/08/04 21:11:48.0500 3408 RDPCDD (4912d5b403614ce99c28420f75353332)

 

C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/08/04 21:11:48.0875 3408 rdpdr (15cabd0f7c00c47c70124907916af3f1)

 

C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/08/04 21:11:49.0296 3408 RDPWD (6728e45b66f93c08f11de2e316fc70dd)

 

C:\WINDOWS\system32\drivers\RDPWD.sys

2011/08/04 21:11:49.0640 3408 redbook (f828dd7e1419b6653894a8f97a0094c5)

 

C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/08/04 21:11:50.0093 3408 Secdrv (90a3935d05b494a5a39d37e71f09a677)

 

C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/08/04 21:11:50.0468 3408 serenum (0f29512ccd6bead730039fb4bd2c85ce)

 

C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/08/04 21:11:50.0734 3408 Serial (cca207a8896d4c6a0c9ce29a4ae411a7)

 

C:\WINDOWS\system32\DRIVERS\serial.sys

2011/08/04 21:11:51.0031 3408 Sfloppy (8e6b8c671615d126fdc553d1e2de5562)

 

C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/08/04 21:11:51.0625 3408 SLIP (866d538ebe33709a5c9f5c62b73b7d14)

 

C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/08/04 21:11:52.0171 3408 smwdm (86d17b6760dd2b09e932ff101714e0dc)

 

C:\WINDOWS\system32\drivers\smwdm.sys

2011/08/04 21:11:53.0093 3408 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f)

 

C:\WINDOWS\system32\drivers\splitter.sys

2011/08/04 21:11:53.0421 3408 sr (76bb022c2fb6902fd5bdd4f78fc13a5d)

 

C:\WINDOWS\system32\DRIVERS\sr.sys

2011/08/04 21:11:53.0875 3408 Srv (47ddfc2f003f7f9f0592c6874962a2e7)

 

C:\WINDOWS\system32\DRIVERS\srv.sys

2011/08/04 21:11:54.0328 3408 streamip (77813007ba6265c4b6098187e6ed79d2)

 

C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/08/04 21:11:54.0640 3408 swenum (3941d127aef12e93addf6fe6ee027e0f)

 

C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/08/04 21:11:54.0953 3408 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01)

 

C:\WINDOWS\system32\drivers\swmidi.sys

2011/08/04 21:11:56.0296 3408 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290)

 

C:\WINDOWS\system32\drivers\sysaudio.sys

2011/08/04 21:11:56.0765 3408 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d)

 

C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/08/04 21:11:57.0265 3408 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7)

 

C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2011/08/04 21:11:57.0625 3408 TDPIPE (6471a66807f5e104e4885f5b67349397)

 

C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/08/04 21:11:57.0937 3408 TDTCP (c56b6d0402371cf3700eb322ef3aaf61)

 

C:\WINDOWS\system32\drivers\TDTCP.sys

2011/08/04 21:11:58.0250 3408 TermDD (88155247177638048422893737429d9e)

 

C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/08/04 21:11:58.0812 3408 tunmp (8f861eda21c05857eb8197300a92501c)

 

C:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/08/04 21:11:59.0203 3408 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9)

 

C:\WINDOWS\system32\drivers\Udfs.sys

2011/08/04 21:11:59.0843 3408 Update (402ddc88356b1bac0ee3dd1580c76a31)

 

C:\WINDOWS\system32\DRIVERS\update.sys

2011/08/04 21:12:00.0312 3408 usbaudio (e919708db44ed8543a7c017953148330)

 

C:\WINDOWS\system32\drivers\usbaudio.sys

2011/08/04 21:12:00.0703 3408 usbccgp (173f317ce0db8e21322e71b7e60a27e8)

 

C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/08/04 21:12:01.0062 3408 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7)

 

C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/08/04 21:12:01.0359 3408 usbhub (1ab3cdde553b6e064d2e754efe20285c)

 

C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/08/04 21:12:01.0671 3408 usbprint (a717c8721046828520c9edf31288fc00)

 

C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/08/04 21:12:02.0000 3408 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9)

 

C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/08/04 21:12:02.0250 3408 usbuhci (26496f9dee2d787fc3e61ad54821ffe6)

 

C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/08/04 21:12:02.0609 3408 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0)

 

C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/08/04 21:12:02.0921 3408 VgaSave (0d3a8fafceacd8b7625cd549757a7df1)

 

C:\WINDOWS\System32\drivers\vga.sys

2011/08/04 21:12:03.0468 3408 VolSnap (4c8fcb5cc53aab716d810740fe59d025)

 

C:\WINDOWS\system32\drivers\VolSnap.sys

2011/08/04 21:12:03.0968 3408 vvftav303 (212f0be9eca72cb56f9c30e4fe1858e2)

 

C:\WINDOWS\system32\drivers\vvftav303.sys

2011/08/04 21:12:04.0437 3408 Wanarp (e20b95baedb550f32dd489265c1da1f6)

 

C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/08/04 21:12:05.0000 3408 wdmaud (6768acf64b18196494413695f0c3a00f)

 

C:\WINDOWS\system32\drivers\wdmaud.sys

2011/08/04 21:12:05.0515 3408 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb)

 

C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/08/04 21:12:05.0906 3408 WSTCODEC (c98b39829c2bbd34e454150633c62c78)

 

C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/08/04 21:12:06.0218 3408 WudfPf (f15feafffbb3644ccc80c5da584e6311)

 

C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/08/04 21:12:06.0578 3408 WudfRd (28b524262bce6de1f7ef9f510ba3985b)

 

C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/08/04 21:12:07.0078 3408 ZSMC0303 (3de80baa4af21883cf938197d508b848)

 

C:\WINDOWS\system32\Drivers\usbVM303.sys

2011/08/04 21:12:07.0312 3408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/08/04 21:12:09.0015 3408 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

2011/08/04 21:12:09.0171 3408 Boot (0x1200) (aaaa9b68cecab7d9ff0a45d98b02f57c)

 

\Device\Harddisk0\DR0\Partition0

2011/08/04 21:12:09.0234 3408 Boot (0x1200) (197e91c33ef6fc33db1d99aafcb459de)

 

\Device\Harddisk1\DR1\Partition0

2011/08/04 21:12:09.0250 3408

 

================================================================================

2011/08/04 21:12:09.0250 3408 Scan finished

2011/08/04 21:12:09.0250 3408

 

================================================================================

2011/08/04 21:12:09.0281 3312 Detected object count: 0

2011/08/04 21:12:09.0281 3312 Actual detected object count: 0

Link to comment
Share on other sites

Hello eusebios

 

  • Combofix

     

     

  • Download ComboFix from one of the following locations:

     

    Link 1

    Link 2

  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

 

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

 

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

  • Should there be issues with internet afterward:

     

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

     

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Link to comment
Share on other sites

Hi JonTom,

 

Here is the log of ComboFix. The computer crashed after finished working with combofix.

 

No error log was created.

 

Thank you for your continued support.

 

-----COMBOFIX LOG----

 

ComboFix 11-08-06.02 - Tamtum 08/06/2011 18:42:29.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.1267 [GMT -4:00]

Running from: c:\documents and settings\Tamtum\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Tamtum\Application Data\PriceGong

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_FAD

.

.

((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))

.

.

2011-08-06 22:59 . 2011-08-06 22:59 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F98E0213-807E-43AA-9666-8E3B93D807EE}\MpKslc3590f11.sys

2011-08-06 22:06 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F98E0213-807E-43AA-9666-8E3B93D807EE}\mpengine.dll

2011-08-04 20:52 . 2011-08-04 20:52 -------- d-----w- c:\documents and settings\Tamtum\Local Settings\Application Data\BitTorrentBar

2011-08-02 20:16 . 2011-08-02 20:25 -------- d-----w- c:\documents and settings\Tamtum\SecurityScans

2011-08-02 02:56 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-08-01 19:36 . 2011-08-01 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB

2011-08-01 19:36 . 2011-08-01 19:36 -------- d-----w- c:\documents and settings\Tamtum\Local Settings\Application Data\PC_Drivers_Headquarters

2011-08-01 19:36 . 2011-08-01 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2011-08-01 19:34 . 2011-08-01 19:34 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2011-08-01 18:32 . 2011-08-01 18:32 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-08-01 15:23 . 2011-08-01 15:23 388096 ----a-r- c:\documents and settings\Tamtum\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-01 15:23 . 2011-08-01 15:23 -------- d-----w- c:\program files\Trend Micro

2011-08-01 13:17 . 2011-08-01 13:17 -------- d-----w- c:\program files\Event Log Explorer

2011-08-01 12:51 . 2011-08-01 12:51 -------- d-----w- c:\documents and settings\Tamtum\Local Settings\Application Data\jsisoft.com

2011-07-31 14:48 . 2011-07-31 14:48 -------- d-----w- c:\program files\HWiNFO32

2011-07-24 06:47 . 2011-07-24 06:47 -------- d-----w- c:\program files\Common Files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-01 13:52 . 2009-12-02 16:25 40960 ----a-r- c:\documents and settings\Tamtum\Application Data\Microsoft\Installer\{F5242227-2051-4158-AC42-0F2BAA3CD3D6}\New_Shortcut_S1425_ADB54615A0E240F89C5EFD8513472ED3.exe

2011-07-13 03:39 . 2010-04-22 14:00 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-06 23:52 . 2011-06-01 06:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-06-01 06:18 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 11:43 . 2010-07-28 13:23 40112 ----a-w- c:\windows\avastSS.scr

2011-07-04 11:43 . 2010-05-16 20:25 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-04 11:36 . 2011-05-10 21:08 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-04 11:36 . 2010-05-16 20:26 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-04 11:35 . 2010-05-16 20:26 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-04 11:35 . 2010-05-16 20:26 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-07-04 11:35 . 2010-05-16 20:26 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-07-04 11:32 . 2010-05-16 20:26 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-04 11:32 . 2010-05-16 20:26 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-07-04 11:32 . 2010-05-16 20:26 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-06-17 11:55 . 2011-05-19 19:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-07 13:29 . 2011-06-07 13:29 0 ---ha-w- c:\documents and settings\Tamtum\Local Settings\Application Data\BIT25.tmp

2011-06-02 14:02 . 2008-04-14 05:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-30 13:42 . 2011-06-23 17:45 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-05-23 09:52 . 2011-06-23 17:45 153088 ----a-w- c:\windows\system32\xvid.ax

2011-05-23 07:46 . 2011-06-23 17:45 645632 ----a-w- c:\windows\system32\xvidcore.dll

2011-06-28 13:21 . 2011-05-10 13:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 176128]

"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-20 202256]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"VMSnap3"="c:\windows\VMSnap3.exe" [2006-08-30 49152]

"Domino"="c:\windows\Domino.exe" [2006-06-28 49152]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Sound Control.lnk - c:\program files\Sound Control\sc.exe [2011-3-14 726016]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Tamtum^Start Menu^Programs^Startup^FreeRapid 0.85u1.lnk]

path=c:\documents and settings\Tamtum\Start Menu\Programs\Startup\FreeRapid 0.85u1.lnk

backup=c:\windows\pss\FreeRapid 0.85u1.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2003-10-23 23:51 233472 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2003-06-25 15:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Documents and Settings\\Tamtum\\Application Data\\FlashgetSetup\\fgmini.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Program Files\\SRWare Iron\\iron.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/10/2011 5:08 PM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/16/2010 4:26 PM 309848]

R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [7/31/2011 10:48 AM 20216]

R1 MpKslc3590f11;MpKslc3590f11;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F98E0213-807E-43AA-9666-8E3B93D807EE}\MpKslc3590f11.sys [8/6/2011 6:59 PM 28752]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/16/2010 4:26 PM 19544]

R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [1/14/2011 1:35 PM 196912]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 1:07 PM 35088]

S1 MpKsl0062820c;MpKsl0062820c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{566DF78D-48E7-48B7-9FC3-56004FF11F46}\MpKsl0062820c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{566DF78D-48E7-48B7-9FC3-56004FF11F46}\MpKsl0062820c.sys [?]

S1 MpKsl05e3e8be;MpKsl05e3e8be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87CBCA0C-2C23-41AF-BAD1-12A01C62CCCF}\MpKsl05e3e8be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87CBCA0C-2C23-41AF-BAD1-12A01C62CCCF}\MpKsl05e3e8be.sys [?]

S1 MpKsl0830cca8;MpKsl0830cca8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2F53AF6-5A4B-41D4-BE4D-F4C068651B42}\MpKsl0830cca8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2F53AF6-5A4B-41D4-BE4D-F4C068651B42}\MpKsl0830cca8.sys [?]

S1 MpKsl08708dd8;MpKsl08708dd8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BD31CB2-8DDD-4FA4-9213-983847225C01}\MpKsl08708dd8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BD31CB2-8DDD-4FA4-9213-983847225C01}\MpKsl08708dd8.sys [?]

S1 MpKsl095d399c;MpKsl095d399c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D24F2C1-0CA3-40A8-A5E2-C46848C69DD9}\MpKsl095d399c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D24F2C1-0CA3-40A8-A5E2-C46848C69DD9}\MpKsl095d399c.sys [?]

S1 MpKsl0c43791c;MpKsl0c43791c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D12A5D1-CA80-4B5F-937F-C57918823C70}\MpKsl0c43791c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D12A5D1-CA80-4B5F-937F-C57918823C70}\MpKsl0c43791c.sys [?]

S1 MpKsl0cbfd4a0;MpKsl0cbfd4a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{069F665D-6D6C-4C2B-B002-5309199ECD6A}\MpKsl0cbfd4a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{069F665D-6D6C-4C2B-B002-5309199ECD6A}\MpKsl0cbfd4a0.sys [?]

S1 MpKsl0da4d4fa;MpKsl0da4d4fa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60EEBEBC-92FA-4A73-8BE5-E5E00053D9D3}\MpKsl0da4d4fa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60EEBEBC-92FA-4A73-8BE5-E5E00053D9D3}\MpKsl0da4d4fa.sys [?]

S1 MpKsl1169cda3;MpKsl1169cda3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14A14352-6297-45B7-B893-A7DF367B618D}\MpKsl1169cda3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14A14352-6297-45B7-B893-A7DF367B618D}\MpKsl1169cda3.sys [?]

S1 MpKsl13005c2b;MpKsl13005c2b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27FA18D0-90F4-4AE0-9A18-0592C7EB5399}\MpKsl13005c2b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27FA18D0-90F4-4AE0-9A18-0592C7EB5399}\MpKsl13005c2b.sys [?]

S1 MpKsl1400ef74;MpKsl1400ef74;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D24F2C1-0CA3-40A8-A5E2-C46848C69DD9}\MpKsl1400ef74.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D24F2C1-0CA3-40A8-A5E2-C46848C69DD9}\MpKsl1400ef74.sys [?]

S1 MpKsl155d68d1;MpKsl155d68d1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4A3C992-22DA-4B33-B907-EB6ECAD9D43A}\MpKsl155d68d1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4A3C992-22DA-4B33-B907-EB6ECAD9D43A}\MpKsl155d68d1.sys [?]

S1 MpKsl169ac2e6;MpKsl169ac2e6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33B5A980-FE82-44A9-933C-1E30C789B1BF}\MpKsl169ac2e6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33B5A980-FE82-44A9-933C-1E30C789B1BF}\MpKsl169ac2e6.sys [?]

S1 MpKsl1933e5e4;MpKsl1933e5e4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFA11C6A-B730-4ADE-A3ED-60B231092E53}\MpKsl1933e5e4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFA11C6A-B730-4ADE-A3ED-60B231092E53}\MpKsl1933e5e4.sys [?]

S1 MpKsl1daaf17c;MpKsl1daaf17c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl1daaf17c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl1daaf17c.sys [?]

S1 MpKsl20bf2eb0;MpKsl20bf2eb0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07086AC7-D769-48B6-9105-A0AB95B95002}\MpKsl20bf2eb0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07086AC7-D769-48B6-9105-A0AB95B95002}\MpKsl20bf2eb0.sys [?]

S1 MpKsl234e52f6;MpKsl234e52f6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C71B6C5-CA7A-4181-B44E-21FECA7EAEFF}\MpKsl234e52f6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C71B6C5-CA7A-4181-B44E-21FECA7EAEFF}\MpKsl234e52f6.sys [?]

S1 MpKsl26aafb95;MpKsl26aafb95;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BD31CB2-8DDD-4FA4-9213-983847225C01}\MpKsl26aafb95.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BD31CB2-8DDD-4FA4-9213-983847225C01}\MpKsl26aafb95.sys [?]

S1 MpKsl26ffbc48;MpKsl26ffbc48;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4C5BFAF-40DC-47DF-9315-195A796D3E73}\MpKsl26ffbc48.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4C5BFAF-40DC-47DF-9315-195A796D3E73}\MpKsl26ffbc48.sys [?]

S1 MpKsl29d74a01;MpKsl29d74a01;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85F12741-1760-467A-BB67-71EA68BCE909}\MpKsl29d74a01.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85F12741-1760-467A-BB67-71EA68BCE909}\MpKsl29d74a01.sys [?]

S1 MpKsl2a922ab7;MpKsl2a922ab7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF47269E-233E-460F-BF72-1EB145C55A63}\MpKsl2a922ab7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF47269E-233E-460F-BF72-1EB145C55A63}\MpKsl2a922ab7.sys [?]

S1 MpKsl2aa2d938;MpKsl2aa2d938;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl2aa2d938.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl2aa2d938.sys [?]

S1 MpKsl34226978;MpKsl34226978;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{903731D9-773D-4A04-86A8-9C42C46E9472}\MpKsl34226978.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{903731D9-773D-4A04-86A8-9C42C46E9472}\MpKsl34226978.sys [?]

S1 MpKsl3593f526;MpKsl3593f526;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8243420-E564-4185-8172-B80929C1F526}\MpKsl3593f526.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8243420-E564-4185-8172-B80929C1F526}\MpKsl3593f526.sys [?]

S1 MpKsl359b2c54;MpKsl359b2c54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1BDB81E-68E2-46A9-95D1-999670255447}\MpKsl359b2c54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1BDB81E-68E2-46A9-95D1-999670255447}\MpKsl359b2c54.sys [?]

S1 MpKsl36f85288;MpKsl36f85288;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED317F68-829D-4407-86C2-5AF3421047F0}\MpKsl36f85288.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED317F68-829D-4407-86C2-5AF3421047F0}\MpKsl36f85288.sys [?]

S1 MpKsl3d52ce76;MpKsl3d52ce76;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19D52414-151A-40A4-A18F-9D1C0E93855B}\MpKsl3d52ce76.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19D52414-151A-40A4-A18F-9D1C0E93855B}\MpKsl3d52ce76.sys [?]

S1 MpKsl3e1db336;MpKsl3e1db336;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1DAAF35-368E-4C29-B74B-34D0BBC98E6D}\MpKsl3e1db336.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1DAAF35-368E-4C29-B74B-34D0BBC98E6D}\MpKsl3e1db336.sys [?]

S1 MpKsl3ef10ded;MpKsl3ef10ded;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0E49630-0ACF-4AD4-A759-213F58FEBBF0}\MpKsl3ef10ded.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0E49630-0ACF-4AD4-A759-213F58FEBBF0}\MpKsl3ef10ded.sys [?]

S1 MpKsl3fa1f2bd;MpKsl3fa1f2bd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E63132-BAA4-47E5-96CA-2445C053C881}\MpKsl3fa1f2bd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E63132-BAA4-47E5-96CA-2445C053C881}\MpKsl3fa1f2bd.sys [?]

S1 MpKsl4011acc7;MpKsl4011acc7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{858C51AB-CBDA-4AA8-B372-76E2E758430A}\MpKsl4011acc7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{858C51AB-CBDA-4AA8-B372-76E2E758430A}\MpKsl4011acc7.sys [?]

S1 MpKsl40b48993;MpKsl40b48993;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFA11C6A-B730-4ADE-A3ED-60B231092E53}\MpKsl40b48993.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFA11C6A-B730-4ADE-A3ED-60B231092E53}\MpKsl40b48993.sys [?]

S1 MpKsl41f2391e;MpKsl41f2391e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C72298D5-8AE7-43F6-AD86-9B43D1C118BD}\MpKsl41f2391e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C72298D5-8AE7-43F6-AD86-9B43D1C118BD}\MpKsl41f2391e.sys [?]

S1 MpKsl4227634a;MpKsl4227634a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{815047AD-4781-49BF-A4A1-5695D6E032E3}\MpKsl4227634a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{815047AD-4781-49BF-A4A1-5695D6E032E3}\MpKsl4227634a.sys [?]

S1 MpKsl46e6a53f;MpKsl46e6a53f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2F53AF6-5A4B-41D4-BE4D-F4C068651B42}\MpKsl46e6a53f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2F53AF6-5A4B-41D4-BE4D-F4C068651B42}\MpKsl46e6a53f.sys [?]

S1 MpKsl48572518;MpKsl48572518;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{95E8DAD5-9A7D-437F-8C4C-65AC9D15A4BE}\MpKsl48572518.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{95E8DAD5-9A7D-437F-8C4C-65AC9D15A4BE}\MpKsl48572518.sys [?]

S1 MpKsl4a32284a;MpKsl4a32284a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F2DFD2E-1E6C-4755-9992-9FDA63FA272C}\MpKsl4a32284a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F2DFD2E-1E6C-4755-9992-9FDA63FA272C}\MpKsl4a32284a.sys [?]

S1 MpKsl516bc985;MpKsl516bc985;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D05CF8D-1834-4B86-A8F2-EE48FBF16EE9}\MpKsl516bc985.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D05CF8D-1834-4B86-A8F2-EE48FBF16EE9}\MpKsl516bc985.sys [?]

S1 MpKsl517fe212;MpKsl517fe212;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6198FCD2-73B8-4D27-BAEB-132B7A43669D}\MpKsl517fe212.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6198FCD2-73B8-4D27-BAEB-132B7A43669D}\MpKsl517fe212.sys [?]

S1 MpKsl5204124b;MpKsl5204124b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F900D95-DD6E-4DA8-B853-854C21209C88}\MpKsl5204124b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F900D95-DD6E-4DA8-B853-854C21209C88}\MpKsl5204124b.sys [?]

S1 MpKsl541c941c;MpKsl541c941c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{903731D9-773D-4A04-86A8-9C42C46E9472}\MpKsl541c941c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{903731D9-773D-4A04-86A8-9C42C46E9472}\MpKsl541c941c.sys [?]

S1 MpKsl564ce894;MpKsl564ce894;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C34DA673-8D55-4022-A462-0596BBBF9490}\MpKsl564ce894.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C34DA673-8D55-4022-A462-0596BBBF9490}\MpKsl564ce894.sys [?]

S1 MpKsl57fc41cc;MpKsl57fc41cc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17CFB135-64C0-4A42-8013-83520C22C4BD}\MpKsl57fc41cc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17CFB135-64C0-4A42-8013-83520C22C4BD}\MpKsl57fc41cc.sys [?]

S1 MpKsl58993284;MpKsl58993284;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17CFB135-64C0-4A42-8013-83520C22C4BD}\MpKsl58993284.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17CFB135-64C0-4A42-8013-83520C22C4BD}\MpKsl58993284.sys [?]

S1 MpKsl5b2f3606;MpKsl5b2f3606;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14A14352-6297-45B7-B893-A7DF367B618D}\MpKsl5b2f3606.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14A14352-6297-45B7-B893-A7DF367B618D}\MpKsl5b2f3606.sys [?]

S1 MpKsl5dd94069;MpKsl5dd94069;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFFE856D-0357-4B2C-81EB-476802A00B3A}\MpKsl5dd94069.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFFE856D-0357-4B2C-81EB-476802A00B3A}\MpKsl5dd94069.sys [?]

S1 MpKsl60fb0b74;MpKsl60fb0b74;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EFF8977-9BEE-49A5-B829-BAC9C28DD078}\MpKsl60fb0b74.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EFF8977-9BEE-49A5-B829-BAC9C28DD078}\MpKsl60fb0b74.sys [?]

S1 MpKsl6166bfbd;MpKsl6166bfbd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{287E2510-967F-45B2-BB03-3E06679AC188}\MpKsl6166bfbd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{287E2510-967F-45B2-BB03-3E06679AC188}\MpKsl6166bfbd.sys [?]

S1 MpKsl6167cc78;MpKsl6167cc78;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17CFB135-64C0-4A42-8013-83520C22C4BD}\MpKsl6167cc78.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17CFB135-64C0-4A42-8013-83520C22C4BD}\MpKsl6167cc78.sys [?]

S1 MpKsl635aac9c;MpKsl635aac9c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8243420-E564-4185-8172-B80929C1F526}\MpKsl635aac9c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8243420-E564-4185-8172-B80929C1F526}\MpKsl635aac9c.sys [?]

S1 MpKsl64f882d1;MpKsl64f882d1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E63132-BAA4-47E5-96CA-2445C053C881}\MpKsl64f882d1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E63132-BAA4-47E5-96CA-2445C053C881}\MpKsl64f882d1.sys [?]

S1 MpKsl68633118;MpKsl68633118;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83990B25-785D-4197-A867-1B252D3F9756}\MpKsl68633118.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83990B25-785D-4197-A867-1B252D3F9756}\MpKsl68633118.sys [?]

S1 MpKsl68b30fce;MpKsl68b30fce;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C2D51DA-EBC5-419B-BEDD-3F7868FBF53C}\MpKsl68b30fce.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C2D51DA-EBC5-419B-BEDD-3F7868FBF53C}\MpKsl68b30fce.sys [?]

S1 MpKsl6e6d6d15;MpKsl6e6d6d15;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6A01473-7F05-4999-A131-5AEACFA22DAD}\MpKsl6e6d6d15.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6A01473-7F05-4999-A131-5AEACFA22DAD}\MpKsl6e6d6d15.sys [?]

S1 MpKsl6efdef7a;MpKsl6efdef7a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C71B6C5-CA7A-4181-B44E-21FECA7EAEFF}\MpKsl6efdef7a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C71B6C5-CA7A-4181-B44E-21FECA7EAEFF}\MpKsl6efdef7a.sys [?]

S1 MpKsl742c73c1;MpKsl742c73c1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl742c73c1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl742c73c1.sys [?]

S1 MpKsl76c1f2d0;MpKsl76c1f2d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B58869F-223C-40F4-A2F4-994C8CEC10BE}\MpKsl76c1f2d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B58869F-223C-40F4-A2F4-994C8CEC10BE}\MpKsl76c1f2d0.sys [?]

S1 MpKsl77bdabaf;MpKsl77bdabaf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3B832AE-A635-4F34-A853-E03580363BBE}\MpKsl77bdabaf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3B832AE-A635-4F34-A853-E03580363BBE}\MpKsl77bdabaf.sys [?]

S1 MpKsl7ac8689c;MpKsl7ac8689c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{171914C6-A61A-4460-B30D-27C5DD421406}\MpKsl7ac8689c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{171914C6-A61A-4460-B30D-27C5DD421406}\MpKsl7ac8689c.sys [?]

S1 MpKsl84bc1394;MpKsl84bc1394;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{171914C6-A61A-4460-B30D-27C5DD421406}\MpKsl84bc1394.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{171914C6-A61A-4460-B30D-27C5DD421406}\MpKsl84bc1394.sys [?]

S1 MpKsl8ce38e72;MpKsl8ce38e72;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACFD1E8F-7142-4AAE-A3D5-0EB6427779D4}\MpKsl8ce38e72.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACFD1E8F-7142-4AAE-A3D5-0EB6427779D4}\MpKsl8ce38e72.sys [?]

S1 MpKsl8d15d389;MpKsl8d15d389;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBDDA7BC-DA5F-4043-A433-C2B05A775310}\MpKsl8d15d389.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBDDA7BC-DA5F-4043-A433-C2B05A775310}\MpKsl8d15d389.sys [?]

S1 MpKsl8e1d8ae9;MpKsl8e1d8ae9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl8e1d8ae9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl8e1d8ae9.sys [?]

S1 MpKsl8fb3a792;MpKsl8fb3a792;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F900D95-DD6E-4DA8-B853-854C21209C88}\MpKsl8fb3a792.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F900D95-DD6E-4DA8-B853-854C21209C88}\MpKsl8fb3a792.sys [?]

S1 MpKsl912ed2fd;MpKsl912ed2fd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{073F38BD-56D3-454B-9057-5E3B7E746134}\MpKsl912ed2fd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{073F38BD-56D3-454B-9057-5E3B7E746134}\MpKsl912ed2fd.sys [?]

S1 MpKsl91966f97;MpKsl91966f97;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12DE62FD-E0C5-4E06-AE31-51C9D8160CC7}\MpKsl91966f97.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12DE62FD-E0C5-4E06-AE31-51C9D8160CC7}\MpKsl91966f97.sys [?]

S1 MpKsl925d4101;MpKsl925d4101;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1DAAF35-368E-4C29-B74B-34D0BBC98E6D}\MpKsl925d4101.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1DAAF35-368E-4C29-B74B-34D0BBC98E6D}\MpKsl925d4101.sys [?]

S1 MpKsl92892f95;MpKsl92892f95;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93587A95-FE89-42E6-8AC0-980766162D6E}\MpKsl92892f95.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93587A95-FE89-42E6-8AC0-980766162D6E}\MpKsl92892f95.sys [?]

S1 MpKsl9472eedc;MpKsl9472eedc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85F12741-1760-467A-BB67-71EA68BCE909}\MpKsl9472eedc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85F12741-1760-467A-BB67-71EA68BCE909}\MpKsl9472eedc.sys [?]

S1 MpKsl9496b544;MpKsl9496b544;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{085A2BEB-7FC0-4023-8B9A-1118B6AAC332}\MpKsl9496b544.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{085A2BEB-7FC0-4023-8B9A-1118B6AAC332}\MpKsl9496b544.sys [?]

S1 MpKsl98cda411;MpKsl98cda411;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C181D72-2946-43D0-BB14-D840C74A7CCA}\MpKsl98cda411.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C181D72-2946-43D0-BB14-D840C74A7CCA}\MpKsl98cda411.sys [?]

S1 MpKsla03d353d;MpKsla03d353d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87CBCA0C-2C23-41AF-BAD1-12A01C62CCCF}\MpKsla03d353d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87CBCA0C-2C23-41AF-BAD1-12A01C62CCCF}\MpKsla03d353d.sys [?]

S1 MpKsla684e89e;MpKsla684e89e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{566DF78D-48E7-48B7-9FC3-56004FF11F46}\MpKsla684e89e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{566DF78D-48E7-48B7-9FC3-56004FF11F46}\MpKsla684e89e.sys [?]

S1 MpKsla743a20d;MpKsla743a20d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36742B6B-07CE-47B7-A132-78C7285F563F}\MpKsla743a20d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36742B6B-07CE-47B7-A132-78C7285F563F}\MpKsla743a20d.sys [?]

S1 MpKsla7736210;MpKsla7736210;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33DBBDF3-2C3F-4A19-81CA-28922A4F1DF8}\MpKsla7736210.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33DBBDF3-2C3F-4A19-81CA-28922A4F1DF8}\MpKsla7736210.sys [?]

S1 MpKsla958f364;MpKsla958f364;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19D52414-151A-40A4-A18F-9D1C0E93855B}\MpKsla958f364.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19D52414-151A-40A4-A18F-9D1C0E93855B}\MpKsla958f364.sys [?]

S1 MpKsla98abc04;MpKsla98abc04;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A7F4745-AA7C-445D-8477-C5C0EB36E107}\MpKsla98abc04.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A7F4745-AA7C-445D-8477-C5C0EB36E107}\MpKsla98abc04.sys [?]

S1 MpKslad68d291;MpKslad68d291;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58D97B1E-6137-497D-A106-017FEF9DE28B}\MpKslad68d291.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58D97B1E-6137-497D-A106-017FEF9DE28B}\MpKslad68d291.sys [?]

S1 MpKslaf285074;MpKslaf285074;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05AD6B1A-E6B9-43AC-A1E8-E14C45B768F5}\MpKslaf285074.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05AD6B1A-E6B9-43AC-A1E8-E14C45B768F5}\MpKslaf285074.sys [?]

S1 MpKslb01c8a7f;MpKslb01c8a7f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED317F68-829D-4407-86C2-5AF3421047F0}\MpKslb01c8a7f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED317F68-829D-4407-86C2-5AF3421047F0}\MpKslb01c8a7f.sys [?]

S1 MpKslb43192ba;MpKslb43192ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9176973E-1901-4341-A6E5-20AB8CCD558B}\MpKslb43192ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9176973E-1901-4341-A6E5-20AB8CCD558B}\MpKslb43192ba.sys [?]

S1 MpKslb7620e7c;MpKslb7620e7c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC6DBD8E-E8EB-4274-9A1B-F9199C9553A2}\MpKslb7620e7c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC6DBD8E-E8EB-4274-9A1B-F9199C9553A2}\MpKslb7620e7c.sys [?]

S1 MpKslb94402b4;MpKslb94402b4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0254ACBB-18C4-48C4-ACC3-2D018F918E95}\MpKslb94402b4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0254ACBB-18C4-48C4-ACC3-2D018F918E95}\MpKslb94402b4.sys [?]

S1 MpKslbaa58cc3;MpKslbaa58cc3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A7F4745-AA7C-445D-8477-C5C0EB36E107}\MpKslbaa58cc3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A7F4745-AA7C-445D-8477-C5C0EB36E107}\MpKslbaa58cc3.sys [?]

S1 MpKslbdc49bdd;MpKslbdc49bdd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKslbdc49bdd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKslbdc49bdd.sys [?]

S1 MpKslbe48c29b;MpKslbe48c29b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DBA57FB-F476-44A8-AC80-2B477FF8FEEE}\MpKslbe48c29b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DBA57FB-F476-44A8-AC80-2B477FF8FEEE}\MpKslbe48c29b.sys [?]

S1 MpKslc037d243;MpKslc037d243;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BAECE31-8D08-4A81-B71B-D3EEA40DBA6E}\MpKslc037d243.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BAECE31-8D08-4A81-B71B-D3EEA40DBA6E}\MpKslc037d243.sys [?]

S1 MpKslc348c41f;MpKslc348c41f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57D35839-7C44-456B-B2BD-DD469046480F}\MpKslc348c41f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57D35839-7C44-456B-B2BD-DD469046480F}\MpKslc348c41f.sys [?]

S1 MpKslcd1d00b3;MpKslcd1d00b3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D94CC3FB-C391-4287-8173-3C21CCFC8D3D}\MpKslcd1d00b3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D94CC3FB-C391-4287-8173-3C21CCFC8D3D}\MpKslcd1d00b3.sys [?]

S1 MpKsld094f0d8;MpKsld094f0d8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3B832AE-A635-4F34-A853-E03580363BBE}\MpKsld094f0d8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3B832AE-A635-4F34-A853-E03580363BBE}\MpKsld094f0d8.sys [?]

S1 MpKsld3c0621c;MpKsld3c0621c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05AD6B1A-E6B9-43AC-A1E8-E14C45B768F5}\MpKsld3c0621c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05AD6B1A-E6B9-43AC-A1E8-E14C45B768F5}\MpKsld3c0621c.sys [?]

S1 MpKsldb8d68b1;MpKsldb8d68b1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsldb8d68b1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsldb8d68b1.sys [?]

S1 MpKsldcfd209c;MpKsldcfd209c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C9B2891-2D3D-4DD0-B76F-2F1B5C533C13}\MpKsldcfd209c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C9B2891-2D3D-4DD0-B76F-2F1B5C533C13}\MpKsldcfd209c.sys [?]

S1 MpKsldd5dc335;MpKsldd5dc335;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{287E2510-967F-45B2-BB03-3E06679AC188}\MpKsldd5dc335.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{287E2510-967F-45B2-BB03-3E06679AC188}\MpKsldd5dc335.sys [?]

S1 MpKsle56add0a;MpKsle56add0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0E49630-0ACF-4AD4-A759-213F58FEBBF0}\MpKsle56add0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0E49630-0ACF-4AD4-A759-213F58FEBBF0}\MpKsle56add0a.sys [?]

S1 MpKsle6a12a34;MpKsle6a12a34;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C71B6C5-CA7A-4181-B44E-21FECA7EAEFF}\MpKsle6a12a34.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C71B6C5-CA7A-4181-B44E-21FECA7EAEFF}\MpKsle6a12a34.sys [?]

S1 MpKsle97fecd8;MpKsle97fecd8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C09EBF8-7393-40BF-A156-7464D0EE7E05}\MpKsle97fecd8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C09EBF8-7393-40BF-A156-7464D0EE7E05}\MpKsle97fecd8.sys [?]

S1 MpKsleb4c9cc9;MpKsleb4c9cc9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63EAD3D6-B6A6-42C9-BC46-9381FAFA9610}\MpKsleb4c9cc9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63EAD3D6-B6A6-42C9-BC46-9381FAFA9610}\MpKsleb4c9cc9.sys [?]

S1 MpKsled26e557;MpKsled26e557;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsled26e557.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsled26e557.sys [?]

S1 MpKsled588ed0;MpKsled588ed0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93587A95-FE89-42E6-8AC0-980766162D6E}\MpKsled588ed0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93587A95-FE89-42E6-8AC0-980766162D6E}\MpKsled588ed0.sys [?]

S1 MpKslf1dc3a32;MpKslf1dc3a32;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6A01473-7F05-4999-A131-5AEACFA22DAD}\MpKslf1dc3a32.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6A01473-7F05-4999-A131-5AEACFA22DAD}\MpKslf1dc3a32.sys [?]

S1 MpKslfcf930ef;MpKslfcf930ef;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DBA57FB-F476-44A8-AC80-2B477FF8FEEE}\MpKslfcf930ef.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DBA57FB-F476-44A8-AC80-2B477FF8FEEE}\MpKslfcf930ef.sys [?]

S1 MpKslfd250b33;MpKslfd250b33;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF47269E-233E-460F-BF72-1EB145C55A63}\MpKslfd250b33.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF47269E-233E-460F-BF72-1EB145C55A63}\MpKslfd250b33.sys [?]

S1 MpKslfff4278f;MpKslfff4278f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93587A95-FE89-42E6-8AC0-980766162D6E}\MpKslfff4278f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93587A95-FE89-42E6-8AC0-980766162D6E}\MpKslfff4278f.sys [?]

S2 gupdate1ca8b1a7722bcba;Google Update Service (gupdate1ca8b1a7722bcba);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2010 3:41 PM 133104]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2010 3:41 PM 133104]

S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [4/10/2011 10:23 PM 480128]

S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\drivers\usbVM303.sys [4/10/2011 10:23 PM 392122]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLC3590F11

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 19:41]

.

2011-08-06 c

Link to comment
Share on other sites

Hi JonTom,

 

The p2pware's has been deleted/desintalled as recommended, the directory BitTorrent has been deleted, see below.

 

 

reading the combofix's log I find the logs of quarantine files. here is the output in case you need it.

 

 

2011-08-06 23:24:14 . 2011-08-06 23:24:14 79 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-AdobeBridge.reg.dat

2011-08-06 23:24:01 . 2011-08-06 23:24:01 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}.reg.dat

2011-08-06 23:23:59 . 2011-08-06 23:23:59 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat

2011-08-06 22:51:31 . 2011-08-06 22:51:31 276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FAD.reg.dat

2011-08-06 22:50:54 . 2011-08-06 22:50:54 6,220 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2011-08-06 22:26:23 . 2011-08-06 22:26:24 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

 

 

--BitTorrentBar deleted

 

 

C:\Documents and Settings\Tamtum\Local Settings\Application Data>cd BitTorrentBar

 

C:\Documents and Settings\Tamtum\Local Settings\Application Data\BitTorrentBar>dir

Volume in drive C is System

Volume Serial Number is E4C1-395C

 

Directory of C:\Documents and Settings\Tamtum\Local Settings\Application Data\BitTorrentBar

 

08/04/2011 04:52 PM <DIR> .

08/04/2011 04:52 PM <DIR> ..

0 File(s) 0 bytes

2 Dir(s) 3,638,693,888 bytes free

 

C:\Documents and Settings\Tamtum\Local Settings\Application Data\BitTorrentBar>cd..

 

C:\Documents and Settings\Tamtum\Local Settings\Application Data>dir

Volume in drive C is System

Volume Serial Number is E4C1-395C

 

Directory of C:\Documents and Settings\Tamtum\Local Settings\Application Data

 

03/12/2011 11:22 PM <DIR> Adobe

07/01/2010 07:32 AM <DIR> Apple

09/29/2010 12:18 AM <DIR> Apple Computer

06/24/2010 06:02 PM <DIR> assembly

08/04/2011 04:52 PM <DIR> BitTorrentBar

11/08/2010 10:08 PM <DIR> Chromium

06/29/2011 01:27 PM <DIR> Conduit

05/25/2011 10:40 AM 6,144 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

03/16/2010 07:11 PM <DIR> Downloaded Installations

06/14/2011 08:51 PM 103,512 GDIPFONTCACHEV1.DAT

06/23/2011 10:35 AM <DIR> Google

03/29/2010 10:43 PM <DIR> Help

08/23/2010 06:15 PM <DIR> Identities

08/01/2011 08:51 AM <DIR> jsisoft.com

03/03/2011 11:14 AM <DIR> LogiShrd

08/03/2011 03:45 PM <DIR> Microsoft

11/24/2009 08:32 AM <DIR> Microsoft Help

11/23/2009 09:39 PM <DIR> Mozilla

06/20/2011 08:06 AM <DIR> OpenCandy

07/28/2010 02:48 PM <DIR> Opera

01/19/2010 04:52 PM <DIR> PCHealth

08/01/2011 03:36 PM <DIR> PC_Drivers_Headquarters

07/08/2010 03:19 PM <DIR> Super Internet TV

06/24/2010 05:59 PM <DIR> TechSmith

04/27/2011 09:10 PM <DIR> Temp

07/09/2010 01:40 PM <DIR> WMTools Downloaded Files

2 File(s) 109,656 bytes

24 Dir(s) 3,638,693,888 bytes free

 

C:\Documents and Settings\Tamtum\Local Settings\Application Data>help rmdir

Removes (deletes) a directory.

 

RMDIR [/s] [/Q] [drive:]path

RD [/s] [/Q] [drive:]path

 

/S Removes all directories and files in the specified directory

in addition to the directory itself. Used to remove a directory

tree.

 

/Q Quiet mode, do not ask if ok to remove a directory tree with /S

 

C:\Documents and Settings\Tamtum\Local Settings\Application Data>rmdir/Q BitTorrentBar

 

C:\Documents and Settings\Tamtum\Local Settings\Application Data>dir

Volume in drive C is System

Volume Serial Number is E4C1-395C

 

Directory of C:\Documents and Settings\Tamtum\Local Settings\Application Data

 

03/12/2011 11:22 PM <DIR> Adobe

07/01/2010 07:32 AM <DIR> Apple

09/29/2010 12:18 AM <DIR> Apple Computer

06/24/2010 06:02 PM <DIR> assembly

11/08/2010 10:08 PM <DIR> Chromium

06/29/2011 01:27 PM <DIR> Conduit

05/25/2011 10:40 AM 6,144 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

03/16/2010 07:11 PM <DIR> Downloaded Installations

06/14/2011 08:51 PM 103,512 GDIPFONTCACHEV1.DAT

06/23/2011 10:35 AM <DIR> Google

03/29/2010 10:43 PM <DIR> Help

08/23/2010 06:15 PM <DIR> Identities

08/01/2011 08:51 AM <DIR> jsisoft.com

03/03/2011 11:14 AM <DIR> LogiShrd

08/03/2011 03:45 PM <DIR> Microsoft

11/24/2009 08:32 AM <DIR> Microsoft Help

11/23/2009 09:39 PM <DIR> Mozilla

06/20/2011 08:06 AM <DIR> OpenCandy

07/28/2010 02:48 PM <DIR> Opera

01/19/2010 04:52 PM <DIR> PCHealth

08/01/2011 03:36 PM <DIR> PC_Drivers_Headquarters

07/08/2010 03:19 PM <DIR> Super Internet TV

06/24/2010 05:59 PM <DIR> TechSmith

04/27/2011 09:10 PM <DIR> Temp

07/09/2010 01:40 PM <DIR> WMTools Downloaded Files

2 File(s) 109,656 bytes

23 Dir(s) 3,638,689,792 bytes free

 

C:\Documents and Settings\Tamtum\Local Settings\Application Data>

Link to comment
Share on other sites

Hello eusebios

 

Please do not post any more logs unless specifically requested.

 

ComboFix is still detecting both avast! Antivirus and Microsoft Security Essentials as being installed on your machine. As I have already mentioned, you are advised to uninstall one of these applications.

 

Please let me know when you have done so.

 

Also, let me know if you purposefully set the following proxy in your Firefox browser: FF - prefs.js: network.proxy.type - 4

Link to comment
Share on other sites

Hello eusebios

 

only is working Microsoft Security Essentials until I decided which is the best option

Okay.

 

I see that you have a number of keygened files on your machine. As I'm sure you know, keygened files are illegal. This forum does not support or condone the use of such material.

 

If you wish to receive continued assistance here you must remove these files from your machine:

 

 

  • Please work through the following steps

     

     

  • Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").

  • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.

  • Copy and Paste the text in the quotebox below into the open Notepad window:

     

    File::

    c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\keygen.exe

    c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\keygen.rar

     

    Folder::

    c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila

     

    DDS::

    Trusted Zone: kuaiche.com\software

     

    Firefox::

    FF - ProfilePath - c:\documents and settings\Tamtum\Application Data\Mozilla\Firefox\Profiles\635rnjf1.default\

    FF - prefs.js: network.proxy.type - 4

     

     

  • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.

  • Close any open browsers.

  • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Refering to the picture below, drag CFScript.txt into ComboFix.exe

     

    Posted Image

     

     

  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

  • Once the log is produced, re-engage your resident anti virus.
Link to comment
Share on other sites

Hi JonTom,

 

Here is the log of ComboFix. The antivirus has been disabled before running.

 

 

ComboFix 11-08-06.02 - Tamtum 08/08/2011 14:25:51.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.1827 [GMT -4:00]

Running from: c:\documents and settings\Tamtum\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Tamtum\Desktop\CFScript.txt

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\keygen.exe"

"c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\keygen.rar"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila

c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\graphics_pack_volume_1_ver_1.29.exe

c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\graphics_pack_volume_2_ver_2.18.exe

c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\keygen.exe

c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\keygen.rar

c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\Read it first.txt

c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\solsuite2010_v101_setup.exe

c:\solsuite solitaire 2010 v10.1 with latest graphics packs by laila\Torrent downloaded from Demonoid.com.txt

.

.

((((((((((((((((((((((((( Files Created from 2011-07-08 to 2011-08-08 )))))))))))))))))))))))))))))))

.

.

2011-08-08 16:34 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD4EBA85-8813-454A-99CB-92533FF01F3C}\mpengine.dll

2011-08-07 21:58 . 2011-06-21 22:56 17712 ----a-w- c:\windows\system32\nitrolocalui2.dll

2011-08-07 21:58 . 2011-06-21 22:56 26416 ----a-w- c:\windows\system32\nitrolocalmon2.dll

2011-08-07 21:57 . 2011-08-07 21:57 -------- d-----w- c:\program files\Common Files\Nitro PDF

2011-08-07 21:47 . 2011-08-07 21:47 -------- d-----w- c:\documents and settings\Tamtum\Application Data\Downloaded Installations

2011-08-07 18:45 . 2011-08-07 18:59 -------- d-----w- c:\documents and settings\Tamtum\Application Data\HpUpdate

2011-08-07 18:45 . 2011-08-07 18:45 -------- d-----w- c:\windows\Hewlett-Packard

2011-08-02 20:16 . 2011-08-02 20:25 -------- d-----w- c:\documents and settings\Tamtum\SecurityScans

2011-08-02 02:56 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-08-01 19:36 . 2011-08-01 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB

2011-08-01 19:36 . 2011-08-01 19:36 -------- d-----w- c:\documents and settings\Tamtum\Local Settings\Application Data\PC_Drivers_Headquarters

2011-08-01 19:36 . 2011-08-01 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2011-08-01 19:34 . 2011-08-01 19:34 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2011-08-01 18:32 . 2011-08-01 18:32 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-08-01 15:23 . 2011-08-01 15:23 388096 ----a-r- c:\documents and settings\Tamtum\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-01 15:23 . 2011-08-01 15:23 -------- d-----w- c:\program files\Trend Micro

2011-08-01 13:17 . 2011-08-01 13:17 -------- d-----w- c:\program files\Event Log Explorer

2011-08-01 12:51 . 2011-08-01 12:51 -------- d-----w- c:\documents and settings\Tamtum\Local Settings\Application Data\jsisoft.com

2011-07-31 14:48 . 2011-07-31 14:48 -------- d-----w- c:\program files\HWiNFO32

2011-07-24 06:47 . 2011-07-24 06:47 -------- d-----w- c:\program files\Common Files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-01 13:52 . 2009-12-02 16:25 40960 ----a-r- c:\documents and settings\Tamtum\Application Data\Microsoft\Installer\{F5242227-2051-4158-AC42-0F2BAA3CD3D6}\New_Shortcut_S1425_ADB54615A0E240F89C5EFD8513472ED3.exe

2011-07-13 03:39 . 2010-04-22 14:00 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-06 23:52 . 2011-06-01 06:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-06-01 06:18 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 11:43 . 2010-07-28 13:23 40112 ----a-w- c:\windows\avastSS.scr

2011-07-04 11:43 . 2010-05-16 20:25 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-04 11:36 . 2011-05-10 21:08 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-04 11:36 . 2010-05-16 20:26 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-04 11:35 . 2010-05-16 20:26 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-04 11:35 . 2010-05-16 20:26 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-07-04 11:35 . 2010-05-16 20:26 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-07-04 11:32 . 2010-05-16 20:26 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-04 11:32 . 2010-05-16 20:26 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-07-04 11:32 . 2010-05-16 20:26 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-06-17 11:55 . 2011-05-19 19:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-07 13:29 . 2011-06-07 13:29 0 ---ha-w- c:\documents and settings\Tamtum\Local Settings\Application Data\BIT25.tmp

2011-06-02 14:02 . 2008-04-14 05:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-30 13:42 . 2011-06-23 17:45 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-05-23 09:52 . 2011-06-23 17:45 153088 ----a-w- c:\windows\system32\xvid.ax

2011-05-23 07:46 . 2011-06-23 17:45 645632 ----a-w- c:\windows\system32\xvidcore.dll

2011-06-28 13:21 . 2011-05-10 13:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-06_23.03.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-08 16:19 . 2011-08-08 16:19 16384 c:\windows\Temp\Perflib_Perfdata_618.dat

+ 2011-08-07 21:58 . 2011-06-21 22:56 79664 c:\windows\system32\spool\drivers\w32x86\NitroReaderUI2.dll

+ 2011-08-07 21:58 . 2011-06-21 22:56 42288 c:\windows\system32\spool\drivers\w32x86\NitroReaderGraphics2.dll

+ 2011-08-07 21:58 . 2011-06-21 22:56 79664 c:\windows\system32\spool\drivers\w32x86\3\NitroReaderUI2.dll

+ 2011-08-07 21:58 . 2011-06-21 22:56 42288 c:\windows\system32\spool\drivers\w32x86\3\NitroReaderGraphics2.dll

+ 2011-08-07 12:23 . 2011-08-07 12:23 22016 c:\windows\Installer\10e083.msi

+ 2011-08-07 18:50 . 2011-08-07 18:50 45056 c:\windows\Installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}\ARPPRODUCTICON.exe

+ 2011-08-08 16:33 . 2011-08-08 16:40 1674 c:\windows\SoftwareDistribution\EventCache\{5D0B0854-674D-4A1F-9138-7D675250A11F}.bin

+ 2011-08-07 18:50 . 2011-08-07 18:50 953344 c:\windows\Installer\16eaf22.msi

+ 2011-08-07 18:50 . 2011-08-07 18:50 102400 c:\windows\Installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe

+ 2009-11-23 18:49 . 2011-08-08 16:19 2514384 c:\windows\system32\FNTCACHE.DAT

+ 2011-08-07 21:58 . 2011-08-07 21:58 1013248 c:\windows\Installer\21b7ceb.msi

+ 2011-08-07 18:49 . 2011-08-07 18:49 2348544 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{83B34002-FCA8-4E3A-94E9-48B0A0D9C418}\HP Update.msi

+ 2011-08-07 18:45 . 2011-08-07 18:45 1817600 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{6EDE20CD-178C-4D5C-A9D1-9B356B2E4EDD}\HP Update.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 176128]

"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-20 202256]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"VMSnap3"="c:\windows\VMSnap3.exe" [2006-08-30 49152]

"Domino"="c:\windows\Domino.exe" [2006-06-28 49152]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Sound Control.lnk - c:\program files\Sound Control\sc.exe [2011-3-14 726016]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Tamtum^Start Menu^Programs^Startup^FreeRapid 0.85u1.lnk]

path=c:\documents and settings\Tamtum\Start Menu\Programs\Startup\FreeRapid 0.85u1.lnk

backup=c:\windows\pss\FreeRapid 0.85u1.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2003-10-23 23:51 233472 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2003-06-25 15:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Documents and Settings\\Tamtum\\Application Data\\FlashgetSetup\\fgmini.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Program Files\\SRWare Iron\\iron.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/10/2011 5:08 PM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/16/2010 4:26 PM 309848]

R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [7/31/2011 10:48 AM 20216]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/16/2010 4:26 PM 19544]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [6/21/2011 6:57 PM 196912]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 1:07 PM 35088]

S1 MpKsl0062820c;MpKsl0062820c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{566DF78D-48E7-48B7-9FC3-56004FF11F46}\MpKsl0062820c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{566DF78D-48E7-48B7-9FC3-56004FF11F46}\MpKsl0062820c.sys [?]

S1 MpKsl05e3e8be;MpKsl05e3e8be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87CBCA0C-2C23-41AF-BAD1-12A01C62CCCF}\MpKsl05e3e8be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87CBCA0C-2C23-41AF-BAD1-12A01C62CCCF}\MpKsl05e3e8be.sys [?]

S1 MpKsl0830cca8;MpKsl0830cca8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2F53AF6-5A4B-41D4-BE4D-F4C068651B42}\MpKsl0830cca8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2F53AF6-5A4B-41D4-BE4D-F4C068651B42}\MpKsl0830cca8.sys [?]

S1 MpKsl08708dd8;MpKsl08708dd8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BD31CB2-8DDD-4FA4-9213-983847225C01}\MpKsl08708dd8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BD31CB2-8DDD-4FA4-9213-983847225C01}\MpKsl08708dd8.sys [?]

S1 MpKsl095d399c;MpKsl095d399c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D24F2C1-0CA3-40A8-A5E2-C46848C69DD9}\MpKsl095d399c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D24F2C1-0CA3-40A8-A5E2-C46848C69DD9}\MpKsl095d399c.sys [?]

S1 MpKsl0c43791c;MpKsl0c43791c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D12A5D1-CA80-4B5F-937F-C57918823C70}\MpKsl0c43791c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D12A5D1-CA80-4B5F-937F-C57918823C70}\MpKsl0c43791c.sys [?]

S1 MpKsl0cbfd4a0;MpKsl0cbfd4a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{069F665D-6D6C-4C2B-B002-5309199ECD6A}\MpKsl0cbfd4a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{069F665D-6D6C-4C2B-B002-5309199ECD6A}\MpKsl0cbfd4a0.sys [?]

S1 MpKsl0da4d4fa;MpKsl0da4d4fa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60EEBEBC-92FA-4A73-8BE5-E5E00053D9D3}\MpKsl0da4d4fa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60EEBEBC-92FA-4A73-8BE5-E5E00053D9D3}\MpKsl0da4d4fa.sys [?]

S1 MpKsl1169cda3;MpKsl1169cda3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14A14352-6297-45B7-B893-A7DF367B618D}\MpKsl1169cda3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14A14352-6297-45B7-B893-A7DF367B618D}\MpKsl1169cda3.sys [?]

S1 MpKsl13005c2b;MpKsl13005c2b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27FA18D0-90F4-4AE0-9A18-0592C7EB5399}\MpKsl13005c2b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27FA18D0-90F4-4AE0-9A18-0592C7EB5399}\MpKsl13005c2b.sys [?]

S1 MpKsl1400ef74;MpKsl1400ef74;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D24F2C1-0CA3-40A8-A5E2-C46848C69DD9}\MpKsl1400ef74.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D24F2C1-0CA3-40A8-A5E2-C46848C69DD9}\MpKsl1400ef74.sys [?]

S1 MpKsl155d68d1;MpKsl155d68d1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4A3C992-22DA-4B33-B907-EB6ECAD9D43A}\MpKsl155d68d1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4A3C992-22DA-4B33-B907-EB6ECAD9D43A}\MpKsl155d68d1.sys [?]

S1 MpKsl169ac2e6;MpKsl169ac2e6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33B5A980-FE82-44A9-933C-1E30C789B1BF}\MpKsl169ac2e6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33B5A980-FE82-44A9-933C-1E30C789B1BF}\MpKsl169ac2e6.sys [?]

S1 MpKsl1933e5e4;MpKsl1933e5e4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFA11C6A-B730-4ADE-A3ED-60B231092E53}\MpKsl1933e5e4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFA11C6A-B730-4ADE-A3ED-60B231092E53}\MpKsl1933e5e4.sys [?]

S1 MpKsl1daaf17c;MpKsl1daaf17c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl1daaf17c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl1daaf17c.sys [?]

S1 MpKsl20bf2eb0;MpKsl20bf2eb0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07086AC7-D769-48B6-9105-A0AB95B95002}\MpKsl20bf2eb0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07086AC7-D769-48B6-9105-A0AB95B95002}\MpKsl20bf2eb0.sys [?]

S1 MpKsl234e52f6;MpKsl234e52f6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C71B6C5-CA7A-4181-B44E-21FECA7EAEFF}\MpKsl234e52f6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C71B6C5-CA7A-4181-B44E-21FECA7EAEFF}\MpKsl234e52f6.sys [?]

S1 MpKsl26aafb95;MpKsl26aafb95;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BD31CB2-8DDD-4FA4-9213-983847225C01}\MpKsl26aafb95.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3BD31CB2-8DDD-4FA4-9213-983847225C01}\MpKsl26aafb95.sys [?]

S1 MpKsl26ffbc48;MpKsl26ffbc48;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4C5BFAF-40DC-47DF-9315-195A796D3E73}\MpKsl26ffbc48.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4C5BFAF-40DC-47DF-9315-195A796D3E73}\MpKsl26ffbc48.sys [?]

S1 MpKsl29d74a01;MpKsl29d74a01;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85F12741-1760-467A-BB67-71EA68BCE909}\MpKsl29d74a01.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85F12741-1760-467A-BB67-71EA68BCE909}\MpKsl29d74a01.sys [?]

S1 MpKsl2a922ab7;MpKsl2a922ab7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF47269E-233E-460F-BF72-1EB145C55A63}\MpKsl2a922ab7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF47269E-233E-460F-BF72-1EB145C55A63}\MpKsl2a922ab7.sys [?]

S1 MpKsl2aa2d938;MpKsl2aa2d938;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl2aa2d938.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl2aa2d938.sys [?]

S1 MpKsl34226978;MpKsl34226978;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{903731D9-773D-4A04-86A8-9C42C46E9472}\MpKsl34226978.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{903731D9-773D-4A04-86A8-9C42C46E9472}\MpKsl34226978.sys [?]

S1 MpKsl3593f526;MpKsl3593f526;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8243420-E564-4185-8172-B80929C1F526}\MpKsl3593f526.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8243420-E564-4185-8172-B80929C1F526}\MpKsl3593f526.sys [?]

S1 MpKsl359b2c54;MpKsl359b2c54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1BDB81E-68E2-46A9-95D1-999670255447}\MpKsl359b2c54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1BDB81E-68E2-46A9-95D1-999670255447}\MpKsl359b2c54.sys [?]

S1 MpKsl36f85288;MpKsl36f85288;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED317F68-829D-4407-86C2-5AF3421047F0}\MpKsl36f85288.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED317F68-829D-4407-86C2-5AF3421047F0}\MpKsl36f85288.sys [?]

S1 MpKsl3d52ce76;MpKsl3d52ce76;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19D52414-151A-40A4-A18F-9D1C0E93855B}\MpKsl3d52ce76.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19D52414-151A-40A4-A18F-9D1C0E93855B}\MpKsl3d52ce76.sys [?]

S1 MpKsl3e1db336;MpKsl3e1db336;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1DAAF35-368E-4C29-B74B-34D0BBC98E6D}\MpKsl3e1db336.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1DAAF35-368E-4C29-B74B-34D0BBC98E6D}\MpKsl3e1db336.sys [?]

S1 MpKsl3ef10ded;MpKsl3ef10ded;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0E49630-0ACF-4AD4-A759-213F58FEBBF0}\MpKsl3ef10ded.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0E49630-0ACF-4AD4-A759-213F58FEBBF0}\MpKsl3ef10ded.sys [?]

S1 MpKsl3fa1f2bd;MpKsl3fa1f2bd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E63132-BAA4-47E5-96CA-2445C053C881}\MpKsl3fa1f2bd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E63132-BAA4-47E5-96CA-2445C053C881}\MpKsl3fa1f2bd.sys [?]

S1 MpKsl4011acc7;MpKsl4011acc7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{858C51AB-CBDA-4AA8-B372-76E2E758430A}\MpKsl4011acc7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{858C51AB-CBDA-4AA8-B372-76E2E758430A}\MpKsl4011acc7.sys [?]

S1 MpKsl40b48993;MpKsl40b48993;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFA11C6A-B730-4ADE-A3ED-60B231092E53}\MpKsl40b48993.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFA11C6A-B730-4ADE-A3ED-60B231092E53}\MpKsl40b48993.sys [?]

S1 MpKsl41f2391e;MpKsl41f2391e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C72298D5-8AE7-43F6-AD86-9B43D1C118BD}\MpKsl41f2391e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C72298D5-8AE7-43F6-AD86-9B43D1C118BD}\MpKsl41f2391e.sys [?]

S1 MpKsl4227634a;MpKsl4227634a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{815047AD-4781-49BF-A4A1-5695D6E032E3}\MpKsl4227634a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{815047AD-4781-49BF-A4A1-5695D6E032E3}\MpKsl4227634a.sys [?]

S1 MpKsl46e6a53f;MpKsl46e6a53f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2F53AF6-5A4B-41D4-BE4D-F4C068651B42}\MpKsl46e6a53f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2F53AF6-5A4B-41D4-BE4D-F4C068651B42}\MpKsl46e6a53f.sys [?]

S1 MpKsl48572518;MpKsl48572518;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{95E8DAD5-9A7D-437F-8C4C-65AC9D15A4BE}\MpKsl48572518.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{95E8DAD5-9A7D-437F-8C4C-65AC9D15A4BE}\MpKsl48572518.sys [?]

S1 MpKsl4a32284a;MpKsl4a32284a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F2DFD2E-1E6C-4755-9992-9FDA63FA272C}\MpKsl4a32284a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F2DFD2E-1E6C-4755-9992-9FDA63FA272C}\MpKsl4a32284a.sys [?]

S1 MpKsl516bc985;MpKsl516bc985;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D05CF8D-1834-4B86-A8F2-EE48FBF16EE9}\MpKsl516bc985.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D05CF8D-1834-4B86-A8F2-EE48FBF16EE9}\MpKsl516bc985.sys [?]

S1 MpKsl517fe212;MpKsl517fe212;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6198FCD2-73B8-4D27-BAEB-132B7A43669D}\MpKsl517fe212.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6198FCD2-73B8-4D27-BAEB-132B7A43669D}\MpKsl517fe212.sys [?]

S1 MpKsl5204124b;MpKsl5204124b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F900D95-DD6E-4DA8-B853-854C21209C88}\MpKsl5204124b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F900D95-DD6E-4DA8-B853-854C21209C88}\MpKsl5204124b.sys [?]

S1 MpKsl541c941c;MpKsl541c941c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{903731D9-773D-4A04-86A8-9C42C46E9472}\MpKsl541c941c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{903731D9-773D-4A04-86A8-9C42C46E9472}\MpKsl541c941c.sys [?]

S1 MpKsl564ce894;MpKsl564ce894;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C34DA673-8D55-4022-A462-0596BBBF9490}\MpKsl564ce894.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C34DA673-8D55-4022-A462-0596BBBF9490}\MpKsl564ce894.sys [?]

S1 MpKsl57fc41cc;MpKsl57fc41cc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17CFB135-64C0-4A42-8013-83520C22C4BD}\MpKsl57fc41cc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17CFB135-64C0-4A42-8013-83520C22C4BD}\MpKsl57fc41cc.sys [?]

S1 MpKsl58993284;MpKsl58993284;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17CFB135-64C0-4A42-8013-83520C22C4BD}\MpKsl58993284.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17CFB135-64C0-4A42-8013-83520C22C4BD}\MpKsl58993284.sys [?]

S1 MpKsl5b2f3606;MpKsl5b2f3606;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14A14352-6297-45B7-B893-A7DF367B618D}\MpKsl5b2f3606.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14A14352-6297-45B7-B893-A7DF367B618D}\MpKsl5b2f3606.sys [?]

S1 MpKsl5dd94069;MpKsl5dd94069;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFFE856D-0357-4B2C-81EB-476802A00B3A}\MpKsl5dd94069.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFFE856D-0357-4B2C-81EB-476802A00B3A}\MpKsl5dd94069.sys [?]

S1 MpKsl60fb0b74;MpKsl60fb0b74;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EFF8977-9BEE-49A5-B829-BAC9C28DD078}\MpKsl60fb0b74.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EFF8977-9BEE-49A5-B829-BAC9C28DD078}\MpKsl60fb0b74.sys [?]

S1 MpKsl6166bfbd;MpKsl6166bfbd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{287E2510-967F-45B2-BB03-3E06679AC188}\MpKsl6166bfbd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{287E2510-967F-45B2-BB03-3E06679AC188}\MpKsl6166bfbd.sys [?]

S1 MpKsl6167cc78;MpKsl6167cc78;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17CFB135-64C0-4A42-8013-83520C22C4BD}\MpKsl6167cc78.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17CFB135-64C0-4A42-8013-83520C22C4BD}\MpKsl6167cc78.sys [?]

S1 MpKsl635aac9c;MpKsl635aac9c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8243420-E564-4185-8172-B80929C1F526}\MpKsl635aac9c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8243420-E564-4185-8172-B80929C1F526}\MpKsl635aac9c.sys [?]

S1 MpKsl64f882d1;MpKsl64f882d1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E63132-BAA4-47E5-96CA-2445C053C881}\MpKsl64f882d1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E63132-BAA4-47E5-96CA-2445C053C881}\MpKsl64f882d1.sys [?]

S1 MpKsl68633118;MpKsl68633118;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83990B25-785D-4197-A867-1B252D3F9756}\MpKsl68633118.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83990B25-785D-4197-A867-1B252D3F9756}\MpKsl68633118.sys [?]

S1 MpKsl68b30fce;MpKsl68b30fce;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C2D51DA-EBC5-419B-BEDD-3F7868FBF53C}\MpKsl68b30fce.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C2D51DA-EBC5-419B-BEDD-3F7868FBF53C}\MpKsl68b30fce.sys [?]

S1 MpKsl6e6d6d15;MpKsl6e6d6d15;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6A01473-7F05-4999-A131-5AEACFA22DAD}\MpKsl6e6d6d15.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6A01473-7F05-4999-A131-5AEACFA22DAD}\MpKsl6e6d6d15.sys [?]

S1 MpKsl6efdef7a;MpKsl6efdef7a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C71B6C5-CA7A-4181-B44E-21FECA7EAEFF}\MpKsl6efdef7a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C71B6C5-CA7A-4181-B44E-21FECA7EAEFF}\MpKsl6efdef7a.sys [?]

S1 MpKsl742c73c1;MpKsl742c73c1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl742c73c1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl742c73c1.sys [?]

S1 MpKsl76c1f2d0;MpKsl76c1f2d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B58869F-223C-40F4-A2F4-994C8CEC10BE}\MpKsl76c1f2d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B58869F-223C-40F4-A2F4-994C8CEC10BE}\MpKsl76c1f2d0.sys [?]

S1 MpKsl77bdabaf;MpKsl77bdabaf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3B832AE-A635-4F34-A853-E03580363BBE}\MpKsl77bdabaf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3B832AE-A635-4F34-A853-E03580363BBE}\MpKsl77bdabaf.sys [?]

S1 MpKsl7ac8689c;MpKsl7ac8689c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{171914C6-A61A-4460-B30D-27C5DD421406}\MpKsl7ac8689c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{171914C6-A61A-4460-B30D-27C5DD421406}\MpKsl7ac8689c.sys [?]

S1 MpKsl84bc1394;MpKsl84bc1394;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{171914C6-A61A-4460-B30D-27C5DD421406}\MpKsl84bc1394.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{171914C6-A61A-4460-B30D-27C5DD421406}\MpKsl84bc1394.sys [?]

S1 MpKsl8ce38e72;MpKsl8ce38e72;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACFD1E8F-7142-4AAE-A3D5-0EB6427779D4}\MpKsl8ce38e72.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACFD1E8F-7142-4AAE-A3D5-0EB6427779D4}\MpKsl8ce38e72.sys [?]

S1 MpKsl8d15d389;MpKsl8d15d389;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBDDA7BC-DA5F-4043-A433-C2B05A775310}\MpKsl8d15d389.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CBDDA7BC-DA5F-4043-A433-C2B05A775310}\MpKsl8d15d389.sys [?]

S1 MpKsl8e1d8ae9;MpKsl8e1d8ae9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl8e1d8ae9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsl8e1d8ae9.sys [?]

S1 MpKsl8fb3a792;MpKsl8fb3a792;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F900D95-DD6E-4DA8-B853-854C21209C88}\MpKsl8fb3a792.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F900D95-DD6E-4DA8-B853-854C21209C88}\MpKsl8fb3a792.sys [?]

S1 MpKsl912ed2fd;MpKsl912ed2fd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{073F38BD-56D3-454B-9057-5E3B7E746134}\MpKsl912ed2fd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{073F38BD-56D3-454B-9057-5E3B7E746134}\MpKsl912ed2fd.sys [?]

S1 MpKsl91966f97;MpKsl91966f97;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12DE62FD-E0C5-4E06-AE31-51C9D8160CC7}\MpKsl91966f97.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12DE62FD-E0C5-4E06-AE31-51C9D8160CC7}\MpKsl91966f97.sys [?]

S1 MpKsl925d4101;MpKsl925d4101;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1DAAF35-368E-4C29-B74B-34D0BBC98E6D}\MpKsl925d4101.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1DAAF35-368E-4C29-B74B-34D0BBC98E6D}\MpKsl925d4101.sys [?]

S1 MpKsl92892f95;MpKsl92892f95;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93587A95-FE89-42E6-8AC0-980766162D6E}\MpKsl92892f95.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93587A95-FE89-42E6-8AC0-980766162D6E}\MpKsl92892f95.sys [?]

S1 MpKsl9472eedc;MpKsl9472eedc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85F12741-1760-467A-BB67-71EA68BCE909}\MpKsl9472eedc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85F12741-1760-467A-BB67-71EA68BCE909}\MpKsl9472eedc.sys [?]

S1 MpKsl9496b544;MpKsl9496b544;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{085A2BEB-7FC0-4023-8B9A-1118B6AAC332}\MpKsl9496b544.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{085A2BEB-7FC0-4023-8B9A-1118B6AAC332}\MpKsl9496b544.sys [?]

S1 MpKsl98cda411;MpKsl98cda411;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C181D72-2946-43D0-BB14-D840C74A7CCA}\MpKsl98cda411.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C181D72-2946-43D0-BB14-D840C74A7CCA}\MpKsl98cda411.sys [?]

S1 MpKsla03d353d;MpKsla03d353d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87CBCA0C-2C23-41AF-BAD1-12A01C62CCCF}\MpKsla03d353d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87CBCA0C-2C23-41AF-BAD1-12A01C62CCCF}\MpKsla03d353d.sys [?]

S1 MpKsla684e89e;MpKsla684e89e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{566DF78D-48E7-48B7-9FC3-56004FF11F46}\MpKsla684e89e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{566DF78D-48E7-48B7-9FC3-56004FF11F46}\MpKsla684e89e.sys [?]

S1 MpKsla743a20d;MpKsla743a20d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36742B6B-07CE-47B7-A132-78C7285F563F}\MpKsla743a20d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36742B6B-07CE-47B7-A132-78C7285F563F}\MpKsla743a20d.sys [?]

S1 MpKsla7736210;MpKsla7736210;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33DBBDF3-2C3F-4A19-81CA-28922A4F1DF8}\MpKsla7736210.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33DBBDF3-2C3F-4A19-81CA-28922A4F1DF8}\MpKsla7736210.sys [?]

S1 MpKsla958f364;MpKsla958f364;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19D52414-151A-40A4-A18F-9D1C0E93855B}\MpKsla958f364.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19D52414-151A-40A4-A18F-9D1C0E93855B}\MpKsla958f364.sys [?]

S1 MpKsla98abc04;MpKsla98abc04;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A7F4745-AA7C-445D-8477-C5C0EB36E107}\MpKsla98abc04.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A7F4745-AA7C-445D-8477-C5C0EB36E107}\MpKsla98abc04.sys [?]

S1 MpKslad68d291;MpKslad68d291;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58D97B1E-6137-497D-A106-017FEF9DE28B}\MpKslad68d291.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58D97B1E-6137-497D-A106-017FEF9DE28B}\MpKslad68d291.sys [?]

S1 MpKslaf285074;MpKslaf285074;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05AD6B1A-E6B9-43AC-A1E8-E14C45B768F5}\MpKslaf285074.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05AD6B1A-E6B9-43AC-A1E8-E14C45B768F5}\MpKslaf285074.sys [?]

S1 MpKslb01c8a7f;MpKslb01c8a7f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED317F68-829D-4407-86C2-5AF3421047F0}\MpKslb01c8a7f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED317F68-829D-4407-86C2-5AF3421047F0}\MpKslb01c8a7f.sys [?]

S1 MpKslb43192ba;MpKslb43192ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9176973E-1901-4341-A6E5-20AB8CCD558B}\MpKslb43192ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9176973E-1901-4341-A6E5-20AB8CCD558B}\MpKslb43192ba.sys [?]

S1 MpKslb7620e7c;MpKslb7620e7c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC6DBD8E-E8EB-4274-9A1B-F9199C9553A2}\MpKslb7620e7c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC6DBD8E-E8EB-4274-9A1B-F9199C9553A2}\MpKslb7620e7c.sys [?]

S1 MpKslb94402b4;MpKslb94402b4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0254ACBB-18C4-48C4-ACC3-2D018F918E95}\MpKslb94402b4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0254ACBB-18C4-48C4-ACC3-2D018F918E95}\MpKslb94402b4.sys [?]

S1 MpKslbaa58cc3;MpKslbaa58cc3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A7F4745-AA7C-445D-8477-C5C0EB36E107}\MpKslbaa58cc3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A7F4745-AA7C-445D-8477-C5C0EB36E107}\MpKslbaa58cc3.sys [?]

S1 MpKslbdc49bdd;MpKslbdc49bdd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKslbdc49bdd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKslbdc49bdd.sys [?]

S1 MpKslbe48c29b;MpKslbe48c29b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DBA57FB-F476-44A8-AC80-2B477FF8FEEE}\MpKslbe48c29b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DBA57FB-F476-44A8-AC80-2B477FF8FEEE}\MpKslbe48c29b.sys [?]

S1 MpKslc037d243;MpKslc037d243;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BAECE31-8D08-4A81-B71B-D3EEA40DBA6E}\MpKslc037d243.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BAECE31-8D08-4A81-B71B-D3EEA40DBA6E}\MpKslc037d243.sys [?]

S1 MpKslc348c41f;MpKslc348c41f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57D35839-7C44-456B-B2BD-DD469046480F}\MpKslc348c41f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57D35839-7C44-456B-B2BD-DD469046480F}\MpKslc348c41f.sys [?]

S1 MpKslcd1d00b3;MpKslcd1d00b3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D94CC3FB-C391-4287-8173-3C21CCFC8D3D}\MpKslcd1d00b3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D94CC3FB-C391-4287-8173-3C21CCFC8D3D}\MpKslcd1d00b3.sys [?]

S1 MpKsld094f0d8;MpKsld094f0d8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3B832AE-A635-4F34-A853-E03580363BBE}\MpKsld094f0d8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3B832AE-A635-4F34-A853-E03580363BBE}\MpKsld094f0d8.sys [?]

S1 MpKsld3c0621c;MpKsld3c0621c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05AD6B1A-E6B9-43AC-A1E8-E14C45B768F5}\MpKsld3c0621c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05AD6B1A-E6B9-43AC-A1E8-E14C45B768F5}\MpKsld3c0621c.sys [?]

S1 MpKsldb8d68b1;MpKsldb8d68b1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsldb8d68b1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsldb8d68b1.sys [?]

S1 MpKsldcfd209c;MpKsldcfd209c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C9B2891-2D3D-4DD0-B76F-2F1B5C533C13}\MpKsldcfd209c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C9B2891-2D3D-4DD0-B76F-2F1B5C533C13}\MpKsldcfd209c.sys [?]

S1 MpKsldd5dc335;MpKsldd5dc335;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{287E2510-967F-45B2-BB03-3E06679AC188}\MpKsldd5dc335.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{287E2510-967F-45B2-BB03-3E06679AC188}\MpKsldd5dc335.sys [?]

S1 MpKsle56add0a;MpKsle56add0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0E49630-0ACF-4AD4-A759-213F58FEBBF0}\MpKsle56add0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0E49630-0ACF-4AD4-A759-213F58FEBBF0}\MpKsle56add0a.sys [?]

S1 MpKsle6a12a34;MpKsle6a12a34;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C71B6C5-CA7A-4181-B44E-21FECA7EAEFF}\MpKsle6a12a34.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C71B6C5-CA7A-4181-B44E-21FECA7EAEFF}\MpKsle6a12a34.sys [?]

S1 MpKsle97fecd8;MpKsle97fecd8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C09EBF8-7393-40BF-A156-7464D0EE7E05}\MpKsle97fecd8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C09EBF8-7393-40BF-A156-7464D0EE7E05}\MpKsle97fecd8.sys [?]

S1 MpKsleb4c9cc9;MpKsleb4c9cc9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63EAD3D6-B6A6-42C9-BC46-9381FAFA9610}\MpKsleb4c9cc9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63EAD3D6-B6A6-42C9-BC46-9381FAFA9610}\MpKsleb4c9cc9.sys [?]

S1 MpKsled26e557;MpKsled26e557;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsled26e557.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{540AA8E8-E1F2-4C27-ACA7-4997D0DAD929}\MpKsled26e557.sys [?]

S1 MpKsled588ed0;MpKsled588ed0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93587A95-FE89-42E6-8AC0-980766162D6E}\MpKsled588ed0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93587A95-FE89-42E6-8AC0-980766162D6E}\MpKsled588ed0.sys [?]

S1 MpKslf1dc3a32;MpKslf1dc3a32;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6A01473-7F05-4999-A131-5AEACFA22DAD}\MpKslf1dc3a

Link to comment
Share on other sites

Hello eusebios

 

Thank you for the log.

 

Please work your way through the following steps:

 

  • Rootkit Unhooker

     

     

    • Please Download Rootkit Unhooker and Save it to your desktop.
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Check (Tick) Drivers, Stealth. Uncheck the rest, then Click OK.
    • Wait till the scanner has finished and then click File, Save Report.
    • Save the report somewhere where you can find it. Click Close.

    Copy the entire contents of the report and paste it in your next reply here.

    Note: You may get the following warning, just click OK and continue.

     

    "Rootkit Unhooker has detected a parasite inside itself!

    It is recommended to remove parasite, okay?"

     

  • MBRCheck

     

     

    • Please download MBRCheck by clicking here and save it to your desktop.
    • Be sure to disable your security programs.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm:filtered: should appear on your desktop.
    • Please post the contents of that file in your next reply.

  • Clean out your temporary files

     

     

    • Please download ATF Cleaner by Atribune by clicking here and save the file (called ATF-Cleaner.exe) to your desktop.
    • Run the program by double clicking the ATF-Cleaner.exe icon located on your desktop.
    • Check the boxes to the left of the following:

    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Java Cache

    • The rest are optional. If you want to remove everything check the "Select All" box.
    • Click on "Empty Selected" to begin cleaning.
    • Once the "Done Cleaning" message appears, click OK.
    • If you use Firefox, Click on the Firefox tab and repeat the above process.
    • When you have finished cleaning, click on the "Exit" button in the main menu.

  • MalwareBytes AntiMalware:

     

     

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

     

    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.

    Please post the Rootkit Unhooker log, the mbrCheck log and the MBAM log in your next reply.

     

    Are you being redirected when you surf the net? Please let me know, and describe exactly how the machine is behaving now.

Link to comment
Share on other sites

Hello JonTom,

 

Below are the files requested.

 

The answer to your question is no, I have had not being redirected to another sites while surfing. Just it crashed with those errors I mentioned in my previous post.

 

The machine is working fine but sometimes the mouse stays still for a long while and I have to finger-power-off to continue where I was working on after the next boot up.

 

Please let me know if those errors I send to you are related to this?.

 

Thank you for your wonderful help.

 

 

 

-------Rootkit Unhooker log

RkU Version: 3.8.389.593, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2265088 bytes

0x804D7000 RAW 2265088 bytes

0x804D7000 WMIxWDM 2265088 bytes

0xBF800000 Win32k 1859584 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xB635E000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)

0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)

0xB6255000 C:\WINDOWS\system32\drivers\smwdm.sys 614400 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )

0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xA5D94000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)

0xA5E76000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB612C000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xA5FB9000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xA518D000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xA5E2C000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)

0xBF159000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xA4CEC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB630F000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 241664 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)

0xA5F33000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)

0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)

0xB618A000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xA539D000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF7424000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xA5EE6000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xA5F6B000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xA6045000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)

0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xA5F93000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xB6231000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB62EB000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB620E000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xA4BB1000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))

0xA5F11000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)

0x80700000 ACPI_HAL 134400 bytes

0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF747A000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF740A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB61F6000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)

0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xA5D54000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xA5A45000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)

0xF7451000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB61CB000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xA5418000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB61E2000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xB634A000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xA6012000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7468000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB61BA000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xB8FD7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF7697000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF7517000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xB8E27000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xA5455000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xBA005000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)

0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF7527000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF7507000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xB8FB7000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))

0xBA065000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF7547000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xBA085000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xBA035000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF7647000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF76A7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xB9FF5000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)

0xF7557000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)

0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xBA055000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF76B7000 C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)

0xBA045000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF76C7000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xF7537000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF776F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7807000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7747000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF77E7000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF77FF000 C:\WINDOWS\system32\drivers\npf.sys 28672 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)

0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xB9070000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)

0xF77A7000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)

0xF781F000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xF780F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF7817000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xB9308000 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD4EBA85-8813-454A-99CB-92533FF01F3C}\MpKslcc69283e.sys 24576 bytes (Microsoft Corporation, KSLDriver)

0xB9090000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)

0xF77CF000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF77EF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF77D7000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)

0xF77F7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7757000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF774F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF778F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF77B7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xB8F40000 C:\Program Files\HWiNFO32\HWiNFO32.SYS 16384 bytes (REALiX, HWiNFO32 Kernel Driver)

0xBA7F4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA5C90000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF793B000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xA5CFC000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)

0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xB8F30000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xBA7E4000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xBA7CC000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xB8F34000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0xF7943000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0xF79C7000 C:\Program Files\Broadcom\BACS\BASFND.sys 8192 bytes (Broadcom Corporation, Broadcom NetDetect Driver.)

0xF79B3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF798D000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xB92E4000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF79B1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF79B5000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF79EF000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xF79B7000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF79AB000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF79AD000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xB9F8D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7AA5000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xB895B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

------mbrCheck log

 

 

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000001c

 

Kernel Drivers (total 555):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x80700000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF75A8000 ACPI.sys

0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7597000 pci.sys

0xF75F7000 isapnp.sys

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF798B000 intelide.sys

0xF7607000 MountMgr.sys

0xF74D8000 ftdisk.sys

0xF798D000 dmload.sys

0xF74B2000 dmio.sys

0xF770F000 PartMgr.sys

0xF7617000 VolSnap.sys

0xF749A000 atapi.sys

0xF7627000 disk.sys

0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF747A000 fltMgr.sys

0xF7468000 sr.sys

0xF7647000 PxHelp20.sys

0xF7451000 KSecDD.sys

0xF7B52000 Ntfs.sys

0xF7424000 NDIS.sys

0xF740A000 Mup.sys

0xB8F34000 \SystemRoot\system32\DRIVERS\tunmp.sys

0xB635E000 \SystemRoot\system32\DRIVERS\ialmnt5.sys

0xB634A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB630F000 \SystemRoot\system32\DRIVERS\b57xp32.sys

0xF77CF000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB62EB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7807000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB6255000 \SystemRoot\system32\drivers\smwdm.sys

0xB6231000 \SystemRoot\system32\drivers\portcls.sys

0xB8E27000 \SystemRoot\system32\drivers\drmk.sys

0xB620E000 \SystemRoot\system32\drivers\ks.sys

0xB61F6000 \SystemRoot\system32\drivers\aeaudio.sys

0xF7527000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF7817000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF780F000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xB61E2000 \SystemRoot\system32\DRIVERS\parport.sys

0xF7517000 \SystemRoot\system32\DRIVERS\serial.sys

0xF793B000 \SystemRoot\system32\DRIVERS\serenum.sys

0xF7747000 \SystemRoot\system32\DRIVERS\fdc.sys

0xF7697000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF781F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xBA055000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF7943000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xB9F8D000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7507000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xBA7E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB61CB000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xBA085000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xBA065000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF778F000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB61BA000 \SystemRoot\system32\DRIVERS\psched.sys

0xBA045000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7757000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF774F000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB618A000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xF76A7000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF79AB000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB612C000 \SystemRoot\system32\DRIVERS\update.sys

0xBA7F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xBA035000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xBA005000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF79AD000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xA6045000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0xF79B1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xB895B000 \SystemRoot\System32\Drivers\Null.SYS

0xF79B3000 \SystemRoot\System32\Drivers\Beep.SYS

0xF77E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF77EF000 \SystemRoot\System32\drivers\vga.sys

0xF79B5000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79B7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF77F7000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF776F000 \SystemRoot\System32\Drivers\Npfs.SYS

0xBA7CC000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xA6012000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xA5FB9000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB9FF5000 \SystemRoot\System32\Drivers\aswTdi.SYS

0xA5F93000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xA5F6B000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF7537000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xA5F33000 \SystemRoot\system32\DRIVERS\tcpip6.sys

0xF77D7000 \SystemRoot\System32\Drivers\aswRdr.SYS

0xF76B7000 \SystemRoot\system32\DRIVERS\Ip6Fw.sys

0xA5F11000 \SystemRoot\System32\drivers\afd.sys

0xF76C7000 \SystemRoot\system32\DRIVERS\netbios.sys

0xA5EE6000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xA5E76000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB9308000 \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD4EBA85-8813-454A-99CB-92533FF01F3C}\MpKslcc69283e.sys

0xB9070000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xB8F40000 \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS

0xF7547000 \SystemRoot\System32\Drivers\Fips.SYS

0xA5E2C000 \SystemRoot\System32\Drivers\aswSP.SYS

0xA5D94000 \SystemRoot\System32\Drivers\aswSnx.SYS

0xF77A7000 \SystemRoot\System32\Drivers\Aavmker4.SYS

0xB8FD7000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xA5D54000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xB92E4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB8F30000 \SystemRoot\System32\drivers\Dxapi.sys

0xF77B7000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7AA5000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF020000 \SystemRoot\System32\ialmdnt5.dll

0xBF012000 \SystemRoot\System32\ialmrnt5.dll

0xBF042000 \SystemRoot\System32\ialmdev5.DLL

0xBF077000 \SystemRoot\System32\ialmdd5.DLL

0xBF159000 \SystemRoot\System32\ATMFD.DLL

0xA5CFC000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0xB8FB7000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys

0xA5C90000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA5A45000 \SystemRoot\System32\Drivers\aswMon2.SYS

0xA5418000 \SystemRoot\system32\drivers\wdmaud.sys

0xA5455000 \SystemRoot\system32\drivers\sysaudio.sys

0xA539D000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xF79EF000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xF79C7000 \??\C:\Program Files\Broadcom\BACS\BASFND.sys

0xA518D000 \SystemRoot\system32\DRIVERS\srv.sys

0xF77FF000 \SystemRoot\system32\drivers\npf.sys

0xA4CEC000 \SystemRoot\System32\Drivers\HTTP.sys

0xB9090000 \SystemRoot\System32\Drivers\TDTCP.SYS

0xA4BB1000 \SystemRoot\System32\Drivers\RDPWD.SYS

0x7C900000 \WINDOWS\system32\ntdll.dll

0x48580000 \WINDOWS\system32\smss.exe

0x01000000 \WINDOWS\system32\autochk.exe

0x66700000 \WINDOWS\system32\sfcfiles.dll

0x4A680000 \WINDOWS\system32\csrss.exe

0x75B40000 \WINDOWS\system32\csrsrv.dll

0x75B50000 \WINDOWS\system32\basesrv.dll

0x75B60000 \WINDOWS\system32\winsrv.dll

0x77F10000 \WINDOWS\system32\gdi32.dll

0x7C800000 \WINDOWS\system32\kernel32.dll

0x7E410000 \WINDOWS\system32\user32.dll

0x64D00000 \Program Files\Alwil Software\Avast5\snxhk.dll

0x7E720000 \WINDOWS\system32\sxs.dll

0x77DD0000 \WINDOWS\system32\advapi32.dll

0x77E70000 \WINDOWS\system32\rpcrt4.dll

0x77FE0000 \WINDOWS\system32\secur32.dll

0x776C0000 \WINDOWS\system32\authz.dll

0x77C10000 \WINDOWS\system32\msvcrt.dll

0x77A80000 \WINDOWS\system32\crypt32.dll

0x77B20000 \WINDOWS\system32\msasn1.dll

0x75940000 \WINDOWS\system32\nddeapi.dll

0x75930000 \WINDOWS\system32\profmap.dll

0x5B860000 \WINDOWS\system32\netapi32.dll

0x769C0000 \WINDOWS\system32\userenv.dll

0x76BF0000 \WINDOWS\system32\psapi.dll

0x76BC0000 \WINDOWS\system32\regapi.dll

0x77920000 \WINDOWS\system32\setupapi.dll

0x77C00000 \WINDOWS\system32\version.dll

0x76360000 \WINDOWS\system32\winsta.dll

0x76C30000 \WINDOWS\system32\wintrust.dll

0x76C90000 \WINDOWS\system32\imagehlp.dll

0x71AB0000 \WINDOWS\system32\ws2_32.dll

0x71AA0000 \WINDOWS\system32\ws2help.dll

0x76390000 \WINDOWS\system32\imm32.dll

0x5FFF0000 \WINDOWS\system32\kbdus.dll

0x75970000 \WINDOWS\system32\msgina.dll

0x5D090000 \WINDOWS\system32\comctl32.dll

0x74320000 \WINDOWS\system32\odbc32.dll

0x763B0000 \WINDOWS\system32\comdlg32.dll

0x7C9C0000 \WINDOWS\system32\shell32.dll

0x77F60000 \WINDOWS\system32\shlwapi.dll

0x773D0000 \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

0x776E0000 \WINDOWS\system32\shsvcs.dll

0x76BB0000 \WINDOWS\system32\sfc.dll

0x76C60000 \WINDOWS\system32\sfc_os.dll

0x774E0000 \WINDOWS\system32\ole32.dll

0x77B40000 \WINDOWS\system32\apphelp.dll

0x5F770000 \WINDOWS\system32\ncobjapi.dll

0x75730000 \WINDOWS\system32\lsasrv.dll

0x76080000 \WINDOWS\system32\msvcp60.dll

0x71B20000 \WINDOWS\system32\mpr.dll

0x7DBD0000 \WINDOWS\system32\scesrv.dll

0x767A0000 \WINDOWS\system32\ntdsapi.dll

0x76F20000 \WINDOWS\system32\dnsapi.dll

0x76F60000 \WINDOWS\system32\wldap32.dll

0x7DBA0000 \WINDOWS\system32\umpnpmgr.dll

0x71BF0000 \WINDOWS\system32\samlib.dll

0x5CB70000 \WINDOWS\system32\shimeng.dll

0x74440000 \WINDOWS\system32\samsrv.dll

0x47260000 \WINDOWS\AppPatch\AcAdProc.dll

0x76790000 \WINDOWS\system32\cryptdll.dll

0x6F880000 \WINDOWS\AppPatch\AcGenral.dll

0x76B40000 \WINDOWS\system32\winmm.dll

0x77120000 \WINDOWS\system32\oleaut32.dll

0x77BE0000 \WINDOWS\system32\msacm32.dll

0x5AD70000 \WINDOWS\system32\uxtheme.dll

0x6BD00000 \WINDOWS\system32\Syncor11.dll

0x71E50000 \WINDOWS\system32\msapsspc.dll

0x78080000 \WINDOWS\system32\msvcrt40.dll

0x767F0000 \WINDOWS\system32\schannel.dll

0x75B00000 \WINDOWS\system32\digest.dll

0x747B0000 \WINDOWS\system32\msnsspc.dll

0x755C0000 \WINDOWS\system32\msctfime.ime

0x71CF0000 \WINDOWS\system32\kerberos.dll

0x77C70000 \WINDOWS\system32\msv1_0.dll

0x76D60000 \WINDOWS\system32\iphlpapi.dll

0x744B0000 \WINDOWS\system32\netlogon.dll

0x767C0000 \WINDOWS\system32\w32time.dll

0x7DFC0000 \WINDOWS\system32\wdigest.dll

0x68000000 \WINDOWS\system32\rsaenh.dll

0x723D0000 \WINDOWS\system32\winscard.dll

0x76F50000 \WINDOWS\system32\wtsapi32.dll

0x74410000 \WINDOWS\system32\scecli.dll

0x77690000 \WINDOWS\system32\ntmarta.dll

0x76A80000 \WINDOWS\system32\rpcss.dll

0x77B70000 \WINDOWS\system32\eventlog.dll

0x6C1B0000 \WINDOWS\system32\duser.dll

0x76380000 \WINDOWS\system32\msimg32.dll

0x74C80000 \WINDOWS\system32\oleacc.dll

0x76FD0000 \WINDOWS\system32\clbcatq.dll

0x77050000 \WINDOWS\system32\comres.dll

0x73D70000 \WINDOWS\system32\shgina.dll

0x71A50000 \WINDOWS\system32\mswsock.dll

0x662B0000 \WINDOWS\system32\hnetcfg.dll

0x71A90000 \WINDOWS\system32\wshtcpip.dll

0x58D40000 \WINDOWS\system32\wship6.dll

0x76FB0000 \WINDOWS\system32\winrnr.dll

0x64000000 \Program Files\Bonjour\mdnsNSP.dll

0x76FC0000 \WINDOWS\system32\rasadhlp.dll

0x5C800000 \Program Files\Microsoft Security Client\Antimalware\MpSvc.dll

0x78130000 \WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

0x7C420000 \WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll

0x5B800000 \Program Files\Windows Defender\MpClient.dll

0x5E800000 \Program Files\Microsoft Security Client\Antimalware\MpRTP.dll

0x4FFE0000 \WINDOWS\system32\fltlib.dll

0x76600000 \WINDOWS\system32\cscdll.dll

0x47020000 \WINDOWS\system32\dimsntfy.dll

0x7D4B0000 \WINDOWS\system32\dhcpcsvc.dll

0x75950000 \WINDOWS\system32\wlnotify.dll

0x76770000 \WINDOWS\system32\dnsrslvr.dll

0x73000000 \WINDOWS\system32\winspool.drv

0x74980000 \WINDOWS\system32\msxml3.dll

0x7DB10000 \WINDOWS\system32\wzcsvc.dll

0x74C40000 \WINDOWS\system32\lmhsvc.dll

0x76E80000 \WINDOWS\system32\rtutils.dll

0x76D30000 \WINDOWS\system32\wmi.dll

0x72810000 \WINDOWS\system32\eapolqec.dll

0x76B20000 \WINDOWS\system32\atl.dll

0x726C0000 \WINDOWS\system32\qutil.dll

0x478C0000 \WINDOWS\system32\dot3api.dll

0x606B0000 \WINDOWS\system32\esent.dll

0x76B70000 \WINDOWS\system32\rastls.dll

0x754D0000 \WINDOWS\system32\cryptui.dll

0x3D930000 \WINDOWS\system32\wininet.dll

0x3DFD0000 \WINDOWS\system32\iertutil.dll

0x76D40000 \WINDOWS\system32\mprapi.dll

0x77CC0000 \WINDOWS\system32\activeds.dll

0x76E10000 \WINDOWS\system32\adsldpc.dll

0x76EE0000 \WINDOWS\system32\rasapi32.dll

0x76E90000 \WINDOWS\system32\rasman.dll

0x76EB0000 \WINDOWS\system32\tapi32.dll

0x74E30000 \WINDOWS\system32\riched20.dll

0x00400000 \Program Files\Alwil Software\Avast5\AvastSvc.exe

0x76BD0000 \WINDOWS\system32\raschap.dll

0x64C80000 \Program Files\Alwil Software\Avast5\aswCmnBS.dll

0x64C00000 \Program Files\Alwil Software\Avast5\aswCmnOS.dll

0x64C40000 \Program Files\Alwil Software\Avast5\aswCmnIS.dll

0x78520000 \WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll

0x78480000 \WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll

0x64500000 \Program Files\Alwil Software\Avast5\ashBase.dll

0x71AD0000 \WINDOWS\system32\wsock32.dll

0x64BC0000 \Program Files\Alwil Software\Avast5\aswEngLdr.dll

0x59A60000 \WINDOWS\system32\dbghelp.dll

0x66080000 \Program Files\Alwil Software\Avast5\1033\Base.dll

0x65080000 \Program Files\Alwil Software\Avast5\ashServ.dll

0x64580000 \Program Files\Alwil Software\Avast5\aswAux.dll

0x64800000 \Program Files\Alwil Software\Avast5\ashTask.dll

0x647C0000 \Program Files\Alwil Software\Avast5\ashTaskEx.dll

0x64700000 \Program Files\Alwil Software\Avast5\aswLog.dll

0x64840000 \Program Files\Alwil Software\Avast5\aswSqLt.dll

0x64740000 \Program Files\Alwil Software\Avast5\aswProperty.dll

0x65000000 \Program Files\Alwil Software\Avast5\Aavm4h.dll

0x65400000 \Program Files\Alwil Software\Avast5\AavmRpch.dll

0x64A00000 \Program Files\Alwil Software\Avast5\aswIdle.dll

0x646C0000 \Program Files\Alwil Software\Avast5\aswDld.dll

0x77A20000 \WINDOWS\system32\cscui.dll

0x74AD0000 \WINDOWS\system32\powrprof.dll

0x6C7F0000 \WINDOWS\system32\dpcdll.dll

0x75F80000 \WINDOWS\system32\browseui.dll

0x7E290000 \WINDOWS\system32\shdocvw.dll

0x64240000 \Program Files\Alwil Software\Avast5\defs\11080801\aswEngin.dll

0x5A100000 \Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD4EBA85-8813-454A-99CB-92533FF01F3C}\mpengine.dll

0x64100000 \Program Files\Alwil Software\Avast5\defs\11080801\aswCmnIS.dll

0x64080000 \Program Files\Alwil Software\Avast5\defs\11080801\aswCmnBS.dll

0x64E40000 \Program Files\Alwil Software\Avast5\ashShell.dll

0x7D1E0000 \WINDOWS\system32\msi.dll

0x64200000 \Program Files\Alwil Software\Avast5\defs\11080801\aswScan.dll

0x75E60000 \WINDOWS\system32\cryptnet.dll

0x661D0000 \Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

0x722B0000 \WINDOWS\system32\sensapi.dll

0x4D4F0000 \WINDOWS\system32\winhttp.dll

0x68EF0000 \Program Files\Microsoft Office\Office12\GrooveUtil.dll

0x68FF0000 \Program Files\Microsoft Office\Office12\GrooveNew.dll

0x7C630000 \WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

0x74EF0000 \WINDOWS\system32\wbem\wbemprox.dll

0x75290000 \WINDOWS\system32\wbem\wbemcomn.dll

0x77710000 \WINDOWS\system32\es.dll

0x58AB0000 \WINDOWS\system32\desk.cpl

0x5BA60000 \WINDOWS\system32\themeui.dll

0x71D40000 \WINDOWS\system32\actxprxy.dll

0x3E1C0000 \WINDOWS\system32\ieframe.dll

0x3CEA0000 \WINDOWS\system32\mshtml.dll

0x75150000 \WINDOWS\system32\cabinet.dll

0x10000000 \Program Files\Microsoft Security Client\MsseWat.dll

0x75CF0000 \WINDOWS\system32\mlang.dll

0x77D00000 \WINDOWS\system32\netman.dll

0x76400000 \WINDOWS\system32\netshell.dll

0x76C00000 \WINDOWS\system32\credui.dll

0x736D0000 \WINDOWS\system32\dot3dlg.dll

0x5DCA0000 \WINDOWS\system32\onex.dll

0x745B0000 \WINDOWS\system32\eappcfg.dll

0x5DCD0000 \WINDOWS\system32\eappprxy.dll

0x73030000 \WINDOWS\system32\wzcsapi.dll

0x746F0000 \WINDOWS\system32\MSIMTF.dll

0x74720000 \WINDOWS\system32\MSCTF.dll

0x5FC10000 \WINDOWS\system32\msutb.dll

0x5C2C0000 \WINDOWS\ime\SPTIP.dll

0x76980000 \WINDOWS\system32\linkinfo.dll

0x76990000 \WINDOWS\system32\ntshrui.dll

0x65E50000 \Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

0x4EC50000 \WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll

0x5F800000 \PROGRA~1\WIFD1F~1\MpShHook.dll

0x73BC0000 \WINDOWS\system32\dciman32.dll

0x6C110000 \Program Files\Microsoft Security Client\sqmapi.dll

0x5E030000 \WINDOWS\system32\ksproxy.ax

0x73EE0000 \WINDOWS\system32\ksuser.dll

0x75F40000 \WINDOWS\system32\devenum.dll

0x736B0000 \WINDOWS\system32\msdmo.dll

0x73B80000 \WINDOWS\system32\avicap32.dll

0x75A70000 \WINDOWS\system32\msvfw32.dll

0x4B400000 \WINDOWS\system32\msftedit.dll

0x7DF70000 \WINDOWS\system32\oledlg.dll

0x66B50000 \Program Files\Microsoft Office\Office12\GrooveMisc.dll

0x66800000 \Program Files\QuickTime\QTSystem\QuickTime.qts

0x605F0000 \WINDOWS\system32\msisip.dll

0x7DFA0000 \WINDOWS\system32\wshext.dll

0x686A0000 \Program Files\QuickTime\QTSystem\QTCF.dll

0x73F10000 \WINDOWS\system32\dsound.dll

0x73760000 \WINDOWS\system32\ddraw.dll

0x76280000 \WINDOWS\system32\stobject.dll

0x74AF0000 \WINDOWS\system32\batmeter.dll

0x63400000 \Program Files\Alwil Software\Avast5\defs\11080801\algo.dll

0x164A0000 \WINDOWS\system32\WPDShServiceObj.dll

0x75F60000 \WINDOWS\system32\drprov.dll

0x71C10000 \WINDOWS\system32\ntlanman.dll

0x71CD0000 \WINDOWS\system32\netui0.dll

0x71C90000 \WINDOWS\system32\netui1.dll

0x71C80000 \WINDOWS\system32\netrap.dll

0x75F70000 \WINDOWS\system32\davclnt.dll

0x72410000 \WINDOWS\system32\mydocs.dll

0x109C0000 \WINDOWS\system32\PortableDeviceTypes.dll

0x10930000 \WINDOWS\system32\PortableDeviceApi.dll

0x6BD10000 \Program Files\Microsoft Office\Office12\MSOHEVI.DLL

0x65920000 \Program Files\Alwil Software\Avast5\AhResBhv.dll

0x65860000 \Program Files\Alwil Software\Avast5\AhResJs.dll

0x65840000 \Program Files\Alwil Software\Avast5\AhResMai.dll

0x65880000 \Program Files\Alwil Software\Avast5\AhResMes.dll

0x658C0000 \Program Files\Alwil Software\Avast5\AhResNS.dll

0x658A0000 \Program Files\Alwil Software\Avast5\AhResP2P.dll

0x65800000 \Program Files\Alwil Software\Avast5\AhResStd.dll

0x658E0000 \Program Files\Alwil Software\Avast5\AhResWS.dll

0x63B20000 \Program Files\Alwil Software\Avast5\defs\11080801\ArPot.dll

0x65200000 \Program Files\Alwil Software\Avast5\ashMaiSv.dll

0x74000000 \WINDOWS\system32\pdh.dll

0x711A0000 \WINDOWS\system32\odbcbcp.dll

0x63B00000 \Program Files\Alwil Software\Avast5\defs\11080801\exts.dll

0x65100000 \Program Files\Alwil Software\Avast5\ashWebSv.dll

0x71F80000 \WINDOWS\system32\security.dll

0x68300000 \Program Files\Alwil Software\Avast5\ashWsFtr.dll

0x77300000 \WINDOWS\system32\schedsvc.dll

0x74F50000 \WINDOWS\system32\msidle.dll

0x708B0000 \WINDOWS\system32\audiosrv.dll

0x76E40000 \WINDOWS\system32\wkssvc.dll

0x72D20000 \WINDOWS\system32\wdmaud.drv

0x72D10000 \WINDOWS\system32\msacm32.drv

0x77BD0000 \WINDOWS\system32\midimap.dll

0x5A6E0000 \WINDOWS\system32\webclnt.dll

0x5B9F0000 \WINDOWS\system32\qmgr.dll

0x76780000 \WINDOWS\system32\shfolder.dll

0x76CE0000 \WINDOWS\system32\cryptsvc.dll

0x77B90000 \WINDOWS\system32\certcli.dll

0x74F80000 \WINDOWS\system32\ersvc.dll

0x74F90000 \WINDOWS\system32\dmserver.dll

0x18000000 \Program Files\Google\Update\1.3.21.65\goopdate.dll

0x74F40000 \WINDOWS\pchealth\helpctr\binaries\pchsvc.dll

0x688E0000 \WINDOWS\system32\hidserv.dll

0x688F0000 \WINDOWS\system32\hid.dll

0x7C340000 \Program Files\Java\jre6\bin\msvcr71.dll

0x75830000 \WINDOWS\system32\mstask.dll

0x75090000 \WINDOWS\system32\srvsvc.dll

0x5DDC0000 \WINDOWS\system32\qmgrprxy.dll

0x742E0000 \WINDOWS\system32\spoolss.dll

0x75BB0000 \WINDOWS\system32\localspl.dll

0x742A0000 \WINDOWS\system32\cnbjmon.dll

0x74D90000 \WINDOWS\system32\usp10.dll

0x732E0000 \WINDOWS\system32\riched32.dll

0x74280000 \WINDOWS\system32\pjlmon.dll

0x5E760000 \WINDOWS\system32\perfos.dll

0x3CF00000 \Program Files\SRWare Iron\locales\en-US.dll

0x5E790000 \WINDOWS\system32\perfdisk.dll

0x72400000 \WINDOWS\system32\tcpmon.dll

0x723F0000 \WINDOWS\system32\usbmon.dll

0x73B30000 \WINDOWS\system32\mscms.dll

0x3F420000 \WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

0x76AF0000 \WINDOWS\system32\regsvc.dll

0x743E0000 \WINDOWS\system32\ipsecsvc.dll

0x75C10000 \WINDOWS\system32\win32spl.dll

0x75D90000 \WINDOWS\system32\oakley.dll

0x74300000 \WINDOWS\system32\inetpp.dll

0x74370000 \WINDOWS\system32\winipsec.dll

0x743A0000 \WINDOWS\system32\pstorsvc.dll

0x743C0000 \WINDOWS\system32\psbase.dll

0x73D20000 \WINDOWS\system32\seclogon.dll

0x722D0000 \WINDOWS\system32\sens.dll

0x68100000 \WINDOWS\system32\dssenh.dll

0x629C0000 \WINDOWS\system32\lpk.dll

0x751A0000 \WINDOWS\system32\srsvc.dll

0x75AA0000 \WINDOWS\system32\wiaservc.dll

0x75070000 \WINDOWS\system32\trkwks.dll

0x74AE0000 \WINDOWS\system32\cfgmgr32.dll

0x50000000 \WINDOWS\system32\wuauserv.dll

0x50040000 \WINDOWS\system32\wuaueng.dll

0x600A0000 \WINDOWS\system32\mspatcha.dll

0x76DA0000 \WINDOWS\system32\browser.dll

0x59490000 \WINDOWS\system32\wbem\wmisvc.dll

0x753E0000 \WINDOWS\system32\vssapi.dll

0x76DE0000 \WINDOWS\system32\upnp.dll

0x74F00000 \WINDOWS\system32\ssdpapi.dll

0x6BC00000 \WINDOWS\system32\6to4svc.dll

0x76620000 \WINDOWS\system32\comsvcs.dll

0x75130000 \WINDOWS\system32\colbact.dll

0x750F0000 \WINDOWS\system32\mtxclu.dll

0x76D10000 \WINDOWS\system32\clusapi.dll

0x750B0000 \WINDOWS\system32\resutils.dll

0x762C0000 \WINDOWS\system32\wbem\wbemcore.dll

0x75310000 \WINDOWS\system32\wbem\esscli.dll

0x75690000 \WINDOWS\system32\wbem\fastprox.dll

0x66460000 \WINDOWS\system32\ipnathlp.dll

0x4C0A0000 \WINDOWS\system32\wscsvc.dll

0x74ED0000 \WINDOWS\system32\wbem\wbemsvc.dll

0x75020000 \WINDOWS\system32\wbem\wmiutils.dll

0x50640000 \WINDOWS\system32\wups.dll

0x50F00000 \WINDOWS\system32\wups2.dll

0x75200000 \WINDOWS\system32\wbem\repdrvfs.dll

0x3F1E0000 \WINDOWS\system32\wbem\wmiprvsd.dll

0x75390000 \WINDOWS\system32\wbem\wbemess.dll

0x755F0000 \WINDOWS\system32\netcfgx.dll

0x506A0000 \WINDOWS\system32\wuapi.dll

0x5F740000 \WINDOWS\system32\wbem\ncprov.dll

0x760F0000 \WINDOWS\system32\termsrv.dll

0x74F70000 \WINDOWS\system32\icaapi.dll

0x75110000 \WINDOWS\system32\mstlsapi.dll

0x733E0000 \WINDOWS\system32\tapisrv.dll

0x73D30000 \WINDOWS\system32\wbem\wbemcons.dll

0x7DF30000 \WINDOWS\system32\rasmans.dll

0x75880000 \WINDOWS\system32\rastapi.dll

0x57CC0000 \WINDOWS\system32\unimdm.tsp

0x72460000 \WINDOWS\system32\rdpwsx.dll

0x72000000 \WINDOWS\system32\uniplat.dll

0x765E0000 \WINDOWS\system32\ssdpsrv.dll

0x6DAA0000 \Program Files\Java\jre6\bin\new_plugin\npjp2.dll

0x768D0000 \WINDOWS\system32\rasdlg.dll

0x63D70000 \Program Files\Mozilla Firefox\plugins\nppl3260.dll

0x57D40000 \WINDOWS\system32\kmddsp.tsp

0x57D20000 \WINDOWS\system32\ndptsp.tsp

0x57D50000 \WINDOWS\system32\ipconf.tsp

0x62BB0000 \WINDOWS\system32\licwmi.dll

0x692C0000 \WINDOWS\system32\wbem\framedyn.dll

0x57D70000 \WINDOWS\system32\h323.tsp

0x57D60000 \WINDOWS\system32\hidphone.tsp

0x61050000 \WINDOWS\system32\licdll.dll

0x72240000 \WINDOWS\system32\rasppp.dll

0x600C0000 \Program Files\Mozilla Firefox\plugins\nprjplug.dll

0x724B0000 \WINDOWS\system32\ntlsapi.dll

0x631F0000 \Program Files\Mozilla Firefox\plugins\nprpjplug.dll

0x72AE0000 \WINDOWS\system32\rasqec.dll

0x6C6D0000 \WINDOWS\system32\dpnhupnp.dll

0x3D5F0000 \WINDOWS\system32\msxml6.dll

0x4C470000 \Program Files\Windows Media Player\npdrmv2.dll

0x5F300000 \Program Files\Windows Media Player\npwmsdrm.dll

0x46AA0000 \WINDOWS\system32\wbem\cimwin32.dll

0x601E0000 \Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

0x7B860000 \Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

0x59910000 \WINDOWS\system32\wbem\wmipcima.dll

0x54480000 \WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

0x435A0000 \WINDOWS\system32\msfeeds.dll

0x42E20000 \WINDOWS\system32\msfeedsbs.dll

0x6D000000 \Program Files\Java\jre6\bin\awt.dll

0x6D7F0000 \Program Files\Java\jre6\bin\client\jvm.dll

0x6D1A0000 \Program Files\Java\jre6\bin\dcpr.dll

0x6D1D0000 \Program Files\Java\jre6\bin\deploy.dll

0x6D230000 \Program Files\Java\jre6\bin\fontmanager.dll

0x6D280000 \Program Files\Java\jre6\bin\hpi.dll

0x6D320000 \Program Files\Java\jre6\bin\java.dll

0x6D420000 \Program Files\Java\jre6\bin\jp2native.dll

0x6D440000 \Program Files\Java\jre6\bin\jpeg.dll

0x6D600000 \Program Files\Java\jre6\bin\net.dll

0x6D620000 \Program Files\Java\jre6\bin\nio.dll

0x6D6A0000 \Program Files\Java\jre6\bin\regutils.dll

0x6D7A0000 \Program Files\Java\jre6\bin\verify.dll

0x6D7E0000 \Program Files\Java\jre6\bin\zip.dll

0x63A00000 \Program Files\Alwil Software\Avast5\defs\11080801\aswAR.dll

0x64180000 \Program Files\Alwil Software\Avast5\defs\11080801\aswRawFS.dll

0x72080000 \WINDOWS\system32\xactsrv.dll

0x63C00000 \Program Files\Alwil Software\Avast5\defs\11080801\aswCleanerDLL.dll

0x16210000 \WINDOWS\system32\WpdShext.dll

0x15110000 \WINDOWS\system32\WMVCore.dll

0x593F0000 \WINDOWS\system32\wiashext.dll

0x73BA0000 \WINDOWS\system32\sti.dll

0x40000000 \Program Files\Alwil Software\Avast5\defs\11080801\Sf.bin

0x71950000 \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

0x60110000 \Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

0x7C3A0000 \WINDOWS\system32\MSVCP71.dll

0x32600000 \Program Files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL

0x5F200000 \Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll

0x29500000 \Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

0x73380000 \WINDOWS\system32\zipfldr.dll

0x72830000 \WINDOWS\system32\mfc42u.dll

0x472A0000 \WINDOWS\system32\mmcbase.dll

0x472D0000 \WINDOWS\system32\mmcndmgr.dll

0x72640000 \WINDOWS\system32\mycomput.dll

0x725B0000 \WINDOWS\system32\ntmsmgr.dll

0x72630000 \WINDOWS\system32\ntmsapi.dll

0x6D3C0000 \WINDOWS\system32\dfrgsnap.dll

0x752D0000 \WINDOWS\system32\dmdskmgr.dll

0x72A00000 \WINDOWS\system32\dmutil.dll

0x74770000 \WINDOWS\system32\els.dll

0x72970000 \WINDOWS\system32\filemgmt.dll

0x72930000 \WINDOWS\system32\localsec.dll

0x74CB0000 \WINDOWS\system32\adsnt.dll

0x72540000 \WINDOWS\system32\rassapi.dll

0x724E0000 \WINDOWS\system32\smlogcfg.dll

0x72A90000 \WINDOWS\system32\devmgr.dll

0x60D30000 \WINDOWS\system32\wbem\wbemcntl.dll

0x6F510000 \WINDOWS\system32\ciadmin.dll

0x7D9A0000 \WINDOWS\system32\query.dll

0x51860000 \Program Files\Common Files\Microsoft Shared\VS7DEBUG\pdm.dll

0x51710000 \Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll

0x3D7A0000 \WINDOWS\system32\jscript.dll

0x60850000 \WINDOWS\system32\snmpsnap.dll

0x597A0000 \WINDOWS\system32\servdeps.dll

0x61720000 \WINDOWS\system32\mmfutil.dll

0x5B3C0000 \WINDOWS\system32\tscfgwmi.dll

0x64780000 \Program Files\Alwil Software\Avast5\aswUtil.dll

0x789E0000 \WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll

0x64680000 \Program Files\Alwil Software\Avast5\aswData.dll

0x660C0000 \Program Files\Alwil Software\Avast5\1033\uiLangRes.dll

0x66100000 \Program Files\Alwil Software\Avast5\CommonRes.dll

 

Processes (total 46):

0 System Idle Process

4 System

772 C:\WINDOWS\system32\smss.exe

820 csrss.exe

844 C:\WINDOWS\system32\winlogon.exe

888 C:\WINDOWS\system32\services.exe

900 C:\WINDOWS\system32\lsass.exe

1076 C:\WINDOWS\system32\svchost.exe

1164 svchost.exe

1400 C:\WINDOWS\system32\svchost.exe

1512 svchost.exe

1644 svchost.exe

1948 C:\WINDOWS\explorer.exe

464 C:\WINDOWS\system32\ctfmon.exe

556 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

580 C:\WINDOWS\system32\hkcmd.exe

592 C:\WINDOWS\system32\igfxpers.exe

640 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

660 C:\Program Files\Microsoft Security Client\msseces.exe

808 C:\WINDOWS\vmsnap3.exe

408 C:\WINDOWS\Domino.exe

960 C:\Program Files\iTunes\iTunesHelper.exe

124 C:\Program Files\DivX\DivX Update\DivXUpdate.exe

1096 C:\Program Files\Common Files\Java\Java Update\jusched.exe

1084 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe

1508 C:\Program Files\Sound Control\sc.exe

2276 C:\Program Files\SRWare Iron\iron.exe

2312 C:\WINDOWS\system32\spoolsv.exe

2452 svchost.exe

2492 C:\Program Files\Bonjour\mDNSResponder.exe

2784 C:\Program Files\Java\jre6\bin\jqs.exe

2836 C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe

2952 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

3296 C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe

3596 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

3812 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

3876 C:\Program Files\SRWare Iron\iron.exe

3896 C:\Program Files\SRWare Iron\iron.exe

3904 C:\Program Files\SRWare Iron\iron.exe

3964 C:\WINDOWS\system32\svchost.exe

2760 C:\Program Files\iPod\bin\iPodService.exe

3544 alg.exe

2824 C:\Program Files\SRWare Iron\iron.exe

1900 C:\Program Files\SRWare Iron\iron.exe

2968 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

2532 C:\Documents and Settings\Tamtum\Desktop\MBRCheck.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

 

PhysicalDrive0 Model Number: WDCWD400JD-75HKA1, Rev: 14.03G14

PhysicalDrive1 Model Number: ST3120026AS, Rev: 3.43

 

Size Device Name MBR Status

--------------------------------------------

37 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

111 GB \\.\PhysicalDrive1 Unknown MBR code

SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

 

 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

Done!

 

-------MBAM LOG

 

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7415

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

8/9/2011 12:53:36 AM

mbam-log-2011-08-09 (00-53-36).txt

 

Scan type: Quick scan

Objects scanned: 157387

Time elapsed: 9 minute(s), 6 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Link to comment
Share on other sites

Hello eusebios

 

Thank you for the logs.

 

Please let me know if those errors I send to you are related to this?

I cannot find a great deal of information about the error messages you received. It it possible that they may be relate to hardware.

 

Lets run an online scan to check for anything that may have been missed:

 

  • Please run the following scan

     

     

  • Note:Internet Explorer is preferred for this scan, although it will run with other browsers.
  • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
  • Please disable your real time security programs before performing the scan.

 

  • Scan your system with Eset Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.

 

  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option to "Remove Found Threats" is UN checked.
  • Push the "Start" button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please post the ESET log in your next reply.

 

 

Link to comment
Share on other sites

Hi JonTom,

 

Sorry to be late but, the process of ESET took all night and following half-day.

 

Here is the log

 

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=213b8f4381c1f645917f7bb0f9819734

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-10 04:05:51

# local_time=2011-08-10 12:05:51 (-0400, SA Western Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 38818789 38818789 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=81979

# found=2

# cleaned=0

# scan_time=45641

E:\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

E:\My Download\Adobe Acrobat Professional\ADOBE.ACROBAT-V9.0.PRO.EXTENDED.Keygen.Only-EDGE.rar probably a variant of Win32/Agent.DQPHVKD trojan (unable to clean) 00000000000000000000000000000000 I

Link to comment
Share on other sites

Hello eusebios

 

Another keygened file? :(

 

  • Please download OTM

     

     

  • Please download OTM by OldTimer by clicking here.
  • Save the file (called OTM.exe) to your desktop.
  • Double click on the OTM.exe icon to run the program. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

 

:Processes 
explorer.exe

:Files
E:\My Download\Adobe Acrobat Professional\ADOBE.ACROBAT-V9.0.PRO.EXTENDED.Keygen.Only-EDGE.rar
E:\My Download\Adobe Acrobat Professional

:Commands
[Purity]
[EmptyTemp]
[Emptyflash]
[Start Explorer]
[Reboot]

 

 

 

  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

  • Click the Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM.
  • Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please post the OTM log in your next reply along with a new DDS log and let me know how the machine is running.

 

Please be advised that I will be offline from this coming saturday for 1 week.

 

 

Link to comment
Share on other sites

Hi JonTom,

 

Thank you for your help.

 

Enjoy your week off the PCpitshop!

 

If you think someone else can continue your excel job, I will be glad to help on whatever he/she ask for.

 

The system if working fine now, however some times it crashed. I am monitoring it but no error message is produced.

 

Below are the logs you requested.

 

Best Regards!!

 

 

----------OMT.LOG------

 

 

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

E:\My Download\Adobe Acrobat Professional\ADOBE.ACROBAT-V9.0.PRO.EXTENDED.Keygen.Only-EDGE.rar moved successfully.

E:\My Download\Adobe Acrobat Professional folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41044 bytes

 

User: LocalService

->Temp folder emptied: 65748 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 20206 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Tamtum

->Temp folder emptied: 1115020 bytes

->Temporary Internet Files folder emptied: 28116339 bytes

->Java cache emptied: 961677 bytes

->FireFox cache emptied: 38460912 bytes

->Google Chrome cache emptied: 1642864 bytes

->Apple Safari cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 161859 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 4804088 bytes

%systemroot%\System32 .tmp files removed: 5155345 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 63308 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12925417 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 89.00 mb

 

 

OTM by OldTimer - Version 3.1.18.0 log created on 08112011_201238

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

---DDS.LOG ----------------------

 

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Tamtum at 20:40:34 on 2011-08-11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.1715 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\VMSnap3.exe

C:\WINDOWS\Domino.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Sound Control\sc.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\Program Files\SRWare Iron\iron.exe

C:\WINDOWS\system32\msfeedssync.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = local;*.local

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [setRefresh] c:\program files\compaq\setrefresh\\SetRefresh.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [VMSnap3] c:\windows\VMSnap3.exe

mRun: [Domino] c:\windows\Domino.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\soundc~1.lnk - c:\program files\sound control\sc.exe

IE: Download all by FlashGet3 - c:\documents and settings\tamtum\application data\flashgetbho\GetAllUrl.htm

IE: Download by FlashGet3 - c:\documents and settings\tamtum\application data\flashgetbho\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: ????3?? - c:\documents and settings\tamtum\application data\flashgetbho\GetUrl.htm

IE: ????3?????? - c:\documents and settings\tamtum\application data\flashgetbho\GetAllUrl.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 63.245.32.5 24.138.234.252 63.245.32.11

TCP: Interfaces\{EF28B60C-7976-4AB4-B1AC-5E3B7812C1A0} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{EF28B60C-7976-4AB4-B1AC-5E3B7812C1A0} : DhcpNameServer = 63.245.32.5 24.138.234.252 63.245.32.11

Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\tamtum\application data\mozilla\firefox\profiles\635rnjf1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.refdesk.com/

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\tamtum\my documents\netscape6\nppl3260.dll

FF - plugin: c:\documents and settings\tamtum\my documents\netscape6\nprjplug.dll

FF - plugin: c:\documents and settings\tamtum\my documents\netscape6\nprpjplug.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\nitro pdf\reader\npdf.dll

FF - plugin: c:\program files\nitro pdf\reader\npnitromozilla.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-10 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-16 309848]

R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-7-31 20216]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]

R1 MpKsl7028f2ae;MpKsl7028f2ae;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2313b9d5-edf2-41ce-88ed-66d58b22c56e}\MpKsl7028f2ae.sys [2011-8-11 28752]

R1 MpKslf5a1a8a5;MpKslf5a1a8a5;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2313b9d5-edf2-41ce-88ed-66d58b22c56e}\MpKslf5a1a8a5.sys [2011-8-11 28752]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-16 19544]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-23 54752]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService2.exe [2011-6-21 196912]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]

S1 MpKsl0062820c;MpKsl0062820c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{566df78d-48e7-48b7-9fc3-56004ff11f46}\mpksl0062820c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{566df78d-48e7-48b7-9fc3-56004ff11f46}\MpKsl0062820c.sys [?]

S1 MpKsl05e3e8be;MpKsl05e3e8be;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{87cbca0c-2c23-41af-bad1-12a01c62cccf}\mpksl05e3e8be.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{87cbca0c-2c23-41af-bad1-12a01c62cccf}\MpKsl05e3e8be.sys [?]

S1 MpKsl0830cca8;MpKsl0830cca8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2f53af6-5a4b-41d4-be4d-f4c068651b42}\mpksl0830cca8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2f53af6-5a4b-41d4-be4d-f4c068651b42}\MpKsl0830cca8.sys [?]

S1 MpKsl08708dd8;MpKsl08708dd8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3bd31cb2-8ddd-4fa4-9213-983847225c01}\mpksl08708dd8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3bd31cb2-8ddd-4fa4-9213-983847225c01}\MpKsl08708dd8.sys [?]

S1 MpKsl095d399c;MpKsl095d399c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d24f2c1-0ca3-40a8-a5e2-c46848c69dd9}\mpksl095d399c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d24f2c1-0ca3-40a8-a5e2-c46848c69dd9}\MpKsl095d399c.sys [?]

S1 MpKsl0c43791c;MpKsl0c43791c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d12a5d1-ca80-4b5f-937f-c57918823c70}\mpksl0c43791c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d12a5d1-ca80-4b5f-937f-c57918823c70}\MpKsl0c43791c.sys [?]

S1 MpKsl0cbfd4a0;MpKsl0cbfd4a0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{069f665d-6d6c-4c2b-b002-5309199ecd6a}\mpksl0cbfd4a0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{069f665d-6d6c-4c2b-b002-5309199ecd6a}\MpKsl0cbfd4a0.sys [?]

S1 MpKsl0da4d4fa;MpKsl0da4d4fa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60eebebc-92fa-4a73-8be5-e5e00053d9d3}\mpksl0da4d4fa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60eebebc-92fa-4a73-8be5-e5e00053d9d3}\MpKsl0da4d4fa.sys [?]

S1 MpKsl1169cda3;MpKsl1169cda3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14a14352-6297-45b7-b893-a7df367b618d}\mpksl1169cda3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14a14352-6297-45b7-b893-a7df367b618d}\MpKsl1169cda3.sys [?]

S1 MpKsl13005c2b;MpKsl13005c2b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27fa18d0-90f4-4ae0-9a18-0592c7eb5399}\mpksl13005c2b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{27fa18d0-90f4-4ae0-9a18-0592c7eb5399}\MpKsl13005c2b.sys [?]

S1 MpKsl1400ef74;MpKsl1400ef74;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d24f2c1-0ca3-40a8-a5e2-c46848c69dd9}\mpksl1400ef74.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d24f2c1-0ca3-40a8-a5e2-c46848c69dd9}\MpKsl1400ef74.sys [?]

S1 MpKsl155d68d1;MpKsl155d68d1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4a3c992-22da-4b33-b907-eb6ecad9d43a}\mpksl155d68d1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4a3c992-22da-4b33-b907-eb6ecad9d43a}\MpKsl155d68d1.sys [?]

S1 MpKsl169ac2e6;MpKsl169ac2e6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33b5a980-fe82-44a9-933c-1e30c789b1bf}\mpksl169ac2e6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33b5a980-fe82-44a9-933c-1e30c789b1bf}\MpKsl169ac2e6.sys [?]

S1 MpKsl1933e5e4;MpKsl1933e5e4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffa11c6a-b730-4ade-a3ed-60b231092e53}\mpksl1933e5e4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffa11c6a-b730-4ade-a3ed-60b231092e53}\MpKsl1933e5e4.sys [?]

S1 MpKsl1daaf17c;MpKsl1daaf17c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\mpksl1daaf17c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\MpKsl1daaf17c.sys [?]

S1 MpKsl20bf2eb0;MpKsl20bf2eb0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{07086ac7-d769-48b6-9105-a0ab95b95002}\mpksl20bf2eb0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{07086ac7-d769-48b6-9105-a0ab95b95002}\MpKsl20bf2eb0.sys [?]

S1 MpKsl234e52f6;MpKsl234e52f6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c71b6c5-ca7a-4181-b44e-21feca7eaeff}\mpksl234e52f6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c71b6c5-ca7a-4181-b44e-21feca7eaeff}\MpKsl234e52f6.sys [?]

S1 MpKsl26aafb95;MpKsl26aafb95;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3bd31cb2-8ddd-4fa4-9213-983847225c01}\mpksl26aafb95.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3bd31cb2-8ddd-4fa4-9213-983847225c01}\MpKsl26aafb95.sys [?]

S1 MpKsl26ffbc48;MpKsl26ffbc48;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4c5bfaf-40dc-47df-9315-195a796d3e73}\mpksl26ffbc48.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4c5bfaf-40dc-47df-9315-195a796d3e73}\MpKsl26ffbc48.sys [?]

S1 MpKsl29d74a01;MpKsl29d74a01;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85f12741-1760-467a-bb67-71ea68bce909}\mpksl29d74a01.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85f12741-1760-467a-bb67-71ea68bce909}\MpKsl29d74a01.sys [?]

S1 MpKsl2a922ab7;MpKsl2a922ab7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ef47269e-233e-460f-bf72-1eb145c55a63}\mpksl2a922ab7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ef47269e-233e-460f-bf72-1eb145c55a63}\MpKsl2a922ab7.sys [?]

S1 MpKsl2aa2d938;MpKsl2aa2d938;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\mpksl2aa2d938.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\MpKsl2aa2d938.sys [?]

S1 MpKsl34226978;MpKsl34226978;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{903731d9-773d-4a04-86a8-9c42c46e9472}\mpksl34226978.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{903731d9-773d-4a04-86a8-9c42c46e9472}\MpKsl34226978.sys [?]

S1 MpKsl3593f526;MpKsl3593f526;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8243420-e564-4185-8172-b80929c1f526}\mpksl3593f526.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8243420-e564-4185-8172-b80929c1f526}\MpKsl3593f526.sys [?]

S1 MpKsl359b2c54;MpKsl359b2c54;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1bdb81e-68e2-46a9-95d1-999670255447}\mpksl359b2c54.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d1bdb81e-68e2-46a9-95d1-999670255447}\MpKsl359b2c54.sys [?]

S1 MpKsl36f85288;MpKsl36f85288;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed317f68-829d-4407-86c2-5af3421047f0}\mpksl36f85288.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed317f68-829d-4407-86c2-5af3421047f0}\MpKsl36f85288.sys [?]

S1 MpKsl3d52ce76;MpKsl3d52ce76;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19d52414-151a-40a4-a18f-9d1c0e93855b}\mpksl3d52ce76.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19d52414-151a-40a4-a18f-9d1c0e93855b}\MpKsl3d52ce76.sys [?]

S1 MpKsl3e1db336;MpKsl3e1db336;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f1daaf35-368e-4c29-b74b-34d0bbc98e6d}\mpksl3e1db336.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f1daaf35-368e-4c29-b74b-34d0bbc98e6d}\MpKsl3e1db336.sys [?]

S1 MpKsl3ef10ded;MpKsl3ef10ded;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0e49630-0acf-4ad4-a759-213f58febbf0}\mpksl3ef10ded.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0e49630-0acf-4ad4-a759-213f58febbf0}\MpKsl3ef10ded.sys [?]

S1 MpKsl3fa1f2bd;MpKsl3fa1f2bd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0e63132-baa4-47e5-96ca-2445c053c881}\mpksl3fa1f2bd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0e63132-baa4-47e5-96ca-2445c053c881}\MpKsl3fa1f2bd.sys [?]

S1 MpKsl4011acc7;MpKsl4011acc7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{858c51ab-cbda-4aa8-b372-76e2e758430a}\mpksl4011acc7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{858c51ab-cbda-4aa8-b372-76e2e758430a}\MpKsl4011acc7.sys [?]

S1 MpKsl40b48993;MpKsl40b48993;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffa11c6a-b730-4ade-a3ed-60b231092e53}\mpksl40b48993.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffa11c6a-b730-4ade-a3ed-60b231092e53}\MpKsl40b48993.sys [?]

S1 MpKsl41f2391e;MpKsl41f2391e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c72298d5-8ae7-43f6-ad86-9b43d1c118bd}\mpksl41f2391e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c72298d5-8ae7-43f6-ad86-9b43d1c118bd}\MpKsl41f2391e.sys [?]

S1 MpKsl4227634a;MpKsl4227634a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{815047ad-4781-49bf-a4a1-5695d6e032e3}\mpksl4227634a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{815047ad-4781-49bf-a4a1-5695d6e032e3}\MpKsl4227634a.sys [?]

S1 MpKsl46e6a53f;MpKsl46e6a53f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2f53af6-5a4b-41d4-be4d-f4c068651b42}\mpksl46e6a53f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2f53af6-5a4b-41d4-be4d-f4c068651b42}\MpKsl46e6a53f.sys [?]

S1 MpKsl48572518;MpKsl48572518;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{95e8dad5-9a7d-437f-8c4c-65ac9d15a4be}\mpksl48572518.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{95e8dad5-9a7d-437f-8c4c-65ac9d15a4be}\MpKsl48572518.sys [?]

S1 MpKsl4a32284a;MpKsl4a32284a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f2dfd2e-1e6c-4755-9992-9fda63fa272c}\mpksl4a32284a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f2dfd2e-1e6c-4755-9992-9fda63fa272c}\MpKsl4a32284a.sys [?]

S1 MpKsl516bc985;MpKsl516bc985;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d05cf8d-1834-4b86-a8f2-ee48fbf16ee9}\mpksl516bc985.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d05cf8d-1834-4b86-a8f2-ee48fbf16ee9}\MpKsl516bc985.sys [?]

S1 MpKsl517fe212;MpKsl517fe212;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6198fcd2-73b8-4d27-baeb-132b7a43669d}\mpksl517fe212.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6198fcd2-73b8-4d27-baeb-132b7a43669d}\MpKsl517fe212.sys [?]

S1 MpKsl5204124b;MpKsl5204124b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f900d95-dd6e-4da8-b853-854c21209c88}\mpksl5204124b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f900d95-dd6e-4da8-b853-854c21209c88}\MpKsl5204124b.sys [?]

S1 MpKsl541c941c;MpKsl541c941c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{903731d9-773d-4a04-86a8-9c42c46e9472}\mpksl541c941c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{903731d9-773d-4a04-86a8-9c42c46e9472}\MpKsl541c941c.sys [?]

S1 MpKsl564ce894;MpKsl564ce894;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c34da673-8d55-4022-a462-0596bbbf9490}\mpksl564ce894.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c34da673-8d55-4022-a462-0596bbbf9490}\MpKsl564ce894.sys [?]

S1 MpKsl57fc41cc;MpKsl57fc41cc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17cfb135-64c0-4a42-8013-83520c22c4bd}\mpksl57fc41cc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17cfb135-64c0-4a42-8013-83520c22c4bd}\MpKsl57fc41cc.sys [?]

S1 MpKsl58993284;MpKsl58993284;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17cfb135-64c0-4a42-8013-83520c22c4bd}\mpksl58993284.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17cfb135-64c0-4a42-8013-83520c22c4bd}\MpKsl58993284.sys [?]

S1 MpKsl5b2f3606;MpKsl5b2f3606;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14a14352-6297-45b7-b893-a7df367b618d}\mpksl5b2f3606.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14a14352-6297-45b7-b893-a7df367b618d}\MpKsl5b2f3606.sys [?]

S1 MpKsl5dd94069;MpKsl5dd94069;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bffe856d-0357-4b2c-81eb-476802a00b3a}\mpksl5dd94069.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bffe856d-0357-4b2c-81eb-476802a00b3a}\MpKsl5dd94069.sys [?]

S1 MpKsl60fb0b74;MpKsl60fb0b74;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9eff8977-9bee-49a5-b829-bac9c28dd078}\mpksl60fb0b74.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9eff8977-9bee-49a5-b829-bac9c28dd078}\MpKsl60fb0b74.sys [?]

S1 MpKsl6166bfbd;MpKsl6166bfbd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{287e2510-967f-45b2-bb03-3e06679ac188}\mpksl6166bfbd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{287e2510-967f-45b2-bb03-3e06679ac188}\MpKsl6166bfbd.sys [?]

S1 MpKsl6167cc78;MpKsl6167cc78;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17cfb135-64c0-4a42-8013-83520c22c4bd}\mpksl6167cc78.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17cfb135-64c0-4a42-8013-83520c22c4bd}\MpKsl6167cc78.sys [?]

S1 MpKsl635aac9c;MpKsl635aac9c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8243420-e564-4185-8172-b80929c1f526}\mpksl635aac9c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8243420-e564-4185-8172-b80929c1f526}\MpKsl635aac9c.sys [?]

S1 MpKsl64f882d1;MpKsl64f882d1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0e63132-baa4-47e5-96ca-2445c053c881}\mpksl64f882d1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0e63132-baa4-47e5-96ca-2445c053c881}\MpKsl64f882d1.sys [?]

S1 MpKsl68633118;MpKsl68633118;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{83990b25-785d-4197-a867-1b252d3f9756}\mpksl68633118.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{83990b25-785d-4197-a867-1b252d3f9756}\MpKsl68633118.sys [?]

S1 MpKsl68b30fce;MpKsl68b30fce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c2d51da-ebc5-419b-bedd-3f7868fbf53c}\mpksl68b30fce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c2d51da-ebc5-419b-bedd-3f7868fbf53c}\MpKsl68b30fce.sys [?]

S1 MpKsl6e6d6d15;MpKsl6e6d6d15;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6a01473-7f05-4999-a131-5aeacfa22dad}\mpksl6e6d6d15.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6a01473-7f05-4999-a131-5aeacfa22dad}\MpKsl6e6d6d15.sys [?]

S1 MpKsl6efdef7a;MpKsl6efdef7a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c71b6c5-ca7a-4181-b44e-21feca7eaeff}\mpksl6efdef7a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c71b6c5-ca7a-4181-b44e-21feca7eaeff}\MpKsl6efdef7a.sys [?]

S1 MpKsl742c73c1;MpKsl742c73c1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\mpksl742c73c1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\MpKsl742c73c1.sys [?]

S1 MpKsl76c1f2d0;MpKsl76c1f2d0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b58869f-223c-40f4-a2f4-994c8cec10be}\mpksl76c1f2d0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b58869f-223c-40f4-a2f4-994c8cec10be}\MpKsl76c1f2d0.sys [?]

S1 MpKsl77bdabaf;MpKsl77bdabaf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d3b832ae-a635-4f34-a853-e03580363bbe}\mpksl77bdabaf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d3b832ae-a635-4f34-a853-e03580363bbe}\MpKsl77bdabaf.sys [?]

S1 MpKsl7ac8689c;MpKsl7ac8689c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{171914c6-a61a-4460-b30d-27c5dd421406}\mpksl7ac8689c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{171914c6-a61a-4460-b30d-27c5dd421406}\MpKsl7ac8689c.sys [?]

S1 MpKsl84bc1394;MpKsl84bc1394;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{171914c6-a61a-4460-b30d-27c5dd421406}\mpksl84bc1394.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{171914c6-a61a-4460-b30d-27c5dd421406}\MpKsl84bc1394.sys [?]

S1 MpKsl8ce38e72;MpKsl8ce38e72;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{acfd1e8f-7142-4aae-a3d5-0eb6427779d4}\mpksl8ce38e72.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{acfd1e8f-7142-4aae-a3d5-0eb6427779d4}\MpKsl8ce38e72.sys [?]

S1 MpKsl8d15d389;MpKsl8d15d389;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cbdda7bc-da5f-4043-a433-c2b05a775310}\mpksl8d15d389.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cbdda7bc-da5f-4043-a433-c2b05a775310}\MpKsl8d15d389.sys [?]

S1 MpKsl8e1d8ae9;MpKsl8e1d8ae9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\mpksl8e1d8ae9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\MpKsl8e1d8ae9.sys [?]

S1 MpKsl8fb3a792;MpKsl8fb3a792;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f900d95-dd6e-4da8-b853-854c21209c88}\mpksl8fb3a792.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f900d95-dd6e-4da8-b853-854c21209c88}\MpKsl8fb3a792.sys [?]

S1 MpKsl912ed2fd;MpKsl912ed2fd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{073f38bd-56d3-454b-9057-5e3b7e746134}\mpksl912ed2fd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{073f38bd-56d3-454b-9057-5e3b7e746134}\MpKsl912ed2fd.sys [?]

S1 MpKsl91966f97;MpKsl91966f97;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12de62fd-e0c5-4e06-ae31-51c9d8160cc7}\mpksl91966f97.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12de62fd-e0c5-4e06-ae31-51c9d8160cc7}\MpKsl91966f97.sys [?]

S1 MpKsl925d4101;MpKsl925d4101;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f1daaf35-368e-4c29-b74b-34d0bbc98e6d}\mpksl925d4101.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f1daaf35-368e-4c29-b74b-34d0bbc98e6d}\MpKsl925d4101.sys [?]

S1 MpKsl92892f95;MpKsl92892f95;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93587a95-fe89-42e6-8ac0-980766162d6e}\mpksl92892f95.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{93587a95-fe89-42e6-8ac0-980766162d6e}\MpKsl92892f95.sys [?]

S1 MpKsl9472eedc;MpKsl9472eedc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85f12741-1760-467a-bb67-71ea68bce909}\mpksl9472eedc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85f12741-1760-467a-bb67-71ea68bce909}\MpKsl9472eedc.sys [?]

S1 MpKsl9496b544;MpKsl9496b544;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{085a2beb-7fc0-4023-8b9a-1118b6aac332}\mpksl9496b544.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{085a2beb-7fc0-4023-8b9a-1118b6aac332}\MpKsl9496b544.sys [?]

S1 MpKsl98cda411;MpKsl98cda411;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c181d72-2946-43d0-bb14-d840c74a7cca}\mpksl98cda411.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c181d72-2946-43d0-bb14-d840c74a7cca}\MpKsl98cda411.sys [?]

S1 MpKsla03d353d;MpKsla03d353d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{87cbca0c-2c23-41af-bad1-12a01c62cccf}\mpksla03d353d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{87cbca0c-2c23-41af-bad1-12a01c62cccf}\MpKsla03d353d.sys [?]

S1 MpKsla684e89e;MpKsla684e89e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{566df78d-48e7-48b7-9fc3-56004ff11f46}\mpksla684e89e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{566df78d-48e7-48b7-9fc3-56004ff11f46}\MpKsla684e89e.sys [?]

S1 MpKsla743a20d;MpKsla743a20d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36742b6b-07ce-47b7-a132-78c7285f563f}\mpksla743a20d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36742b6b-07ce-47b7-a132-78c7285f563f}\MpKsla743a20d.sys [?]

S1 MpKsla7736210;MpKsla7736210;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33dbbdf3-2c3f-4a19-81ca-28922a4f1df8}\mpksla7736210.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33dbbdf3-2c3f-4a19-81ca-28922a4f1df8}\MpKsla7736210.sys [?]

S1 MpKsla958f364;MpKsla958f364;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19d52414-151a-40a4-a18f-9d1c0e93855b}\mpksla958f364.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{19d52414-151a-40a4-a18f-9d1c0e93855b}\MpKsla958f364.sys [?]

S1 MpKsla98abc04;MpKsla98abc04;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8a7f4745-aa7c-445d-8477-c5c0eb36e107}\mpksla98abc04.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8a7f4745-aa7c-445d-8477-c5c0eb36e107}\MpKsla98abc04.sys [?]

S1 MpKslad68d291;MpKslad68d291;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{58d97b1e-6137-497d-a106-017fef9de28b}\mpkslad68d291.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{58d97b1e-6137-497d-a106-017fef9de28b}\MpKslad68d291.sys [?]

S1 MpKslaf285074;MpKslaf285074;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05ad6b1a-e6b9-43ac-a1e8-e14c45b768f5}\mpkslaf285074.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05ad6b1a-e6b9-43ac-a1e8-e14c45b768f5}\MpKslaf285074.sys [?]

S1 MpKslb01c8a7f;MpKslb01c8a7f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed317f68-829d-4407-86c2-5af3421047f0}\mpkslb01c8a7f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed317f68-829d-4407-86c2-5af3421047f0}\MpKslb01c8a7f.sys [?]

S1 MpKslb43192ba;MpKslb43192ba;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9176973e-1901-4341-a6e5-20ab8ccd558b}\mpkslb43192ba.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9176973e-1901-4341-a6e5-20ab8ccd558b}\MpKslb43192ba.sys [?]

S1 MpKslb7620e7c;MpKslb7620e7c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc6dbd8e-e8eb-4274-9a1b-f9199c9553a2}\mpkslb7620e7c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc6dbd8e-e8eb-4274-9a1b-f9199c9553a2}\MpKslb7620e7c.sys [?]

S1 MpKslb94402b4;MpKslb94402b4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0254acbb-18c4-48c4-acc3-2d018f918e95}\mpkslb94402b4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0254acbb-18c4-48c4-acc3-2d018f918e95}\MpKslb94402b4.sys [?]

S1 MpKslbaa58cc3;MpKslbaa58cc3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8a7f4745-aa7c-445d-8477-c5c0eb36e107}\mpkslbaa58cc3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8a7f4745-aa7c-445d-8477-c5c0eb36e107}\MpKslbaa58cc3.sys [?]

S1 MpKslbdc49bdd;MpKslbdc49bdd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\mpkslbdc49bdd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\MpKslbdc49bdd.sys [?]

S1 MpKslbe48c29b;MpKslbe48c29b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0dba57fb-f476-44a8-ac80-2b477ff8feee}\mpkslbe48c29b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0dba57fb-f476-44a8-ac80-2b477ff8feee}\MpKslbe48c29b.sys [?]

S1 MpKslc037d243;MpKslc037d243;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5baece31-8d08-4a81-b71b-d3eea40dba6e}\mpkslc037d243.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5baece31-8d08-4a81-b71b-d3eea40dba6e}\MpKslc037d243.sys [?]

S1 MpKslc348c41f;MpKslc348c41f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{57d35839-7c44-456b-b2bd-dd469046480f}\mpkslc348c41f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{57d35839-7c44-456b-b2bd-dd469046480f}\MpKslc348c41f.sys [?]

S1 MpKslcd1d00b3;MpKslcd1d00b3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d94cc3fb-c391-4287-8173-3c21ccfc8d3d}\mpkslcd1d00b3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d94cc3fb-c391-4287-8173-3c21ccfc8d3d}\MpKslcd1d00b3.sys [?]

S1 MpKsld094f0d8;MpKsld094f0d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d3b832ae-a635-4f34-a853-e03580363bbe}\mpksld094f0d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d3b832ae-a635-4f34-a853-e03580363bbe}\MpKsld094f0d8.sys [?]

S1 MpKsld3c0621c;MpKsld3c0621c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05ad6b1a-e6b9-43ac-a1e8-e14c45b768f5}\mpksld3c0621c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{05ad6b1a-e6b9-43ac-a1e8-e14c45b768f5}\MpKsld3c0621c.sys [?]

S1 MpKsldb8d68b1;MpKsldb8d68b1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\mpksldb8d68b1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\MpKsldb8d68b1.sys [?]

S1 MpKsldcfd209c;MpKsldcfd209c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c9b2891-2d3d-4dd0-b76f-2f1b5c533c13}\mpksldcfd209c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c9b2891-2d3d-4dd0-b76f-2f1b5c533c13}\MpKsldcfd209c.sys [?]

S1 MpKsldd5dc335;MpKsldd5dc335;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{287e2510-967f-45b2-bb03-3e06679ac188}\mpksldd5dc335.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{287e2510-967f-45b2-bb03-3e06679ac188}\MpKsldd5dc335.sys [?]

S1 MpKsle56add0a;MpKsle56add0a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0e49630-0acf-4ad4-a759-213f58febbf0}\mpksle56add0a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e0e49630-0acf-4ad4-a759-213f58febbf0}\MpKsle56add0a.sys [?]

S1 MpKsle6a12a34;MpKsle6a12a34;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c71b6c5-ca7a-4181-b44e-21feca7eaeff}\mpksle6a12a34.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c71b6c5-ca7a-4181-b44e-21feca7eaeff}\MpKsle6a12a34.sys [?]

S1 MpKsle97fecd8;MpKsle97fecd8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c09ebf8-7393-40bf-a156-7464d0ee7e05}\mpksle97fecd8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c09ebf8-7393-40bf-a156-7464d0ee7e05}\MpKsle97fecd8.sys [?]

S1 MpKsleb4c9cc9;MpKsleb4c9cc9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{63ead3d6-b6a6-42c9-bc46-9381fafa9610}\mpksleb4c9cc9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{63ead3d6-b6a6-42c9-bc46-9381fafa9610}\MpKsleb4c9cc9.sys [?]

S1 MpKsled26e557;MpKsled26e557;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\mpksled26e557.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{540aa8e8-e1f2-4c27-aca7-4997d0dad929}\MpKsled26e557.sys [?]

S1 MpKsled588ed0;MpKsled588ed0;\??\c:\documents and settings\all users\application data\microsoft\

Link to comment
Share on other sites