Jump to content

Possible Rootkit?


caintry_boy
 Share

Recommended Posts

I run PCMatic and Supershield on my PC's but I also keep Malwarebytes and SUPERAntispyware on them....anyway I was just running SUPERAntispyware and it said that it had found a rootkit and to remove it click "OK". I had to click OK several times... :( Malwarebytes reported nothing... I suspect a false positive, but...

Here are the pertinent logs...

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/19/2012 at 06:25 PM

 

Application Version : 5.0.1144

 

Core Rules Database Version : 8260

Trace Rules Database Version: 6072

 

Scan type : Quick Scan

Total Scan Time : 00:02:30

 

Operating System Information

Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)

UAC Off - Administrator

 

Memory items scanned : 538

Memory threats detected : 0

Registry items scanned : 53273

Registry threats detected : 0

File items scanned : 10271

File threats detected : 16

 

Adware.Tracking Cookie

.imrworldwide.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

.imrworldwide.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

.accounts.google.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

.accounts.google.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

.accounts.google.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

accounts.youtube.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

.bizrate.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

accounts.google.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

accounts.google.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

.invitemedia.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

.invitemedia.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

.invitemedia.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

.liveperson.net [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

.liveperson.net [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

sales.liveperson.net [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

.leadformix.com [ C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTCOOKIES.SQLITE ]

 

 

 

________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:30:26 PM, on 2/19/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

C:Program Files (x86)PCPitstopPC MaticRTPCMaticRT.exe

C:UsersKarenDesktopHiJackThisHijackThis.exe

 

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.pcpitstop.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O4 - HKLM..Run: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

O4 - HKLM..Run: [PC MaticRT] C:Program Files (x86)PCPitstopPC MaticRTPCMaticRT.exe

O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE')

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...ols/pcmatic.cab

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE64.EXE

O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: PCPitstop Realtime - PC Pitstop LLC - C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe

O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe

O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)

O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)

O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

 

--

End of file - 5213 bytes

 

 

 

Thanks for looking...

 

 

 

 

:geezer:

Link to comment
Share on other sites

Hi. :)

 

I'll try to assist you caintry_boy...

 

I run PCMatic and Supershield on my PC's but I also keep Malwarebytes and SUPERAntispyware on them....anyway I was just running SUPERAntispyware and it said that it had found a rootkit and to remove it click "OK". I had to click OK several times... :( Malwarebytes reported nothing... I suspect a false positive, but...

Here are the pertinent logs...

Some friendly advice concerning both HJT and SAS, The former is way out of date now and not actually 64 bit Operating System compatible, so its scan results cannot be relied upon. The latter I am not a particular fan of and or use/advise anyone I assist. Basically the latter has a feature called boot-safe. If used on a infected machine can actually render it completely borked/unbootible plus the application is not particularly effective at all I have found against modern malware, nor has been for some time. So basically a waste of hard-drive space in my humble opinion.

 

Next:

 

I propose we run a few scans to check your machine as follows but do follow this advice(below) as a precaution OK...it is merely my generic advice for all I assist.

 

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

 

Because of this, I advise you to backup any personal files and folders before you start.

Scan with aswMBR:

 

Please download aswMBR.exe to your desktop.

 

  • Right-click onaswMBR.exe and select Run as Administrator to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

 

Scan with OTL:

 

Please download OTL and save it to your Desktop.

 

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • aswMBR Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
Link to comment
Share on other sites

PC seems to be running fine...

I did not know that HJT had gone Open Source...Is there a 64bit version available?

Here are the logs you requested:

 

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software

Run date: 2012-02-20 10:44:50

-----------------------------

10:44:50.232 OS Version: Windows x64 6.1.7601 Service Pack 1

10:44:50.232 Number of processors: 2 586 0x170A

10:44:50.232 ComputerName: POPEYE UserName: Karen

10:44:50.763 Initialize success

10:45:14.164 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0

10:45:14.180 Disk 0 Vendor: TOSHIBA_MK2555GSX FG001M Size: 238475MB BusType: 11

10:45:14.195 Disk 0 MBR read successfully

10:45:14.195 Disk 0 MBR scan

10:45:14.195 Disk 0 Windows 7 default MBR code

10:45:14.211 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

10:45:14.211 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 80012 MB offset 206848

10:45:14.242 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 80003 MB offset 164071845

10:45:14.242 Disk 0 Partition - 00 0F Extended LBA 78356 MB offset 327918780

10:45:14.258 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 78356 MB offset 327918843

10:45:14.258 Service scanning

10:45:52.587 Modules scanning

10:45:52.587 Disk 0 trace - called modules:

10:45:52.650 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

10:45:52.650 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa8002662060]

10:45:52.650 3 CLASSPNP.SYS[fffff880010c843f] -> nt!IofCallDriver -> [0xfffffa800215b520]

10:45:52.650 5 ACPI.sys[fffff88000d7a7a1] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-0[0xfffffa8002141680]

10:45:52.665 Scan finished successfully

10:47:00.634 Disk 0 MBR has been saved successfully to "C:UsersKarenDesktopMBR.dat"

10:47:00.634 The log file has been saved successfully to "C:UsersKarenDesktopaswMBR.txt"

 

 

____________________________________________________________

 

OTL logfile created on: 2/20/2012 10:50:30 AM - Run 1

OTL by OldTimer - Version 3.2.33.1 Folder = C:UsersKarenDesktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.87 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 60.54% Memory free

3.74 Gb Paging File | 2.96 Gb Available in Paging File | 79.10% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 78.14 Gb Total Space | 60.79 Gb Free Space | 77.80% Space Free | Partition Type: NTFS

Drive D: | 78.13 Gb Total Space | 78.04 Gb Free Space | 99.88% Space Free | Partition Type: NTFS

Drive E: | 76.52 Gb Total Space | 76.34 Gb Free Space | 99.77% Space Free | Partition Type: NTFS

Drive G: | 10.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: POPEYE | User Name: Karen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersKarenDesktopOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation)

PRC - C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)

PRC - C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe (PC Pitstop LLC)

PRC - C:Program Files (x86)PCPitstopPC MaticRTPCMaticRT.exe (PC Pitstop LLC)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms6c51e152e7404188914c9fa4d8503ff9System.Windows.Forms.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawingab87129c2b603f218e4aa5300c9b1bddSystem.Drawing.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Systemfaf4e8730ecbd07570111bb7c3b20565System.ni.dll ()

MOD - C:Program Files (x86)Mozilla Firefoxmozjs.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32mscorliba1a82db68b3badc7c27ea1f6579d22c5mscorlib.ni.dll ()

MOD - C:Program Files (x86)PCPitstopPC MaticRTpcmaticRTen.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:WindowsSysNativeappmgmts.dll (Microsoft Corporation)

SRV - (PCPitstop Scheduling) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC)

SRV - (PCPitstop Realtime) -- C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe (PC Pitstop LLC)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek )

DRV:64bit: - (epmntdrv) -- C:WindowsSysNativeepmntdrv.sys ()

DRV:64bit: - (EuGdiDrv) -- C:WindowsSysNativeEuGdiDrv.sys ()

DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:WindowsSysNativedriversrdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (sbapifs) -- C:WindowsSysNativedriverssbapifs.sys (Sunbelt Software)

DRV:64bit: - (vpcvmm) -- C:WindowsSysNativedriversvpcvmm.sys (Microsoft Corporation)

DRV:64bit: - (vpcbus) -- C:WindowsSysNativedriversvpchbus.sys (Microsoft Corporation)

DRV:64bit: - (vpcusb) -- C:WindowsSysNativedriversvpcusb.sys (Microsoft Corporation)

DRV:64bit: - (vpcnfltr) -- C:WindowsSysNativedriversvpcnfltr.sys (Microsoft Corporation)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (AgereSoftModem) -- C:WindowsSysNativedriversagrsm64.sys (LSI Corp)

DRV:64bit: - (igfx) -- C:WindowsSysNativedriversigdkmd64.sys (Intel Corporation)

DRV:64bit: - (RTL8187B) -- C:WindowsSysNativedriversRTL8187B.sys (Realtek Semiconductor Corporation )

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (epmntdrv) -- C:WindowsSysWOW64epmntdrv.sys ()

DRV - (EuGdiDrv) -- C:WindowsSysWOW64EuGdiDrv.sys ()

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

 

 

IE - HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

IE - HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

 

 

IE - HKUS-1-5-21-98291033-3037854141-3716342295-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.pcpitstop.com/

IE - HKUS-1-5-21-98291033-3037854141-3716342295-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKUS-1-5-21-98291033-3037854141-3716342295-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us

IE - HKUS-1-5-21-98291033-3037854141-3716342295-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = B0 A5 87 F8 5D E5 CC 01 [binary data]

IE - HKUS-1-5-21-98291033-3037854141-3716342295-1000SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://forums.pcpitstop.com"

FF - prefs.js..network.proxy.type: 0

 

FF:64bit: - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_1_102.dll File not found

FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.0.61118.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32.dll ()

FF - HKLMSoftwareMozillaPlugins@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.0.61118.0npctrl.dll ( Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 10.0.1extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/02/11 14:21:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 10.0.1extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Thunderbird 10.0extensionsComponents: C:Program Files (x86)Mozilla Thunderbirdcomponents [2012/02/11 14:15:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Thunderbird 10.0extensionsPlugins: C:Program Files (x86)Mozilla Thunderbirdplugins

 

[2012/02/06 07:42:53 | 000,000,000 | ---D | M] (No name found) -- C:UsersKarenAppDataRoamingMozillaExtensions

[2012/02/10 06:59:23 | 000,000,000 | ---D | M] (No name found) -- C:UsersKarenAppDataRoamingMozillaFirefoxProfilesyli39wc3.defaultextensions

[2012/02/06 07:49:07 | 000,000,000 | ---D | M] (Forecastfox) -- C:UsersKarenAppDataRoamingMozillaFirefoxProfilesyli39wc3.defaultextensions{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2012/02/06 07:47:31 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

() (No name found) -- C:USERSKARENAPPDATAROAMINGMOZILLAFIREFOXPROFILESYLI39WC3.DEFAULTEXTENSIONS{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/02/11 14:21:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll

[2012/01/29 07:36:35 | 000,002,252 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml

[2012/01/29 07:36:35 | 000,002,040 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml

 

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:WindowsSysNativedriversetchosts

O4 - HKLM..Run: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)

O4 - HKLM..Run: [PC MaticRT] C:Program Files (x86)PCPitstopPC MaticRTPCMaticRT.exe (PC Pitstop LLC)

O4 - HKUS-1-5-19..Run: [sidebar] C:Program Files (x86)Windows SidebarSidebar.exe (Microsoft Corporation)

O4 - HKUS-1-5-20..Run: [sidebar] C:Program Files (x86)Windows SidebarSidebar.exe (Microsoft Corporation)

O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktopChanges = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O7 - HKUS-1-5-21-98291033-3037854141-3716342295-1000SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{DE41CD11-68B9-4196-A79B-544C87DCAF3B}: DhcpNameServer = 192.168.0.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:WindowsSysWow64userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/20 10:43:18 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:UsersKarenDesktopOTL.exe

[2012/02/20 10:42:50 | 004,729,344 | ---- | C] (AVAST Software) -- C:UsersKarenDesktopaswMBR.exe

[2012/02/20 10:40:53 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro

[2012/02/20 10:40:53 | 000,000,000 | ---D | C] -- C:UsersKarenAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis

[2012/02/19 18:29:10 | 000,000,000 | ---D | C] -- C:UsersKarenDesktopHiJackThis

[2012/02/19 18:11:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:UsersKarenDesktopTFC.exe

[2012/02/19 18:04:29 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsjv16 PowerTools

[2012/02/19 18:04:28 | 000,000,000 | ---D | C] -- C:Program Files (x86)jv16 PowerTools

[2012/02/19 17:53:25 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64temp.00B

[2012/02/19 17:53:24 | 001,384,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64temp.009

[2012/02/19 17:53:24 | 000,614,672 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64temp.008

[2012/02/19 17:53:24 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64temp.007

[2012/02/19 17:53:24 | 000,143,632 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64temp.00A

[2012/02/19 17:53:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64temp.006

[2012/02/19 17:40:48 | 000,000,000 | ---D | C] -- C:Program Files (x86)directx

[2012/02/19 17:34:00 | 000,000,000 | ---D | C] -- C:UsersKarenAppDataRoamingMicrosoftWindowsStart MenuProgramsGames

[2012/02/19 17:33:46 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramseGames

[2012/02/19 17:33:45 | 001,384,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64temp.003

[2012/02/19 17:33:45 | 000,614,672 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64temp.002

[2012/02/19 17:33:45 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64temp.001

[2012/02/19 17:33:45 | 000,143,632 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64temp.004

[2012/02/19 17:33:45 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64Comdlg32.ocx

[2012/02/19 17:33:45 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64Vb6stkit.dll

[2012/02/19 17:33:45 | 000,082,960 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64Picclp32.ocx

[2012/02/19 17:33:45 | 000,070,088 | ---- | C] (xx) -- C:WindowsSysWow64Project2-1.ocx

[2012/02/19 17:33:45 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64temp.005

[2012/02/19 17:33:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64temp.000

[2012/02/19 17:33:37 | 000,000,000 | ---D | C] -- C:Program Files (x86)eGames

[2012/02/14 17:12:11 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll

[2012/02/14 17:12:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll

[2012/02/14 17:12:10 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll

[2012/02/14 17:12:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll

[2012/02/14 17:12:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll

[2012/02/14 17:12:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll

[2012/02/14 17:12:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll

[2012/02/14 17:12:09 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl

[2012/02/14 17:12:09 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl

[2012/02/14 17:12:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll

[2012/02/14 17:12:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll

[2012/02/14 16:55:36 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsvcrt.dll

[2012/02/11 14:27:45 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsEASEUS Partition Master 9.1.0 Home Edition

[2012/02/11 14:27:38 | 000,000,000 | ---D | C] -- C:Program Files (x86)EASEUS

[2012/02/11 14:15:50 | 000,000,000 | ---D | C] -- C:UsersKarenAppDataRoamingThunderbird

[2012/02/11 14:15:50 | 000,000,000 | ---D | C] -- C:UsersKarenAppDataLocalThunderbird

[2012/02/11 14:15:41 | 000,000,000 | ---D | C] -- C:Program Files (x86)Mozilla Thunderbird

[2012/02/10 21:02:22 | 000,000,000 | ---D | C] -- C:UsersKarenAppDataLocalElevatedDiagnostics

[2012/02/10 17:32:45 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsVopt 9

[2012/02/10 17:32:45 | 000,000,000 | ---D | C] -- C:ProgramDataGolden Bow Systems

[2012/02/10 17:32:45 | 000,000,000 | ---D | C] -- C:Program Files (x86)Golden Bow

[2012/02/10 17:23:35 | 000,000,000 | ---D | C] -- C:UsersKarenAppDataRoamingSUPERAntiSpyware.com

[2012/02/10 17:23:19 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSUPERAntiSpyware

[2012/02/10 17:23:16 | 000,000,000 | ---D | C] -- C:ProgramDataSUPERAntiSpyware.com

[2012/02/10 17:23:16 | 000,000,000 | ---D | C] -- C:Program FilesSUPERAntiSpyware

[2012/02/10 17:22:00 | 000,000,000 | ---D | C] -- C:UsersKarenAppDataRoamingMalwarebytes

[2012/02/10 17:21:48 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware

[2012/02/10 17:21:47 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys

[2012/02/10 17:21:47 | 000,000,000 | ---D | C] -- C:Program Files (x86)Malwarebytes' Anti-Malware

[2012/02/10 17:21:47 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes

[2012/02/10 17:19:40 | 000,000,000 | ---D | C] -- C:ProgramDataTEMP

[2012/02/10 17:19:33 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpywareBlaster

[2012/02/10 17:19:32 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64MSCOMCTL.OCX

[2012/02/10 17:19:32 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64MSSTDFMT.DLL

[2012/02/10 17:19:32 | 000,000,000 | ---D | C] -- C:Program Files (x86)SpywareBlaster

[2012/02/10 07:17:32 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsFoxit Reader 5.1

[2012/02/10 07:17:30 | 000,000,000 | ---D | C] -- C:Program Files (x86)Foxit Software

[2012/02/10 07:12:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64RegisterIEPKEYs.exe

[2012/02/10 07:12:48 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieapfltr.dat

[2012/02/10 07:12:48 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieapfltr.dll

[2012/02/10 07:12:48 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64html.iec

[2012/02/10 07:12:48 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64msrating.dll

[2012/02/10 07:12:48 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieakeng.dll

[2012/02/10 07:12:48 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64iepeers.dll

[2012/02/10 07:12:48 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64IEAdvpack.dll

[2012/02/10 07:12:48 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64iesysprep.dll

[2012/02/10 07:12:48 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64SetIEInstalledDate.exe

[2012/02/10 07:12:48 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ie4uinit.exe

[2012/02/10 07:12:48 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64tdc.ocx

[2012/02/10 07:12:48 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmler.dll

[2012/02/10 07:12:48 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64msfeedssync.exe

[2012/02/10 07:12:47 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wextract.exe

[2012/02/10 07:12:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64iexpress.exe

[2012/02/10 07:12:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieUnatt.exe

[2012/02/10 07:12:47 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64occache.dll

[2012/02/10 07:12:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inseng.dll

[2012/02/10 07:12:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64iesetup.dll

[2012/02/10 07:12:47 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64icardie.dll

[2012/02/10 07:12:47 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64pngfilt.dll

[2012/02/10 07:12:47 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64iernonce.dll

[2012/02/10 07:12:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64licmgr10.dll

[2012/02/10 07:12:46 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieaksie.dll

[2012/02/10 07:12:46 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsls31.dll

[2012/02/10 07:12:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsrating.dll

[2012/02/10 07:12:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieakui.dll

[2012/02/10 07:12:46 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64admparse.dll

[2012/02/10 07:12:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeRegisterIEPKEYs.exe

[2012/02/10 07:12:45 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieaksie.dll

[2012/02/10 07:12:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieUnatt.exe

[2012/02/10 07:12:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieakui.dll

[2012/02/10 07:12:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeoccache.dll

[2012/02/10 07:12:45 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeadmparse.dll

[2012/02/10 07:12:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativepngfilt.dll

[2012/02/10 07:12:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshta.exe

[2012/02/10 07:12:44 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieapfltr.dat

[2012/02/10 07:12:44 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieapfltr.dll

[2012/02/10 07:12:44 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedxtmsft.dll

[2012/02/10 07:12:44 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativehtml.iec

[2012/02/10 07:12:44 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedxtrans.dll

[2012/02/10 07:12:44 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieakeng.dll

[2012/02/10 07:12:44 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeiepeers.dll

[2012/02/10 07:12:44 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeIEAdvpack.dll

[2012/02/10 07:12:44 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeiesysprep.dll

[2012/02/10 07:12:44 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeSetIEInstalledDate.exe

[2012/02/10 07:12:44 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeie4uinit.exe

[2012/02/10 07:12:44 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeiesetup.dll

[2012/02/10 07:12:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeicardie.dll

[2012/02/10 07:12:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetdc.ocx

[2012/02/10 07:12:44 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeimgutil.dll

[2012/02/10 07:12:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmler.dll

[2012/02/10 07:12:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeiernonce.dll

[2012/02/10 07:12:44 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeedssync.exe

[2012/02/10 07:12:43 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll

[2012/02/10 07:12:43 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevbscript.dll

[2012/02/10 07:12:43 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeiexpress.exe

[2012/02/10 07:12:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewextract.exe

[2012/02/10 07:12:43 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinseng.dll

[2012/02/10 07:12:43 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativelicmgr10.dll

[2012/02/10 06:48:01 | 000,000,000 | ---D | C] -- C:WindowsSysNativeSPReview

[2012/02/10 06:47:06 | 000,000,000 | ---D | C] -- C:WindowsSysNativeEventProviders

[2012/02/10 06:44:05 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedfshim.dll

[2012/02/10 06:44:05 | 000,048,976 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativenetfxperf.dll

[2012/02/10 06:43:56 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64dfshim.dll

[2012/02/10 06:43:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversTsUsbFlt.sys

[2012/02/10 06:43:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeTsUsbRedirectionGroupPolicyExtension.dll

[2012/02/10 06:43:51 | 003,715,584 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemstscax.dll

[2012/02/10 06:43:51 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived3d10warp.dll

[2012/02/10 06:43:48 | 003,215,872 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mstscax.dll

[2012/02/10 06:43:44 | 001,109,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcorets.dll

[2012/02/10 06:43:44 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mfc40.dll

[2012/02/10 06:43:44 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mfc40u.dll

[2012/02/10 06:43:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetssrvlic.dll

[2012/02/10 06:43:42 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeXpsPrint.dll

[2012/02/10 06:43:42 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64pmcsnap.dll

[2012/02/10 06:43:41 | 014,633,472 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewmp.dll

[2012/02/10 06:43:41 | 002,314,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetquery.dll

[2012/02/10 06:43:40 | 003,205,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemmcndmgr.dll

[2012/02/10 06:43:40 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemssrch.dll

[2012/02/10 06:43:40 | 000,902,144 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived2d1.dll

[2012/02/10 06:43:40 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64XpsPrint.dll

[2012/02/10 06:43:39 | 004,120,064 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemf.dll

[2012/02/10 06:43:39 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesecproc_isv.dll

[2012/02/10 06:43:39 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeRMActivate_isv.exe

[2012/02/10 06:43:38 | 003,008,000 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativexpsservices.dll

[2012/02/10 06:43:38 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesecproc.dll

[2012/02/10 06:43:38 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64secproc_isv.dll

[2012/02/10 06:43:38 | 000,359,424 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeRMActivate.exe

[2012/02/10 06:43:37 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64RMActivate_isv.exe

[2012/02/10 06:43:36 | 001,219,584 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerpcrt4.dll

[2012/02/10 06:43:36 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64secproc.dll

[2012/02/10 06:43:36 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64RMActivate.exe

[2012/02/10 06:43:35 | 002,086,912 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeole32.dll

[2012/02/10 06:43:35 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ppcsnap.dll

[2012/02/10 06:43:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64PushPrinterConnections.exe

[2012/02/10 06:43:34 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeesent.dll

[2012/02/10 06:43:34 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativespwizui.dll

[2012/02/10 06:43:33 | 001,556,992 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeRacEngn.dll

[2012/02/10 06:43:33 | 001,340,416 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativediagperf.dll

[2012/02/10 06:43:33 | 001,197,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetaskschd.dll

[2012/02/10 06:43:32 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mf.dll

[2012/02/10 06:43:32 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeExplorerFrame.dll

[2012/02/10 06:43:32 | 001,753,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevssapi.dll

[2012/02/10 06:43:30 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeUIRibbon.dll

[2012/02/10 06:43:30 | 002,872,320 | ---- | C] (Microsoft Corporation) -- C:Windowsexplorer.exe

[2012/02/10 06:43:30 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mssrch.dll

[2012/02/10 06:43:30 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64CertEnroll.dll

[2012/02/10 06:43:30 | 001,326,080 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeNaturalLanguage6.dll

[2012/02/10 06:43:30 | 000,299,392 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemcupdate_GenuineIntel.dll

[2012/02/10 06:43:29 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wmp.dll

[2012/02/10 06:43:28 | 003,027,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeWMVCORE.DLL

[2012/02/10 06:43:28 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64esent.dll

[2012/02/10 06:43:28 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeDWrite.dll

[2012/02/10 06:43:28 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativePresentationHost.exe

[2012/02/10 06:43:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64PresentationHost.exe

[2012/02/10 06:43:28 | 000,109,928 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativePresentationHostProxy.dll

[2012/02/10 06:43:28 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64PresentationHostProxy.dll

[2012/02/10 06:43:27 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeCertEnroll.dll

[2012/02/10 06:43:27 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativespinstall.exe

[2012/02/10 06:43:27 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativespreview.exe

[2012/02/10 06:43:27 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpdd.dll

[2012/02/10 06:43:27 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpudd.dll

[2012/02/10 06:43:26 | 003,957,760 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeWinSAT.exe

[2012/02/10 06:43:26 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived3d9.dll

[2012/02/10 06:43:26 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeWMVDECOD.DLL

[2012/02/10 06:43:26 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64tquery.dll

[2012/02/10 06:43:25 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64RacEngn.dll

[2012/02/10 06:43:24 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64AuthFWSnapin.dll

[2012/02/10 06:43:24 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeAuthFWSnapin.dll

[2012/02/10 06:43:24 | 000,867,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeSearchFolder.dll

[2012/02/10 06:43:23 | 001,632,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedwmcore.dll

[2012/02/10 06:43:22 | 003,391,488 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedbgeng.dll

[2012/02/10 06:43:22 | 001,456,128 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecrypt32.dll

[2012/02/10 06:43:22 | 000,079,232 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rdvgumd32.dll

[2012/02/10 06:43:21 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ExplorerFrame.dll

[2012/02/10 06:43:20 | 000,958,464 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeactxprxy.dll

[2012/02/10 06:43:20 | 000,784,896 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativegpprefcl.dll

[2012/02/10 06:43:20 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeTSWorkspace.dll

[2012/02/10 06:43:19 | 001,116,672 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemstsc.exe

[2012/02/10 06:43:19 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeXpsGdiConverter.dll

[2012/02/10 06:43:18 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64explorer.exe

[2012/02/10 06:43:18 | 001,244,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeimapi2fs.dll

[2012/02/10 06:43:18 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativepropsys.dll

[2012/02/10 06:43:18 | 000,787,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived3d11.dll

[2012/02/10 06:43:18 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativenetlogon.dll

[2012/02/10 06:43:17 | 001,900,544 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesetupapi.dll

[2012/02/10 06:43:17 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64taskschd.dll

[2012/02/10 06:43:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativePushPrinterConnections.exe

[2012/02/10 06:43:16 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeauthui.dll

[2012/02/10 06:43:16 | 001,281,024 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewerconcpl.dll

[2012/02/10 06:43:16 | 001,049,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mstsc.exe

[2012/02/10 06:43:16 | 001,008,128 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeuser32.dll

[2012/02/10 06:43:16 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeodbc32.dll

[2012/02/10 06:43:16 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetaskeng.exe

[2012/02/10 06:43:15 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecertmgr.dll

[2012/02/10 06:43:15 | 000,376,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversnetio.sys

[2012/02/10 06:43:15 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeLSCSHostPolicy.dll

[2012/02/10 06:43:14 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativelocalspl.dll

[2012/02/10 06:43:14 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativePortableDeviceApi.dll

[2012/02/10 06:43:14 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsdrm.dll

[2012/02/10 06:43:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wer.dll

[2012/02/10 06:43:14 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64certcli.dll

[2012/02/10 06:43:14 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetsmf.dll

[2012/02/10 06:43:14 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativencsi.dll

[2012/02/10 06:43:14 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativescavengeui.dll

[2012/02/10 06:43:13 | 002,652,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativenetshell.dll

[2012/02/10 06:43:13 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsdtctm.dll

[2012/02/10 06:43:13 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64dwmcore.dll

[2012/02/10 06:43:13 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64odbc32.dll

[2012/02/10 06:43:13 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeshlwapi.dll

[2012/02/10 06:43:13 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpshell.exe

[2012/02/10 06:43:13 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeframedynos.dll

[2012/02/10 06:43:12 | 000,800,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeusp10.dll

[2012/02/10 06:43:12 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedxgi.dll

[2012/02/10 06:43:12 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecomdlg32.dll

[2012/02/10 06:43:12 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewmicmiplugin.dll

[2012/02/10 06:43:12 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativenetcfgx.dll

[2012/02/10 06:43:12 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeappmgr.dll

[2012/02/10 06:43:12 | 000,390,656 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinlogon.exe

[2012/02/10 06:43:12 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativelsm.exe

[2012/02/10 06:43:12 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativews2_32.dll

[2012/02/10 06:43:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64tcpmonui.dll

[2012/02/10 06:43:11 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64TSWorkspace.dll

[2012/02/10 06:43:11 | 000,481,280 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewmpps.dll

[2012/02/10 06:43:11 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeapphelp.dll

[2012/02/10 06:43:11 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived3d10_1core.dll

[2012/02/10 06:43:11 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:WindowsSysNativedriversamdsata.sys

[2012/02/10 06:43:10 | 002,543,616 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewpdshext.dll

[2012/02/10 06:43:10 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeQuery.dll

[2012/02/10 06:43:10 | 000,897,536 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeazroles.dll

[2012/02/10 06:43:10 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedrvstore.dll

[2012/02/10 06:43:10 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64XpsGdiConverter.dll

[2012/02/10 06:43:10 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64tsmf.dll

[2012/02/10 06:43:10 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeQAGENT.DLL

[2012/02/10 06:43:10 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64dot3api.dll

[2012/02/10 06:43:09 | 001,098,240 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeVault.dll

[2012/02/10 06:43:09 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesamsrv.dll

[2012/02/10 06:43:09 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecmd.exe

[2012/02/10 06:43:09 | 000,281,600 | ---- | C] (Microsoft) -- C:WindowsSysNativeDShowRdpFilter.dll

[2012/02/10 06:43:08 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64dbgeng.dll

[2012/02/10 06:43:08 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemssvp.dll

[2012/02/10 06:43:08 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewin32spl.dll

[2012/02/10 06:43:08 | 000,653,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativelpksetup.exe

[2012/02/10 06:43:08 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64d3d11.dll

[2012/02/10 06:43:08 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64netcfgx.dll

[2012/02/10 06:43:08 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpclip.exe

[2012/02/10 06:43:07 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64WMVDECOD.DLL

[2012/02/10 06:43:07 | 001,190,400 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeWindowsCodecs.dll

[2012/02/10 06:43:06 | 001,808,384 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativepnidui.dll

[2012/02/10 06:43:06 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeipsmsnap.dll

[2012/02/10 06:43:06 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64gpprefcl.dll

[2012/02/10 06:43:06 | 000,582,656 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesxs.dll

[2012/02/10 06:43:06 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetaskcomp.dll

[2012/02/10 06:43:06 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemfds.dll

[2012/02/10 06:43:06 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeWldap32.dll

[2012/02/10 06:43:06 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemcbuilder.exe

[2012/02/10 06:43:06 | 000,252,928 | ---- | C] (Microsoft) -- C:WindowsSysWow64DShowRdpFilter.dll

[2012/02/10 06:43:06 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecscobj.dll

[2012/02/10 06:43:06 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64upnp.dll

[2012/02/10 06:43:06 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversstorport.sys

[2012/02/10 06:43:05 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mmcndmgr.dll

[2012/02/10 06:43:05 | 001,158,656 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewebservices.dll

[2012/02/10 06:43:05 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64imapi2fs.dll

[2012/02/10 06:43:05 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativehgprint.dll

[2012/02/10 06:43:05 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpendp.dll

[2012/02/10 06:43:05 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64netfxperf.dll

[2012/02/10 06:43:04 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64authui.dll

[2012/02/10 06:43:04 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesqlsrv32.dll

[2012/02/10 06:43:04 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativegdi32.dll

[2012/02/10 06:43:04 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativefveapi.dll

[2012/02/10 06:43:04 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinsta.dll

[2012/02/10 06:43:04 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mcbuilder.exe

[2012/02/10 06:43:04 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeprncache.dll

[2012/02/10 06:43:04 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedot3api.dll

[2012/02/10 06:43:03 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64certmgr.dll

[2012/02/10 06:43:03 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewlanpref.dll

[2012/02/10 06:43:03 | 001,243,136 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeWMNetMgr.dll

[2012/02/10 06:43:03 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemcmde.dll

[2012/02/10 06:43:03 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewuapi.dll

[2012/02/10 06:43:03 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeschtasks.exe

[2012/02/10 06:43:02 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64xpsservices.dll

[2012/02/10 06:43:02 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeevr.dll

[2012/02/10 06:43:02 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativephotowiz.dll

[2012/02/10 06:43:02 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64drvstore.dll

[2012/02/10 06:43:02 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevpnike.dll

[2012/02/10 06:43:02 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewintrust.dll

[2012/02/10 06:43:02 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetspubwmi.dll

[2012/02/10 06:43:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeuserenv.dll

[2012/02/10 06:43:01 | 002,262,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeSyncCenter.dll

[2012/02/10 06:43:01 | 002,072,576 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeWMPEncEn.dll

[2012/02/10 06:43:01 | 001,082,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesppobjs.dll

[2012/02/10 06:43:01 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewmpmde.dll

[2012/02/10 06:43:01 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewmpeffects.dll

[2012/02/10 06:43:01 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeaepdu.dll

[2012/02/10 06:43:01 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64cmd.exe

[2012/02/10 06:43:01 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeAudioSes.dll

[2012/02/10 06:43:01 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeframedyn.dll

[2012/02/10 06:43:00 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64win32spl.dll

[2012/02/10 06:43:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeaeinv.dll

[2012/02/10 06:43:00 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemfreadwrite.dll

[2012/02/10 06:43:00 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevmicsvc.exe

[2012/02/10 06:43:00 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64framedynos.dll

[2012/02/10 06:43:00 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetscfgwmi.dll

[2012/02/10 06:43:00 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpinit.exe

[2012/02/10 06:43:00 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativefde.dll

[2012/02/10 06:42:59 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativelocalsec.dll

[2012/02/10 06:42:59 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeimapi2.dll

[2012/02/10 06:42:59 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeWinSATAPI.dll

[2012/02/10 06:42:59 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativenetdiagfx.dll

[2012/02/10 06:42:59 | 000,298,104 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativebcryptprimitives.dll

[2012/02/10 06:42:59 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mfds.dll

[2012/02/10 06:42:59 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativestobject.dll

[2012/02/10 06:42:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecredui.dll

[2012/02/10 06:42:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecdd.dll

[2012/02/10 06:42:59 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rdpendp.dll

[2012/02/10 06:42:58 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64azroles.dll

[2012/02/10 06:42:58 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativebiocpl.dll

[2012/02/10 06:42:58 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecscui.dll

[2012/02/10 06:42:58 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64appmgr.dll

[2012/02/10 06:42:58 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetcpipcfg.dll

[2012/02/10 06:42:58 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativespp.dll

[2012/02/10 06:42:58 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeQSHVHOST.DLL

[2012/02/10 06:42:58 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetpp.dll

[2012/02/10 06:42:58 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativenetid.dll

[2012/02/10 06:42:58 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ncsi.dll

[2012/02/10 06:42:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedavclnt.dll

[2012/02/10 06:42:57 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64themeui.dll

[2012/02/10 06:42:57 | 002,746,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativegameux.dll

[2012/02/10 06:42:57 | 001,050,624 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeprintui.dll

[2012/02/10 06:42:57 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemspbda.dll

[2012/02/10 06:42:57 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsinfo32.exe

[2012/02/10 06:42:57 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativescansetting.dll

[2012/02/10 06:42:56 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsdri.dll

[2012/02/10 06:42:56 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativePhotoScreensaver.scr

[2012/02/10 06:42:56 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewusa.exe

[2012/02/10 06:42:56 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeIPHLPAPI.DLL

[2012/02/10 06:42:56 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeaitagent.exe

[2012/02/10 06:42:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:Windowssplwow64.exe

[2012/02/10 06:42:55 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemscms.dll

[2012/02/10 06:42:55 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeAdmTmpl.dll

[2012/02/10 06:42:55 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mfreadwrite.dll

[2012/02/10 06:42:55 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerpchttp.dll

[2012/02/10 06:42:55 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64basecsp.dll

[2012/02/10 06:42:54 | 003,211,776 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsi.dll

[2012/02/10 06:42:54 | 000,934,912 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeFirewallControlPanel.dll

[2012/02/10 06:42:54 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64dbghelp.dll

[2012/02/10 06:42:54 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64evr.dll

[2012/02/10 06:42:54 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinspool.drv

[2012/02/10 06:42:54 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewisptis.exe

[2012/02/10 06:42:54 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64taskcomp.dll

[2012/02/10 06:42:54 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeXpsRasterService.dll

[2012/02/10 06:42:54 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativePkgMgr.exe

[2012/02/10 06:42:54 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeocsetup.exe

[2012/02/10 06:42:53 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcore.dll

[2012/02/10 06:42:53 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64calc.exe

[2012/02/10 06:42:53 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeDXP.dll

[2012/02/10 06:42:53 | 000,418,816 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesppwinob.dll

[2012/02/10 06:42:53 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64WinSATAPI.dll

[2012/02/10 06:42:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeocsetapi.dll

[2012/02/10 06:42:52 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64UIRibbon.dll

[2012/02/10 06:42:52 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemmsys.cpl

[2012/02/10 06:42:52 | 000,780,008 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeci.dll

[2012/02/10 06:42:52 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64sqlsrv32.dll

[2012/02/10 06:42:52 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentshrui.dll

[2012/02/10 06:42:52 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeeapp3hst.dll

[2012/02/10 06:42:52 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeeapphost.dll

[2012/02/10 06:42:52 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeupnp.dll

[2012/02/10 06:42:52 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemprapi.dll

[2012/02/10 06:42:52 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativet2embed.dll

[2012/02/10 06:42:52 | 000,128,000 | ---- | C] (Microsoft) -- C:WindowsSysNativeRobocopy.exe

[2012/02/10 06:42:52 | 000,078,720 | ---- | C] (Hewlett-Packard Company) -- C:WindowsSysNativedriversHpSAMD.sys

[2012/02/10 06:42:51 | 002,494,464 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64netshell.dll

[2012/02/10 06:42:51 | 001,457,664 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeDxpTaskSync.dll

[2012/02/10 06:42:51 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativePerfCenterCPL.dll

[2012/02/10 06:42:51 | 000,263,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativehal.dll

[2012/02/10 06:42:51 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativethumbcache.dll

[2012/02/10 06:42:50 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativethemeui.dll

[2012/02/10 06:42:50 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeMSMPEG2ENC.DLL

[2012/02/10 06:42:50 | 000,932,352 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64printui.dll

[2012/02/10 06:42:50 | 000,675,328 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeDXPTaskRingtone.dll

[2012/02/10 06:42:50 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativescrptadm.dll

[2012/02/10 06:42:50 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativepuiobj.dll

[2012/02/10 06:42:50 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeonex.dll

[2012/02/10 06:42:50 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativescecli.dll

[2012/02/10 06:42:50 | 000,179,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversClasspnp.sys

[2012/02/10 06:42:50 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedwmredir.dll

[2012/02/10 06:42:50 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64prncache.dll

[2012/02/10 06:42:50 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsasn1.dll

[2012/02/10 06:42:50 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:WindowsSysNativedriversamdxata.sys

[2012/02/10 06:42:49 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wmpeffects.dll

[2012/02/10 06:42:49 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeaaclient.dll

[2012/02/10 06:42:49 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64net1.exe

[2012/02/10 06:42:49 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rpchttp.dll

[2012/02/10 06:42:48 | 001,363,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewdc.dll

[2012/02/10 06:42:48 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsftedit.dll

[2012/02/10 06:42:48 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewlangpui.dll

[2012/02/10 06:42:48 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativescesrv.dll

[2012/02/10 06:42:48 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversusbport.sys

[2012/02/10 06:42:48 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64scansetting.dll

[2012/02/10 06:42:47 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativenetcenter.dll

[2012/02/10 06:42:47 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesdengin2.dll

[2012/02/10 06:42:47 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeVAN.dll

[2012/02/10 06:42:47 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeStructuredQuery.dll

[2012/02/10 06:42:47 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewiadefui.dll

[2012/02/10 06:42:47 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeSndVol.exe

[2012/02/10 06:42:47 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedskquoui.dll

[2012/02/10 06:42:47 | 000,067,584 |

Link to comment
Share on other sites

Hi. :)

 

PC seems to be running fine...

Good and thanks for the update.

 

Your machine would probably benefit from some upgraded memory modules as you are probably aware but the actual load at present does not appear to be a actual issue as far as I can tell. So merely view this as friendly advice.

 

I did not know that HJT had gone Open Source...Is there a 64bit version available?

No there is not as far as I am aware and as mentioned prior the current version is not 64 bit Operating System compatible. I personally doubt TM will be upgrading it any time soon, so with that in mind giving today's various malware strains as a detection/scan and or providing accurate information about the aforementioned 64 bit Operating System(s). It is basically obsolete from a Anti-Malware point of view in my humble opinion.

 

Next:

 

Back to the actual topic at hand/your machine...I am not seeing anything nefarious to be honest. Which we can take as a positive sign.

 

Anyway lets proceed as follows shall we...Are you using a custom Host-File at all? If so omit:-

 

[ResetHosts]

 

From the Custom OTL Script below.

 

Backup the Registry:

 

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:WINDOWSERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

 

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL

O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

@Alternate Data Stream - 105 bytes -> C:ProgramDataTEMP:5C321E34

 

:Files

ipconfig /flushdns /c

 

:Commands

[Purity]

[ResetHosts]

[EmptyTemp]

[CreateRestorePoint]

[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

 

ESET Online Scanner:

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

 

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:Program Files (x86)/ESET/ESET Online Scannerlog.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Eset Log.
Link to comment
Share on other sites

Laptop is running fine...here are the logs:

 

All processes killed

========== OTL ==========

Registry value HKEY_USERSS-1-5-19SoftwareMicrosoftWindowsCurrentVersionRunOncemctadmin deleted successfully.

Registry value HKEY_USERSS-1-5-20SoftwareMicrosoftWindowsCurrentVersionRunOncemctadmin deleted successfully.

ADS C:ProgramDataTEMP:5C321E34 deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:UsersKarenDesktopcmd.bat deleted successfully.

C:UsersKarenDesktopcmd.txt deleted successfully.

========== COMMANDS ==========

C:WindowsSystem32driversetcHosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Karen

->Temp folder emptied: 489472 bytes

->Temporary Internet Files folder emptied: 60226 bytes

->FireFox cache emptied: 79019758 bytes

->Flash cache emptied: 1873 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 76.00 mb

 

Error creating restore point.

 

OTL by OldTimer - Version 3.2.33.1 log created on 02212012_080914

 

FilesFolders moved on Reboot...

C:UsersKarenAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.

 

Registry entries deleted on Reboot...

 

______________________________________________________

 

Eset found this:

 

C:WindowsSetupSCRIPTSActivation Report.exe a variant of Win32/HiddenStart.A application

 

 

 

 

 

 

:geezer:

Link to comment
Share on other sites

Hi. :)

 

Laptop is running fine...

Good.

 

The log from the custom OTL script has reported the following:-

 

Error creating restore point.

So please check for me that System Restore is enabled on the system:-

 

Right-click on the desktop icon Computer and select Properties >> System Protection >> if disabled, enable it/create a restore point etc.

 

Alternatively check as follows...

 

Start(Windows 7 Orb) >> Accessories >> System Tools >> System Restore >> follow the prompts to enable if it is not/create a restore point etc.

 

Next:

 

Eset found this:

 

C:WindowsSetupSCRIPTSActivation Report.exe a variant of Win32/HiddenStart.A application

I would like to review a complete log(if available)...It can be found:-

 

C:Program Files (x86)/ESET/ESET Online Scannerlog.txt.

 

Scan with RogueKiller:

 

Please download RogueKiller to your desktop

 

Alternate download is here.

  • Quit all running programs
  • Right-click on RogueKiller.exe and select Run as Administrator to start the application.
  • Let the pre-scan complete, then click on the Scan tab
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

 

When completed the above, please post back the following in the order asked for:

 

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Is SR working or did you need to activate System Restore/create a SR point.
  • Full Eset log(if available).
  • RogueKiller Log.
Link to comment
Share on other sites

Laptop is running fine. I had disabled System Restore but re-activated it and created a restore point. I had clicked on the "Uninstall Eset" yesterday after I saved the snippet to desktop, but still had the installer so I reinstalled and ran the scan again. Logs follow:

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f134ed445c228d4c9d99774a90abbbaf

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-02-22 01:04:00

# local_time=2012-02-22 07:04:00 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 0 81457743 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=87286

# found=1

# cleaned=0

# scan_time=1547

C:WindowsSetupSCRIPTSActivation Report.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I

 

 

 

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Karen [Admin rights]

Mode: Scan -- Date: 02/22/2012 07:09:36

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 5 ¤¤¤

[HJ] HKLM[...]System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM[...]System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKLM[...]System : EnableLUA (0) -> FOUND

[HJ] HKLM[...]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM[...]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [NOT LOADED] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

ÿþ1

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: TOSHIBA MK2555GSX ATA Device +++++

--- User ---

[MBR] 6ba8915b25e41991b644a45cfabe34b1

[bSP] 55ab3739489937f846f1241056ab210e : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 80012 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 164071845 | Size: 80003 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 327918780 | Size: 78356 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1].txt >>

RKreport[1].txt

 

 

 

 

 

 

 

 

:geezer:

Link to comment
Share on other sites

Hi. :)

 

Laptop is running fine.

Good.

 

I had disabled System Restore but re-activated it and created a restore point.

Fair play.

 

I had clicked on the "Uninstall Eset" yesterday after I saved the snippet to desktop, but still had the installer so I reinstalled and ran the scan again.

OK. The log does not appear to be complete, not a problem however and no need to run the scan again. Regarding what was detected last time could be what is known as a False Positive detection. However to err on the side of caution I would like for you to upload the file to be checked please as follows...

 

Hidden files on your system should be visible courtesy of the initial OTL scan(then reset to default again when we remove OTL), if in the event they are not merely carry out the below first.

  • Click Start(Windows 7 Orb).
  • Open Computer.
  • Press the ALT key.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click on Apply then OK.
Now please go to my file submission channel here.

 

Next to the box:- Link to topic where this file was requested: Add in the below:-

 

http://forums.pcpitstop.com/index.php?/topic/198186-possible-rootkit/

Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

 

C:WindowsSetupSCRIPTSActivation Report.exe

 

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

 

Scan with TDSSKiller:

 

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Right-click on TDSSKiller.exe to launch it.
  • When the window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:
  • To find the log go to Start(Windows 7 Orb) > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
Link to comment
Share on other sites

File has been uploaded. Here's the TDSS log:

 

06:55:42.0350 0316 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

06:55:42.0802 0316 ============================================================

06:55:42.0802 0316 Current date / time: 2012/02/23 06:55:42.0802

06:55:42.0802 0316 SystemInfo:

06:55:42.0802 0316

06:55:42.0802 0316 OS Version: 6.1.7601 ServicePack: 1.0

06:55:42.0802 0316 Product type: Workstation

06:55:42.0802 0316 ComputerName: POPEYE

06:55:42.0802 0316 UserName: Karen

06:55:42.0802 0316 Windows directory: C:Windows

06:55:42.0802 0316 System windows directory: C:Windows

06:55:42.0802 0316 Running under WOW64

06:55:42.0802 0316 Processor architecture: Intel x64

06:55:42.0802 0316 Number of processors: 2

06:55:42.0802 0316 Page size: 0x1000

06:55:42.0802 0316 Boot type: Normal boot

06:55:42.0802 0316 ============================================================

06:55:43.0988 0316 Drive DeviceHarddisk0DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

06:55:43.0988 0316 DeviceHarddisk0DR0:

06:55:43.0988 0316 MBR used

06:55:43.0988 0316 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

06:55:43.0988 0316 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C461A5

06:55:43.0988 0316 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x9C789A5, BlocksNum 0x9C41B17

06:55:44.0019 0316 DeviceHarddisk0DR0Partition3: MBR, Type 0x7, StartLBA 0x138BA4FB, BlocksNum 0x990A086

06:55:44.0112 0316 Initialize success

06:55:44.0112 0316 ============================================================

06:56:43.0361 0924 ============================================================

06:56:43.0361 0924 Scan started

06:56:43.0361 0924 Mode: Manual; SigCheck; TDLFS;

06:56:43.0361 0924 ============================================================

06:56:43.0689 0924 1394ohci (a87d604aea360176311474c87a63bb88) C:Windowssystem32drivers1394ohci.sys

06:56:43.0783 0924 1394ohci - ok

06:56:43.0892 0924 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:Windowssystem32driversACPI.sys

06:56:43.0907 0924 ACPI - ok

06:56:44.0017 0924 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:Windowssystem32driversacpipmi.sys

06:56:44.0079 0924 AcpiPmi - ok

06:56:44.0204 0924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:Windowssystem32DRIVERSadp94xx.sys

06:56:44.0219 0924 adp94xx - ok

06:56:44.0329 0924 adpahci (597f78224ee9224ea1a13d6350ced962) C:Windowssystem32DRIVERSadpahci.sys

06:56:44.0344 0924 adpahci - ok

06:56:44.0469 0924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:Windowssystem32DRIVERSadpu320.sys

06:56:44.0500 0924 adpu320 - ok

06:56:44.0625 0924 AFD (1c7857b62de5994a75b054a9fd4c3825) C:Windowssystem32driversafd.sys

06:56:44.0687 0924 AFD - ok

06:56:44.0812 0924 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:Windowssystem32DRIVERSagrsm64.sys

06:56:44.0890 0924 AgereSoftModem - ok

06:56:44.0999 0924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:Windowssystem32driversagp440.sys

06:56:45.0015 0924 agp440 - ok

06:56:45.0140 0924 aliide (5812713a477a3ad7363c7438ca2ee038) C:Windowssystem32driversaliide.sys

06:56:45.0155 0924 aliide - ok

06:56:45.0265 0924 amdide (1ff8b4431c353ce385c875f194924c0c) C:Windowssystem32driversamdide.sys

06:56:45.0280 0924 amdide - ok

06:56:45.0389 0924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:Windowssystem32DRIVERSamdk8.sys

06:56:45.0452 0924 AmdK8 - ok

06:56:45.0561 0924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:Windowssystem32DRIVERSamdppm.sys

06:56:45.0608 0924 AmdPPM - ok

06:56:45.0733 0924 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:Windowssystem32driversamdsata.sys

06:56:45.0748 0924 amdsata - ok

06:56:45.0857 0924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:Windowssystem32DRIVERSamdsbs.sys

06:56:45.0873 0924 amdsbs - ok

06:56:45.0967 0924 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:Windowssystem32driversamdxata.sys

06:56:45.0982 0924 amdxata - ok

06:56:46.0091 0924 AppID (89a69c3f2f319b43379399547526d952) C:Windowssystem32driversappid.sys

06:56:46.0263 0924 AppID - ok

06:56:46.0372 0924 arc (c484f8ceb1717c540242531db7845c4e) C:Windowssystem32DRIVERSarc.sys

06:56:46.0388 0924 arc - ok

06:56:46.0497 0924 arcsas (019af6924aefe7839f61c830227fe79c) C:Windowssystem32DRIVERSarcsas.sys

06:56:46.0513 0924 arcsas - ok

06:56:46.0606 0924 AsyncMac (769765ce2cc62867468cea93969b2242) C:Windowssystem32DRIVERSasyncmac.sys

06:56:46.0747 0924 AsyncMac - ok

06:56:46.0856 0924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:Windowssystem32driversatapi.sys

06:56:46.0871 0924 atapi - ok

06:56:46.0996 0924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:Windowssystem32DRIVERSbxvbda.sys

06:56:47.0043 0924 b06bdrv - ok

06:56:47.0152 0924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:Windowssystem32DRIVERSb57nd60a.sys

06:56:47.0183 0924 b57nd60a - ok

06:56:47.0308 0924 Beep (16a47ce2decc9b099349a5f840654746) C:Windowssystem32driversBeep.sys

06:56:47.0355 0924 Beep - ok

06:56:47.0464 0924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:Windowssystem32DRIVERSblbdrive.sys

06:56:47.0495 0924 blbdrive - ok

06:56:47.0605 0924 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:Windowssystem32DRIVERSbowser.sys

06:56:47.0651 0924 bowser - ok

06:56:47.0761 0924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:Windowssystem32DRIVERSBrFiltLo.sys

06:56:47.0823 0924 BrFiltLo - ok

06:56:47.0917 0924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:Windowssystem32DRIVERSBrFiltUp.sys

06:56:47.0932 0924 BrFiltUp - ok

06:56:48.0041 0924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:WindowsSystem32DriversBrserid.sys

06:56:48.0088 0924 Brserid - ok

06:56:48.0182 0924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:WindowsSystem32DriversBrSerWdm.sys

06:56:48.0213 0924 BrSerWdm - ok

06:56:48.0322 0924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:WindowsSystem32DriversBrUsbMdm.sys

06:56:48.0369 0924 BrUsbMdm - ok

06:56:48.0463 0924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:WindowsSystem32DriversBrUsbSer.sys

06:56:48.0494 0924 BrUsbSer - ok

06:56:48.0603 0924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:Windowssystem32DRIVERSbthmodem.sys

06:56:48.0650 0924 BTHMODEM - ok

06:56:48.0775 0924 cdfs (b8bd2bb284668c84865658c77574381a) C:Windowssystem32DRIVERScdfs.sys

06:56:48.0821 0924 cdfs - ok

06:56:48.0915 0924 cdrom (f036ce71586e93d94dab220d7bdf4416) C:Windowssystem32driverscdrom.sys

06:56:48.0962 0924 cdrom - ok

06:56:49.0071 0924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:Windowssystem32DRIVERScirclass.sys

06:56:49.0118 0924 circlass - ok

06:56:49.0211 0924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:Windowssystem32CLFS.sys

06:56:49.0227 0924 CLFS - ok

06:56:49.0352 0924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:Windowssystem32DRIVERSCmBatt.sys

06:56:49.0383 0924 CmBatt - ok

06:56:49.0492 0924 cmdide (e19d3f095812725d88f9001985b94edd) C:Windowssystem32driverscmdide.sys

06:56:49.0508 0924 cmdide - ok

06:56:49.0617 0924 CNG (c4943b6c962e4b82197542447ad599f4) C:Windowssystem32Driverscng.sys

06:56:49.0664 0924 CNG - ok

06:56:49.0773 0924 Compbatt (102de219c3f61415f964c88e9085ad14) C:Windowssystem32DRIVERScompbatt.sys

06:56:49.0789 0924 Compbatt - ok

06:56:49.0882 0924 CompositeBus (03edb043586cceba243d689bdda370a8) C:Windowssystem32driversCompositeBus.sys

06:56:49.0929 0924 CompositeBus - ok

06:56:50.0023 0924 crcdisk (1c827878a998c18847245fe1f34ee597) C:Windowssystem32DRIVERScrcdisk.sys

06:56:50.0038 0924 crcdisk - ok

06:56:50.0163 0924 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:Windowssystem32driverscsc.sys

06:56:50.0225 0924 CSC - ok

06:56:50.0350 0924 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:Windowssystem32Driversdfsc.sys

06:56:50.0413 0924 DfsC - ok

06:56:50.0537 0924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:Windowssystem32driversdiscache.sys

06:56:50.0584 0924 discache - ok

06:56:50.0693 0924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:Windowssystem32DRIVERSdisk.sys

06:56:50.0709 0924 Disk - ok

06:56:50.0834 0924 drmkaud (9b19f34400d24df84c858a421c205754) C:Windowssystem32driversdrmkaud.sys

06:56:50.0865 0924 drmkaud - ok

06:56:50.0990 0924 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:WindowsSystem32driversdxgkrnl.sys

06:56:51.0021 0924 DXGKrnl - ok

06:56:51.0193 0924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:Windowssystem32DRIVERSevbda.sys

06:56:51.0286 0924 ebdrv - ok

06:56:51.0395 0924 elxstor (0e5da5369a0fcaea12456dd852545184) C:Windowssystem32DRIVERSelxstor.sys

06:56:51.0427 0924 elxstor - ok

06:56:51.0536 0924 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:Windowssystem32epmntdrv.sys

06:56:51.0583 0924 epmntdrv ( UnsignedFile.Multi.Generic ) - warning

06:56:51.0583 0924 epmntdrv - detected UnsignedFile.Multi.Generic (1)

06:56:51.0692 0924 ErrDev (34a3c54752046e79a126e15c51db409b) C:Windowssystem32driverserrdev.sys

06:56:51.0723 0924 ErrDev - ok

06:56:51.0832 0924 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:Windowssystem32EuGdiDrv.sys

06:56:51.0863 0924 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning

06:56:51.0863 0924 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)

06:56:51.0988 0924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:Windowssystem32driversexfat.sys

06:56:52.0051 0924 exfat - ok

06:56:52.0144 0924 fastfat (0adc83218b66a6db380c330836f3e36d) C:Windowssystem32driversfastfat.sys

06:56:52.0207 0924 fastfat - ok

06:56:52.0331 0924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:Windowssystem32DRIVERSfdc.sys

06:56:52.0363 0924 fdc - ok

06:56:52.0472 0924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:Windowssystem32driversfileinfo.sys

06:56:52.0487 0924 FileInfo - ok

06:56:52.0597 0924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:Windowssystem32driversfiletrace.sys

06:56:52.0643 0924 Filetrace - ok

06:56:52.0753 0924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:Windowssystem32DRIVERSflpydisk.sys

06:56:52.0768 0924 flpydisk - ok

06:56:52.0877 0924 FltMgr (da6b67270fd9db3697b20fce94950741) C:Windowssystem32driversfltmgr.sys

06:56:52.0893 0924 FltMgr - ok

06:56:53.0002 0924 FsDepends (d43703496149971890703b4b1b723eac) C:Windowssystem32driversFsDepends.sys

06:56:53.0018 0924 FsDepends - ok

06:56:53.0127 0924 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:Windowssystem32driversFs_Rec.sys

06:56:53.0143 0924 Fs_Rec - ok

06:56:53.0236 0924 fvevol (1f7b25b858fa27015169fe95e54108ed) C:Windowssystem32DRIVERSfvevol.sys

06:56:53.0267 0924 fvevol - ok

06:56:53.0392 0924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:Windowssystem32DRIVERSgagp30kx.sys

06:56:53.0392 0924 gagp30kx - ok

06:56:53.0501 0924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:Windowssystem32drivershcw85cir.sys

06:56:53.0548 0924 hcw85cir - ok

06:56:53.0657 0924 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:Windowssystem32driversHDAudBus.sys

06:56:53.0689 0924 HDAudBus - ok

06:56:53.0798 0924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:Windowssystem32DRIVERSHidBatt.sys

06:56:53.0829 0924 HidBatt - ok

06:56:53.0938 0924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:Windowssystem32DRIVERShidbth.sys

06:56:53.0969 0924 HidBth - ok

06:56:54.0063 0924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:Windowssystem32DRIVERShidir.sys

06:56:54.0110 0924 HidIr - ok

06:56:54.0203 0924 HidUsb (9592090a7e2b61cd582b612b6df70536) C:Windowssystem32drivershidusb.sys

06:56:54.0235 0924 HidUsb - ok

06:56:54.0344 0924 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:Windowssystem32driversHpSAMD.sys

06:56:54.0359 0924 HpSAMD - ok

06:56:54.0469 0924 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:Windowssystem32driversHTTP.sys

06:56:54.0531 0924 HTTP - ok

06:56:54.0656 0924 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:Windowssystem32drivershwpolicy.sys

06:56:54.0671 0924 hwpolicy - ok

06:56:54.0781 0924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:Windowssystem32driversi8042prt.sys

06:56:54.0796 0924 i8042prt - ok

06:56:54.0905 0924 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:Windowssystem32driversiaStorV.sys

06:56:54.0921 0924 iaStorV - ok

06:56:55.0155 0924 igfx (a87261ef1546325b559374f5689cf5bc) C:Windowssystem32DRIVERSigdkmd64.sys

06:56:55.0342 0924 igfx - ok

06:56:55.0451 0924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:Windowssystem32DRIVERSiirsp.sys

06:56:55.0467 0924 iirsp - ok

06:56:55.0623 0924 IntcAzAudAddService (5ba1779e2c84fde2a5e201fff9c42c9c) C:Windowssystem32driversRTKVHD64.sys

06:56:55.0670 0924 IntcAzAudAddService - ok

06:56:55.0779 0924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:Windowssystem32driversintelide.sys

06:56:55.0795 0924 intelide - ok

06:56:55.0904 0924 intelppm (ada036632c664caa754079041cf1f8c1) C:Windowssystem32DRIVERSintelppm.sys

06:56:55.0935 0924 intelppm - ok

06:56:56.0044 0924 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:Windowssystem32DRIVERSipfltdrv.sys

06:56:56.0107 0924 IpFilterDriver - ok

06:56:56.0200 0924 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:Windowssystem32driversIPMIDrv.sys

06:56:56.0231 0924 IPMIDRV - ok

06:56:56.0325 0924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:Windowssystem32driversipnat.sys

06:56:56.0387 0924 IPNAT - ok

06:56:56.0497 0924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:Windowssystem32driversirenum.sys

06:56:56.0528 0924 IRENUM - ok

06:56:56.0653 0924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:Windowssystem32driversisapnp.sys

06:56:56.0668 0924 isapnp - ok

06:56:56.0762 0924 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:Windowssystem32driversmsiscsi.sys

06:56:56.0777 0924 iScsiPrt - ok

06:56:56.0887 0924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:Windowssystem32driverskbdclass.sys

06:56:56.0902 0924 kbdclass - ok

06:56:57.0011 0924 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:Windowssystem32driverskbdhid.sys

06:56:57.0043 0924 kbdhid - ok

06:56:57.0136 0924 KSecDD (da1e991a61cfdd755a589e206b97644b) C:Windowssystem32Driversksecdd.sys

06:56:57.0152 0924 KSecDD - ok

06:56:57.0245 0924 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:Windowssystem32Driversksecpkg.sys

06:56:57.0261 0924 KSecPkg - ok

06:56:57.0370 0924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:Windowssystem32driversksthunk.sys

06:56:57.0433 0924 ksthunk - ok

06:56:57.0542 0924 lltdio (1538831cf8ad2979a04c423779465827) C:Windowssystem32DRIVERSlltdio.sys

06:56:57.0604 0924 lltdio - ok

06:56:57.0713 0924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:Windowssystem32DRIVERSlsi_fc.sys

06:56:57.0729 0924 LSI_FC - ok

06:56:57.0838 0924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:Windowssystem32DRIVERSlsi_sas.sys

06:56:57.0854 0924 LSI_SAS - ok

06:56:57.0963 0924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:Windowssystem32DRIVERSlsi_sas2.sys

06:56:57.0979 0924 LSI_SAS2 - ok

06:56:58.0088 0924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:Windowssystem32DRIVERSlsi_scsi.sys

06:56:58.0103 0924 LSI_SCSI - ok

06:56:58.0213 0924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:Windowssystem32driversluafv.sys

06:56:58.0275 0924 luafv - ok

06:56:58.0384 0924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:Windowssystem32DRIVERSmegasas.sys

06:56:58.0400 0924 megasas - ok

06:56:58.0509 0924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:Windowssystem32DRIVERSMegaSR.sys

06:56:58.0525 0924 MegaSR - ok

06:56:58.0634 0924 Modem (800ba92f7010378b09f9ed9270f07137) C:Windowssystem32driversmodem.sys

06:56:58.0696 0924 Modem - ok

06:56:58.0790 0924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:Windowssystem32DRIVERSmonitor.sys

06:56:58.0821 0924 monitor - ok

06:56:58.0930 0924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:Windowssystem32driversmouclass.sys

06:56:58.0946 0924 mouclass - ok

06:56:59.0055 0924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:Windowssystem32DRIVERSmouhid.sys

06:56:59.0071 0924 mouhid - ok

06:56:59.0180 0924 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:Windowssystem32driversmountmgr.sys

06:56:59.0195 0924 mountmgr - ok

06:56:59.0305 0924 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:Windowssystem32driversmpio.sys

06:56:59.0320 0924 mpio - ok

06:56:59.0429 0924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:Windowssystem32driversmpsdrv.sys

06:56:59.0476 0924 mpsdrv - ok

06:56:59.0601 0924 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:Windowssystem32driversmrxdav.sys

06:56:59.0695 0924 MRxDAV - ok

06:56:59.0788 0924 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:Windowssystem32DRIVERSmrxsmb.sys

06:56:59.0835 0924 mrxsmb - ok

06:56:59.0944 0924 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:Windowssystem32DRIVERSmrxsmb10.sys

06:56:59.0960 0924 mrxsmb10 - ok

06:57:00.0069 0924 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:Windowssystem32DRIVERSmrxsmb20.sys

06:57:00.0085 0924 mrxsmb20 - ok

06:57:00.0194 0924 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:Windowssystem32driversmsahci.sys

06:57:00.0209 0924 msahci - ok

06:57:00.0303 0924 msdsm (db801a638d011b9633829eb6f663c900) C:Windowssystem32driversmsdsm.sys

06:57:00.0319 0924 msdsm - ok

06:57:00.0428 0924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:Windowssystem32driversMsfs.sys

06:57:00.0475 0924 Msfs - ok

06:57:00.0568 0924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:WindowsSystem32driversmshidkmdf.sys

06:57:00.0631 0924 mshidkmdf - ok

06:57:00.0724 0924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:Windowssystem32driversmsisadrv.sys

06:57:00.0740 0924 msisadrv - ok

06:57:00.0865 0924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:Windowssystem32driversMSKSSRV.sys

06:57:00.0911 0924 MSKSSRV - ok

06:57:01.0021 0924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:Windowssystem32driversMSPCLOCK.sys

06:57:01.0083 0924 MSPCLOCK - ok

06:57:01.0177 0924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:Windowssystem32driversMSPQM.sys

06:57:01.0239 0924 MSPQM - ok

06:57:01.0348 0924 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:Windowssystem32driversMsRPC.sys

06:57:01.0364 0924 MsRPC - ok

06:57:01.0489 0924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:Windowssystem32driversmssmbios.sys

06:57:01.0504 0924 mssmbios - ok

06:57:01.0613 0924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:Windowssystem32driversMSTEE.sys

06:57:01.0676 0924 MSTEE - ok

06:57:01.0769 0924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:Windowssystem32DRIVERSMTConfig.sys

06:57:01.0801 0924 MTConfig - ok

06:57:01.0910 0924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:Windowssystem32Driversmup.sys

06:57:01.0925 0924 Mup - ok

06:57:02.0066 0924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:Windowssystem32DRIVERSnwifi.sys

06:57:02.0097 0924 NativeWifiP - ok

06:57:02.0237 0924 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:Windowssystem32driversndis.sys

06:57:02.0269 0924 NDIS - ok

06:57:02.0378 0924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:Windowssystem32DRIVERSndiscap.sys

06:57:02.0425 0924 NdisCap - ok

06:57:02.0534 0924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:Windowssystem32DRIVERSndistapi.sys

06:57:02.0596 0924 NdisTapi - ok

06:57:02.0705 0924 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:Windowssystem32DRIVERSndisuio.sys

06:57:02.0768 0924 Ndisuio - ok

06:57:02.0877 0924 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:Windowssystem32DRIVERSndiswan.sys

06:57:02.0939 0924 NdisWan - ok

06:57:03.0049 0924 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:Windowssystem32driversNDProxy.sys

06:57:03.0095 0924 NDProxy - ok

06:57:03.0205 0924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:Windowssystem32DRIVERSnetbios.sys

06:57:03.0251 0924 NetBIOS - ok

06:57:03.0361 0924 NetBT (09594d1089c523423b32a4229263f068) C:Windowssystem32DRIVERSnetbt.sys

06:57:03.0407 0924 NetBT - ok

06:57:03.0548 0924 nfrd960 (77889813be4d166cdab78ddba990da92) C:Windowssystem32DRIVERSnfrd960.sys

06:57:03.0563 0924 nfrd960 - ok

06:57:03.0673 0924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:Windowssystem32driversNpfs.sys

06:57:03.0719 0924 Npfs - ok

06:57:03.0829 0924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:Windowssystem32driversnsiproxy.sys

06:57:03.0891 0924 nsiproxy - ok

06:57:04.0031 0924 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:Windowssystem32driversNtfs.sys

06:57:04.0078 0924 Ntfs - ok

06:57:04.0172 0924 Null (9899284589f75fa8724ff3d16aed75c1) C:Windowssystem32driversNull.sys

06:57:04.0234 0924 Null - ok

06:57:04.0328 0924 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:Windowssystem32driversnvraid.sys

06:57:04.0343 0924 nvraid - ok

06:57:04.0468 0924 nvrd64 (5266d03c0628fae9c35f40eec078fc88) C:Windowssystem32DRIVERSnvrd64.sys

06:57:04.0484 0924 nvrd64 - ok

06:57:04.0593 0924 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:Windowssystem32DRIVERSnvsmu.sys

06:57:04.0593 0924 nvsmu - ok

06:57:04.0702 0924 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:Windowssystem32driversnvstor.sys

06:57:04.0718 0924 nvstor - ok

06:57:04.0843 0924 nvstor64 (2a718473ede7032a508a8f44c633657f) C:Windowssystem32DRIVERSnvstor64.sys

06:57:04.0858 0924 nvstor64 - ok

06:57:04.0952 0924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:Windowssystem32driversnv_agp.sys

06:57:04.0967 0924 nv_agp - ok

06:57:05.0077 0924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:Windowssystem32driversohci1394.sys

06:57:05.0092 0924 ohci1394 - ok

06:57:05.0217 0924 Parport (0086431c29c35be1dbc43f52cc273887) C:Windowssystem32DRIVERSparport.sys

06:57:05.0233 0924 Parport - ok

06:57:05.0342 0924 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:Windowssystem32driverspartmgr.sys

06:57:05.0357 0924 partmgr - ok

06:57:05.0467 0924 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:Windowssystem32driverspci.sys

06:57:05.0482 0924 pci - ok

06:57:05.0591 0924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:Windowssystem32driverspciide.sys

06:57:05.0607 0924 pciide - ok

06:57:05.0716 0924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:Windowssystem32DRIVERSpcmcia.sys

06:57:05.0732 0924 pcmcia - ok

06:57:05.0857 0924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:Windowssystem32driverspcw.sys

06:57:05.0872 0924 pcw - ok

06:57:05.0997 0924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:Windowssystem32driverspeauth.sys

06:57:06.0059 0924 PEAUTH - ok

06:57:06.0200 0924 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:Windowssystem32DRIVERSraspptp.sys

06:57:06.0262 0924 PptpMiniport - ok

06:57:06.0371 0924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:Windowssystem32DRIVERSprocessr.sys

06:57:06.0403 0924 Processor - ok

06:57:06.0512 0924 Psched (0557cf5a2556bd58e26384169d72438d) C:Windowssystem32DRIVERSpacer.sys

06:57:06.0574 0924 Psched - ok

06:57:06.0699 0924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:Windowssystem32DRIVERSql2300.sys

06:57:06.0746 0924 ql2300 - ok

06:57:06.0855 0924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:Windowssystem32DRIVERSql40xx.sys

06:57:06.0871 0924 ql40xx - ok

06:57:06.0980 0924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:Windowssystem32driversqwavedrv.sys

06:57:07.0027 0924 QWAVEdrv - ok

06:57:07.0120 0924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:Windowssystem32DRIVERSrasacd.sys

06:57:07.0167 0924 RasAcd - ok

06:57:07.0276 0924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:Windowssystem32DRIVERSAgileVpn.sys

06:57:07.0323 0924 RasAgileVpn - ok

06:57:07.0417 0924 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:Windowssystem32DRIVERSrasl2tp.sys

06:57:07.0479 0924 Rasl2tp - ok

06:57:07.0588 0924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:Windowssystem32DRIVERSraspppoe.sys

06:57:07.0651 0924 RasPppoe - ok

06:57:07.0760 0924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:Windowssystem32DRIVERSrassstp.sys

06:57:07.0807 0924 RasSstp - ok

06:57:07.0916 0924 rdbss (77f665941019a1594d887a74f301fa2f) C:Windowssystem32DRIVERSrdbss.sys

06:57:07.0963 0924 rdbss - ok

06:57:08.0072 0924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:Windowssystem32DRIVERSrdpbus.sys

06:57:08.0103 0924 rdpbus - ok

06:57:08.0212 0924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:Windowssystem32DRIVERSRDPCDD.sys

06:57:08.0259 0924 RDPCDD - ok

06:57:08.0368 0924 RDPDR (1b6163c503398b23ff8b939c67747683) C:Windowssystem32driversrdpdr.sys

06:57:08.0415 0924 RDPDR - ok

06:57:08.0524 0924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:Windowssystem32driversrdpencdd.sys

06:57:08.0571 0924 RDPENCDD - ok

06:57:08.0680 0924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:Windowssystem32driversrdprefmp.sys

06:57:08.0727 0924 RDPREFMP - ok

06:57:08.0852 0924 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:Windowssystem32driversrdpvideominiport.sys

06:57:08.0899 0924 RdpVideoMiniport - ok

06:57:09.0008 0924 RDPWD (15b66c206b5cb095bab980553f38ed23) C:Windowssystem32driversRDPWD.sys

06:57:09.0039 0924 RDPWD - ok

06:57:09.0164 0924 rdyboost (34ed295fa0121c241bfef24764fc4520) C:Windowssystem32driversrdyboost.sys

06:57:09.0179 0924 rdyboost - ok

06:57:09.0304 0924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:Windowssystem32DRIVERSrspndr.sys

06:57:09.0351 0924 rspndr - ok

06:57:09.0476 0924 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:Windowssystem32DRIVERSRt64win7.sys

06:57:09.0491 0924 RTL8167 - ok

06:57:09.0601 0924 RTL8187B (f70a9384917659a4c5ef30f0f4ec484d) C:Windowssystem32DRIVERSRTL8187B.sys

06:57:09.0647 0924 RTL8187B - ok

06:57:09.0741 0924 s3cap (e60c0a09f997826c7627b244195ab581) C:Windowssystem32driversvms3cap.sys

06:57:09.0788 0924 s3cap - ok

06:57:09.0881 0924 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:Program FilesSUPERAntiSpywareSASDIFSV64.SYS

06:57:09.0881 0924 SASDIFSV - ok

06:57:09.0991 0924 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:Program FilesSUPERAntiSpywareSASKUTIL64.SYS

06:57:10.0006 0924 SASKUTIL - ok

06:57:10.0115 0924 sbapifs (f90431c321f42f0e647b0c6a49644d97) C:Windowssystem32DRIVERSsbapifs.sys

06:57:10.0115 0924 sbapifs - ok

06:57:10.0225 0924 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:Windowssystem32driverssbp2port.sys

06:57:10.0240 0924 sbp2port - ok

06:57:10.0349 0924 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:Windowssystem32DRIVERSscfilter.sys

06:57:10.0412 0924 scfilter - ok

06:57:10.0505 0924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:Windowssystem32driverssecdrv.sys

06:57:10.0552 0924 secdrv - ok

06:57:10.0661 0924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:Windowssystem32DRIVERSserenum.sys

06:57:10.0693 0924 Serenum - ok

06:57:10.0786 0924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:Windowssystem32DRIVERSserial.sys

06:57:10.0817 0924 Serial - ok

06:57:10.0927 0924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:Windowssystem32DRIVERSsermouse.sys

06:57:10.0958 0924 sermouse - ok

06:57:11.0067 0924 sffdisk (a554811bcd09279536440c964ae35bbf) C:Windowssystem32driverssffdisk.sys

06:57:11.0098 0924 sffdisk - ok

06:57:11.0207 0924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:Windowssystem32driverssffp_mmc.sys

06:57:11.0239 0924 sffp_mmc - ok

06:57:11.0332 0924 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:Windowssystem32driverssffp_sd.sys

06:57:11.0363 0924 sffp_sd - ok

06:57:11.0473 0924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:Windowssystem32DRIVERSsfloppy.sys

06:57:11.0488 0924 sfloppy - ok

06:57:11.0597 0924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:Windowssystem32DRIVERSSiSRaid2.sys

06:57:11.0613 0924 SiSRaid2 - ok

06:57:11.0722 0924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:Windowssystem32DRIVERSsisraid4.sys

06:57:11.0722 0924 SiSRaid4 - ok

06:57:11.0831 0924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:Windowssystem32DRIVERSsmb.sys

06:57:11.0878 0924 Smb - ok

06:57:11.0987 0924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:Windowssystem32driversspldr.sys

06:57:12.0003 0924 spldr - ok

06:57:12.0112 0924 srv (441fba48bff01fdb9d5969ebc1838f0b) C:Windowssystem32DRIVERSsrv.sys

06:57:12.0175 0924 srv - ok

06:57:12.0284 0924 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:Windowssystem32DRIVERSsrv2.sys

06:57:12.0299 0924 srv2 - ok

06:57:12.0409 0924 srvnet (27e461f0be5bff5fc737328f749538c3) C:Windowssystem32DRIVERSsrvnet.sys

06:57:12.0440 0924 srvnet - ok

06:57:12.0549 0924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:Windowssystem32DRIVERSstexstor.sys

06:57:12.0565 0924 stexstor - ok

06:57:12.0658 0924 storflt (7785dc213270d2fc066538daf94087e7) C:Windowssystem32driversvmstorfl.sys

06:57:12.0674 0924 storflt - ok

06:57:12.0799 0924 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:Windowssystem32driversstorvsc.sys

06:57:12.0814 0924 storvsc - ok

06:57:12.0908 0924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:Windowssystem32driversswenum.sys

06:57:12.0923 0924 swenum - ok

06:57:13.0033 0924 Synth3dVsc - ok

06:57:13.0173 0924 Tcpip (fc62769e7bff2896035aeed399108162) C:Windowssystem32driverstcpip.sys

06:57:13.0220 0924 Tcpip - ok

06:57:13.0345 0924 TCPIP6 (fc62769e7bff2896035aeed399108162) C:Windowssystem32DRIVERStcpip.sys

06:57:13.0391 0924 TCPIP6 - ok

06:57:13.0501 0924 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:Windowssystem32driverstcpipreg.sys

06:57:13.0532 0924 tcpipreg - ok

06:57:13.0641 0924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:Windowssystem32driverstdpipe.sys

06:57:13.0703 0924 TDPIPE - ok

06:57:13.0797 0924 TDTCP (e4245bda3190a582d55ed09e137401a9) C:Windowssystem32driverstdtcp.sys

06:57:13.0859 0924 TDTCP - ok

06:57:13.0969 0924 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:Windowssystem32DRIVERStdx.sys

06:57:14.0015 0924 tdx - ok

06:57:14.0109 0924 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:Windowssystem32driverstermdd.sys

06:57:14.0125 0924 TermDD - ok

06:57:14.0249 0924 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:Windowssystem32DRIVERStssecsrv.sys

06:57:14.0312 0924 tssecsrv - ok

06:57:14.0405 0924 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:Windowssystem32driverstsusbflt.sys

06:57:14.0437 0924 TsUsbFlt - ok

06:57:14.0515 0924 tsusbhub - ok

06:57:14.0608 0924 tunnel (3566a8daafa27af944f5d705eaa64894) C:Windowssystem32DRIVERStunnel.sys

06:57:14.0671 0924 tunnel - ok

06:57:14.0764 0924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:Windowssystem32DRIVERSuagp35.sys

06:57:14.0780 0924 uagp35 - ok

06:57:14.0889 0924 udfs (ff4232a1a64012baa1fd97c7b67df593) C:Windowssystem32DRIVERSudfs.sys

06:57:14.0936 0924 udfs - ok

06:57:15.0045 0924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:Windowssystem32driversuliagpkx.sys

06:57:15.0061 0924 uliagpkx - ok

06:57:15.0170 0924 umbus (dc54a574663a895c8763af0fa1ff7561) C:Windowssystem32driversumbus.sys

06:57:15.0185 0924 umbus - ok

06:57:15.0295 0924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:Windowssystem32DRIVERSumpass.sys

06:57:15.0326 0924 UmPass - ok

06:57:15.0451 0924 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:Windowssystem32driversusbccgp.sys

06:57:15.0466 0924 usbccgp - ok

06:57:15.0575 0924 usbcir (af0892a803fdda7492f595368e3b68e7) C:Windowssystem32driversusbcir.sys

06:57:15.0622 0924 usbcir - ok

06:57:15.0716 0924 usbehci (74ee782b1d9c241efe425565854c661c) C:Windowssystem32driversusbehci.sys

06:57:15.0747 0924 usbehci - ok

06:57:15.0872 0924 usbhub (dc96bd9ccb8403251bcf25047573558e) C:Windowssystem32driversusbhub.sys

06:57:15.0903 0924 usbhub - ok

06:57:16.0012 0924 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:Windowssystem32driversusbohci.sys

06:57:16.0028 0924 usbohci - ok

06:57:16.0121 0924 usbprint (73188f58fb384e75c4063d29413cee3d) C:Windowssystem32DRIVERSusbprint.sys

06:57:16.0153 0924 usbprint - ok

06:57:16.0262 0924 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:Windowssystem32driversUSBSTOR.SYS

06:57:16.0293 0924 USBSTOR - ok

06:57:16.0402 0924 usbuhci (81fb2216d3a60d1284455d511797db3d) C:Windowssystem32driversusbuhci.sys

06:57:16.0418 0924 usbuhci - ok

06:57:16.0527 0924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:Windowssystem32driversvdrvroot.sys

06:57:16.0543 0924 vdrvroot - ok

06:57:16.0652 0924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:Windowssystem32DRIVERSvgapnp.sys

06:57:16.0667 0924 vga - ok

06:57:16.0777 0924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:WindowsSystem32driversvga.sys

06:57:16.0823 0924 VgaSave - ok

06:57:16.0933 0924 VGPU - ok

06:57:17.0026 0924 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:Windowssystem32driversvhdmp.sys

06:57:17.0057 0924 vhdmp - ok

06:57:17.0151 0924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:Windowssystem32driversviaide.sys

06:57:17.0167 0924 viaide - ok

06:57:17.0276 0924 vmbus (86ea3e79ae350fea5331a1303054005f) C:Windowssystem32driversvmbus.sys

06:57:17.0291 0924 vmbus - ok

06:57:17.0401 0924 VMBusHID (7de90b48f210d29649380545db45a187) C:Windowssystem32driversVMBusHID.sys

06:57:17.0432 0924 VMBusHID - ok

06:57:17.0525 0924 volmgr (d2aafd421940f640b407aefaaebd91b0) C:Windowssystem32driversvolmgr.sys

06:57:17.0541 0924 volmgr - ok

06:57:17.0666 0924 volmgrx (a255814907c89be58b79ef2f189b843b) C:Windowssystem32driversvolmgrx.sys

06:57:17.0681 0924 volmgrx - ok

06:57:17.0791 0924 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:Windowssystem32driversvolsnap.sys

06:57:17.0806 0924 volsnap - ok

06:57:17.0931 0924 vpcbus (7254b4f4a59f9d18b49caf8aa0428631) C:Windowssystem32DRIVERSvpchbus.sys

06:57:17.0962 0924 vpcbus - ok

06:57:18.0071 0924 vpcnfltr (ed501cebf6f571fcce55887bdf4888ea) C:Windowssystem32DRIVERSvpcnfltr.sys

06:57:18.0103 0924 vpcnfltr - ok

06:57:18.0212 0924 vpcusb (2ce21ffd391fe21763ddc32b1caaba7d) C:Windowssystem32DRIVERSvpcusb.sys

06:57:18.0227 0924 vpcusb - ok

06:57:18.0352 0924 vpcvmm (c3f658cd063ea677fccbb620167b44c8) C:Windowssystem32driversvpcvmm.sys

06:57:18.0368 0924 vpcvmm - ok

06:57:18.0477 0924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:Windowssystem32DRIVERSvsmraid.sys

06:57:18.0493 0924 vsmraid - ok

06:57:18.0586 0924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:WindowsSystem32driversvwifibus.sys

06:57:18.0617 0924 vwifibus - ok

06:57:18.0727 0924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:Windowssystem32DRIVERSwacompen.sys

06:57:18.0758 0924 WacomPen - ok

06:57:18.0867 0924 WANARP (356afd78a6ed4457169241ac3965230c) C:Windowssystem32DRIVERSwanarp.sys

06:57:18.0914 0924 WANARP - ok

06:57:18.0914 0924 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:Windowssystem32DRIVERSwanarp.sys

06:57:18.0961 0924 Wanarpv6 - ok

06:57:19.0085 0924 Wd (72889e16ff12ba0f235467d6091b17dc) C:Windowssystem32DRIVERSwd.sys

06:57:19.0101 0924 Wd - ok

06:57:19.0226 0924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:Windowssystem32driversWdf01000.sys

06:57:19.0241 0924 Wdf01000 - ok

06:57:19.0366 0924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:Windowssystem32DRIVERSwfplwf.sys

06:57:19.0413 0924 WfpLwf - ok

06:57:19.0507 0924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:Windowssystem32driverswimmount.sys

06:57:19.0522 0924 WIMMount - ok

06:57:19.0647 0924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:Windowssystem32driverswmiacpi.sys

06:57:19.0678 0924 WmiAcpi - ok

06:57:19.0803 0924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:Windowssystem32driversws2ifsl.sys

06:57:19.0865 0924 ws2ifsl - ok

06:57:19.0975 0924 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:Windowssystem32driversWudfPf.sys

06:57:20.0021 0924 WudfPf - ok

06:57:20.0131 0924 WUDFRd (cf8d590be3373029d57af80914190682) C:Windowssystem32DRIVERSWUDFRd.sys

06:57:20.0193 0924 WUDFRd - ok

06:57:20.0224 0924 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) DeviceHarddisk0DR0

06:57:21.0113 0924 DeviceHarddisk0DR0 - ok

06:57:21.0145 0924 Boot (0x1200) (b657ac9821e8023b63840047b51e5799) DeviceHarddisk0DR0Partition0

06:57:21.0145 0924 DeviceHarddisk0DR0Partition0 - ok

06:57:21.0145 0924 Boot (0x1200) (b2c0cf911a8c8363914e82a80dfee8f0) DeviceHarddisk0DR0Partition1

06:57:21.0145 0924 DeviceHarddisk0DR0Partition1 - ok

06:57:21.0160 0924 Boot (0x1200) (6956a538804f0ad4d574cc60c4e78b74) DeviceHarddisk0DR0Partition2

06:57:21.0176 0924 DeviceHarddisk0DR0Partition2 - ok

06:57:21.0176 0924 Boot (0x1200) (9013e72cc8c457ba0500c8311628310a) DeviceHarddisk0DR0Partition3

06:57:21.0176 0924 DeviceHarddisk0DR0Partition3 - ok

06:57:21.0176 0924 ============================================================

06:57:21.0176 0924 Scan finished

06:57:21.0176 0924 ============================================================

06:57:21.0191 2948 Detected object count: 2

06:57:21.0191 2948 Actual detected object count: 2

06:58:00.0987 2948 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user

06:58:00.0987 2948 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

06:58:00.0987 2948 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user

06:58:00.0987 2948 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

06:58:07.0742 1828 Deinitialize success

 

 

 

 

 

:geezer:

Link to comment
Share on other sites

File uploaded. TDSS said it found 2 threats...here's the log:

 

06:55:42.0350 0316 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

06:55:42.0802 0316 ============================================================

06:55:42.0802 0316 Current date / time: 2012/02/23 06:55:42.0802

06:55:42.0802 0316 SystemInfo:

06:55:42.0802 0316

06:55:42.0802 0316 OS Version: 6.1.7601 ServicePack: 1.0

06:55:42.0802 0316 Product type: Workstation

06:55:42.0802 0316 ComputerName: POPEYE

06:55:42.0802 0316 UserName: Karen

06:55:42.0802 0316 Windows directory: C:Windows

06:55:42.0802 0316 System windows directory: C:Windows

06:55:42.0802 0316 Running under WOW64

06:55:42.0802 0316 Processor architecture: Intel x64

06:55:42.0802 0316 Number of processors: 2

06:55:42.0802 0316 Page size: 0x1000

06:55:42.0802 0316 Boot type: Normal boot

06:55:42.0802 0316 ============================================================

06:55:43.0988 0316 Drive DeviceHarddisk0DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

06:55:43.0988 0316 DeviceHarddisk0DR0:

06:55:43.0988 0316 MBR used

06:55:43.0988 0316 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

06:55:43.0988 0316 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C461A5

06:55:43.0988 0316 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x9C789A5, BlocksNum 0x9C41B17

06:55:44.0019 0316 DeviceHarddisk0DR0Partition3: MBR, Type 0x7, StartLBA 0x138BA4FB, BlocksNum 0x990A086

06:55:44.0112 0316 Initialize success

06:55:44.0112 0316 ============================================================

06:56:43.0361 0924 ============================================================

06:56:43.0361 0924 Scan started

06:56:43.0361 0924 Mode: Manual; SigCheck; TDLFS;

06:56:43.0361 0924 ============================================================

06:56:43.0689 0924 1394ohci (a87d604aea360176311474c87a63bb88) C:Windowssystem32drivers1394ohci.sys

06:56:43.0783 0924 1394ohci - ok

06:56:43.0892 0924 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:Windowssystem32driversACPI.sys

06:56:43.0907 0924 ACPI - ok

06:56:44.0017 0924 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:Windowssystem32driversacpipmi.sys

06:56:44.0079 0924 AcpiPmi - ok

06:56:44.0204 0924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:Windowssystem32DRIVERSadp94xx.sys

06:56:44.0219 0924 adp94xx - ok

06:56:44.0329 0924 adpahci (597f78224ee9224ea1a13d6350ced962) C:Windowssystem32DRIVERSadpahci.sys

06:56:44.0344 0924 adpahci - ok

06:56:44.0469 0924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:Windowssystem32DRIVERSadpu320.sys

06:56:44.0500 0924 adpu320 - ok

06:56:44.0625 0924 AFD (1c7857b62de5994a75b054a9fd4c3825) C:Windowssystem32driversafd.sys

06:56:44.0687 0924 AFD - ok

06:56:44.0812 0924 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:Windowssystem32DRIVERSagrsm64.sys

06:56:44.0890 0924 AgereSoftModem - ok

06:56:44.0999 0924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:Windowssystem32driversagp440.sys

06:56:45.0015 0924 agp440 - ok

06:56:45.0140 0924 aliide (5812713a477a3ad7363c7438ca2ee038) C:Windowssystem32driversaliide.sys

06:56:45.0155 0924 aliide - ok

06:56:45.0265 0924 amdide (1ff8b4431c353ce385c875f194924c0c) C:Windowssystem32driversamdide.sys

06:56:45.0280 0924 amdide - ok

06:56:45.0389 0924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:Windowssystem32DRIVERSamdk8.sys

06:56:45.0452 0924 AmdK8 - ok

06:56:45.0561 0924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:Windowssystem32DRIVERSamdppm.sys

06:56:45.0608 0924 AmdPPM - ok

06:56:45.0733 0924 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:Windowssystem32driversamdsata.sys

06:56:45.0748 0924 amdsata - ok

06:56:45.0857 0924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:Windowssystem32DRIVERSamdsbs.sys

06:56:45.0873 0924 amdsbs - ok

06:56:45.0967 0924 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:Windowssystem32driversamdxata.sys

06:56:45.0982 0924 amdxata - ok

06:56:46.0091 0924 AppID (89a69c3f2f319b43379399547526d952) C:Windowssystem32driversappid.sys

06:56:46.0263 0924 AppID - ok

06:56:46.0372 0924 arc (c484f8ceb1717c540242531db7845c4e) C:Windowssystem32DRIVERSarc.sys

06:56:46.0388 0924 arc - ok

06:56:46.0497 0924 arcsas (019af6924aefe7839f61c830227fe79c) C:Windowssystem32DRIVERSarcsas.sys

06:56:46.0513 0924 arcsas - ok

06:56:46.0606 0924 AsyncMac (769765ce2cc62867468cea93969b2242) C:Windowssystem32DRIVERSasyncmac.sys

06:56:46.0747 0924 AsyncMac - ok

06:56:46.0856 0924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:Windowssystem32driversatapi.sys

06:56:46.0871 0924 atapi - ok

06:56:46.0996 0924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:Windowssystem32DRIVERSbxvbda.sys

06:56:47.0043 0924 b06bdrv - ok

06:56:47.0152 0924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:Windowssystem32DRIVERSb57nd60a.sys

06:56:47.0183 0924 b57nd60a - ok

06:56:47.0308 0924 Beep (16a47ce2decc9b099349a5f840654746) C:Windowssystem32driversBeep.sys

06:56:47.0355 0924 Beep - ok

06:56:47.0464 0924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:Windowssystem32DRIVERSblbdrive.sys

06:56:47.0495 0924 blbdrive - ok

06:56:47.0605 0924 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:Windowssystem32DRIVERSbowser.sys

06:56:47.0651 0924 bowser - ok

06:56:47.0761 0924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:Windowssystem32DRIVERSBrFiltLo.sys

06:56:47.0823 0924 BrFiltLo - ok

06:56:47.0917 0924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:Windowssystem32DRIVERSBrFiltUp.sys

06:56:47.0932 0924 BrFiltUp - ok

06:56:48.0041 0924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:WindowsSystem32DriversBrserid.sys

06:56:48.0088 0924 Brserid - ok

06:56:48.0182 0924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:WindowsSystem32DriversBrSerWdm.sys

06:56:48.0213 0924 BrSerWdm - ok

06:56:48.0322 0924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:WindowsSystem32DriversBrUsbMdm.sys

06:56:48.0369 0924 BrUsbMdm - ok

06:56:48.0463 0924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:WindowsSystem32DriversBrUsbSer.sys

06:56:48.0494 0924 BrUsbSer - ok

06:56:48.0603 0924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:Windowssystem32DRIVERSbthmodem.sys

06:56:48.0650 0924 BTHMODEM - ok

06:56:48.0775 0924 cdfs (b8bd2bb284668c84865658c77574381a) C:Windowssystem32DRIVERScdfs.sys

06:56:48.0821 0924 cdfs - ok

06:56:48.0915 0924 cdrom (f036ce71586e93d94dab220d7bdf4416) C:Windowssystem32driverscdrom.sys

06:56:48.0962 0924 cdrom - ok

06:56:49.0071 0924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:Windowssystem32DRIVERScirclass.sys

06:56:49.0118 0924 circlass - ok

06:56:49.0211 0924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:Windowssystem32CLFS.sys

06:56:49.0227 0924 CLFS - ok

06:56:49.0352 0924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:Windowssystem32DRIVERSCmBatt.sys

06:56:49.0383 0924 CmBatt - ok

06:56:49.0492 0924 cmdide (e19d3f095812725d88f9001985b94edd) C:Windowssystem32driverscmdide.sys

06:56:49.0508 0924 cmdide - ok

06:56:49.0617 0924 CNG (c4943b6c962e4b82197542447ad599f4) C:Windowssystem32Driverscng.sys

06:56:49.0664 0924 CNG - ok

06:56:49.0773 0924 Compbatt (102de219c3f61415f964c88e9085ad14) C:Windowssystem32DRIVERScompbatt.sys

06:56:49.0789 0924 Compbatt - ok

06:56:49.0882 0924 CompositeBus (03edb043586cceba243d689bdda370a8) C:Windowssystem32driversCompositeBus.sys

06:56:49.0929 0924 CompositeBus - ok

06:56:50.0023 0924 crcdisk (1c827878a998c18847245fe1f34ee597) C:Windowssystem32DRIVERScrcdisk.sys

06:56:50.0038 0924 crcdisk - ok

06:56:50.0163 0924 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:Windowssystem32driverscsc.sys

06:56:50.0225 0924 CSC - ok

06:56:50.0350 0924 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:Windowssystem32Driversdfsc.sys

06:56:50.0413 0924 DfsC - ok

06:56:50.0537 0924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:Windowssystem32driversdiscache.sys

06:56:50.0584 0924 discache - ok

06:56:50.0693 0924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:Windowssystem32DRIVERSdisk.sys

06:56:50.0709 0924 Disk - ok

06:56:50.0834 0924 drmkaud (9b19f34400d24df84c858a421c205754) C:Windowssystem32driversdrmkaud.sys

06:56:50.0865 0924 drmkaud - ok

06:56:50.0990 0924 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:WindowsSystem32driversdxgkrnl.sys

06:56:51.0021 0924 DXGKrnl - ok

06:56:51.0193 0924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:Windowssystem32DRIVERSevbda.sys

06:56:51.0286 0924 ebdrv - ok

06:56:51.0395 0924 elxstor (0e5da5369a0fcaea12456dd852545184) C:Windowssystem32DRIVERSelxstor.sys

06:56:51.0427 0924 elxstor - ok

06:56:51.0536 0924 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:Windowssystem32epmntdrv.sys

06:56:51.0583 0924 epmntdrv ( UnsignedFile.Multi.Generic ) - warning

06:56:51.0583 0924 epmntdrv - detected UnsignedFile.Multi.Generic (1)

06:56:51.0692 0924 ErrDev (34a3c54752046e79a126e15c51db409b) C:Windowssystem32driverserrdev.sys

06:56:51.0723 0924 ErrDev - ok

06:56:51.0832 0924 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:Windowssystem32EuGdiDrv.sys

06:56:51.0863 0924 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning

06:56:51.0863 0924 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)

06:56:51.0988 0924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:Windowssystem32driversexfat.sys

06:56:52.0051 0924 exfat - ok

06:56:52.0144 0924 fastfat (0adc83218b66a6db380c330836f3e36d) C:Windowssystem32driversfastfat.sys

06:56:52.0207 0924 fastfat - ok

06:56:52.0331 0924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:Windowssystem32DRIVERSfdc.sys

06:56:52.0363 0924 fdc - ok

06:56:52.0472 0924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:Windowssystem32driversfileinfo.sys

06:56:52.0487 0924 FileInfo - ok

06:56:52.0597 0924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:Windowssystem32driversfiletrace.sys

06:56:52.0643 0924 Filetrace - ok

06:56:52.0753 0924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:Windowssystem32DRIVERSflpydisk.sys

06:56:52.0768 0924 flpydisk - ok

06:56:52.0877 0924 FltMgr (da6b67270fd9db3697b20fce94950741) C:Windowssystem32driversfltmgr.sys

06:56:52.0893 0924 FltMgr - ok

06:56:53.0002 0924 FsDepends (d43703496149971890703b4b1b723eac) C:Windowssystem32driversFsDepends.sys

06:56:53.0018 0924 FsDepends - ok

06:56:53.0127 0924 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:Windowssystem32driversFs_Rec.sys

06:56:53.0143 0924 Fs_Rec - ok

06:56:53.0236 0924 fvevol (1f7b25b858fa27015169fe95e54108ed) C:Windowssystem32DRIVERSfvevol.sys

06:56:53.0267 0924 fvevol - ok

06:56:53.0392 0924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:Windowssystem32DRIVERSgagp30kx.sys

06:56:53.0392 0924 gagp30kx - ok

06:56:53.0501 0924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:Windowssystem32drivershcw85cir.sys

06:56:53.0548 0924 hcw85cir - ok

06:56:53.0657 0924 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:Windowssystem32driversHDAudBus.sys

06:56:53.0689 0924 HDAudBus - ok

06:56:53.0798 0924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:Windowssystem32DRIVERSHidBatt.sys

06:56:53.0829 0924 HidBatt - ok

06:56:53.0938 0924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:Windowssystem32DRIVERShidbth.sys

06:56:53.0969 0924 HidBth - ok

06:56:54.0063 0924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:Windowssystem32DRIVERShidir.sys

06:56:54.0110 0924 HidIr - ok

06:56:54.0203 0924 HidUsb (9592090a7e2b61cd582b612b6df70536) C:Windowssystem32drivershidusb.sys

06:56:54.0235 0924 HidUsb - ok

06:56:54.0344 0924 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:Windowssystem32driversHpSAMD.sys

06:56:54.0359 0924 HpSAMD - ok

06:56:54.0469 0924 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:Windowssystem32driversHTTP.sys

06:56:54.0531 0924 HTTP - ok

06:56:54.0656 0924 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:Windowssystem32drivershwpolicy.sys

06:56:54.0671 0924 hwpolicy - ok

06:56:54.0781 0924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:Windowssystem32driversi8042prt.sys

06:56:54.0796 0924 i8042prt - ok

06:56:54.0905 0924 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:Windowssystem32driversiaStorV.sys

06:56:54.0921 0924 iaStorV - ok

06:56:55.0155 0924 igfx (a87261ef1546325b559374f5689cf5bc) C:Windowssystem32DRIVERSigdkmd64.sys

06:56:55.0342 0924 igfx - ok

06:56:55.0451 0924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:Windowssystem32DRIVERSiirsp.sys

06:56:55.0467 0924 iirsp - ok

06:56:55.0623 0924 IntcAzAudAddService (5ba1779e2c84fde2a5e201fff9c42c9c) C:Windowssystem32driversRTKVHD64.sys

06:56:55.0670 0924 IntcAzAudAddService - ok

06:56:55.0779 0924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:Windowssystem32driversintelide.sys

06:56:55.0795 0924 intelide - ok

06:56:55.0904 0924 intelppm (ada036632c664caa754079041cf1f8c1) C:Windowssystem32DRIVERSintelppm.sys

06:56:55.0935 0924 intelppm - ok

06:56:56.0044 0924 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:Windowssystem32DRIVERSipfltdrv.sys

06:56:56.0107 0924 IpFilterDriver - ok

06:56:56.0200 0924 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:Windowssystem32driversIPMIDrv.sys

06:56:56.0231 0924 IPMIDRV - ok

06:56:56.0325 0924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:Windowssystem32driversipnat.sys

06:56:56.0387 0924 IPNAT - ok

06:56:56.0497 0924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:Windowssystem32driversirenum.sys

06:56:56.0528 0924 IRENUM - ok

06:56:56.0653 0924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:Windowssystem32driversisapnp.sys

06:56:56.0668 0924 isapnp - ok

06:56:56.0762 0924 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:Windowssystem32driversmsiscsi.sys

06:56:56.0777 0924 iScsiPrt - ok

06:56:56.0887 0924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:Windowssystem32driverskbdclass.sys

06:56:56.0902 0924 kbdclass - ok

06:56:57.0011 0924 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:Windowssystem32driverskbdhid.sys

06:56:57.0043 0924 kbdhid - ok

06:56:57.0136 0924 KSecDD (da1e991a61cfdd755a589e206b97644b) C:Windowssystem32Driversksecdd.sys

06:56:57.0152 0924 KSecDD - ok

06:56:57.0245 0924 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:Windowssystem32Driversksecpkg.sys

06:56:57.0261 0924 KSecPkg - ok

06:56:57.0370 0924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:Windowssystem32driversksthunk.sys

06:56:57.0433 0924 ksthunk - ok

06:56:57.0542 0924 lltdio (1538831cf8ad2979a04c423779465827) C:Windowssystem32DRIVERSlltdio.sys

06:56:57.0604 0924 lltdio - ok

06:56:57.0713 0924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:Windowssystem32DRIVERSlsi_fc.sys

06:56:57.0729 0924 LSI_FC - ok

06:56:57.0838 0924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:Windowssystem32DRIVERSlsi_sas.sys

06:56:57.0854 0924 LSI_SAS - ok

06:56:57.0963 0924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:Windowssystem32DRIVERSlsi_sas2.sys

06:56:57.0979 0924 LSI_SAS2 - ok

06:56:58.0088 0924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:Windowssystem32DRIVERSlsi_scsi.sys

06:56:58.0103 0924 LSI_SCSI - ok

06:56:58.0213 0924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:Windowssystem32driversluafv.sys

06:56:58.0275 0924 luafv - ok

06:56:58.0384 0924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:Windowssystem32DRIVERSmegasas.sys

06:56:58.0400 0924 megasas - ok

06:56:58.0509 0924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:Windowssystem32DRIVERSMegaSR.sys

06:56:58.0525 0924 MegaSR - ok

06:56:58.0634 0924 Modem (800ba92f7010378b09f9ed9270f07137) C:Windowssystem32driversmodem.sys

06:56:58.0696 0924 Modem - ok

06:56:58.0790 0924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:Windowssystem32DRIVERSmonitor.sys

06:56:58.0821 0924 monitor - ok

06:56:58.0930 0924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:Windowssystem32driversmouclass.sys

06:56:58.0946 0924 mouclass - ok

06:56:59.0055 0924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:Windowssystem32DRIVERSmouhid.sys

06:56:59.0071 0924 mouhid - ok

06:56:59.0180 0924 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:Windowssystem32driversmountmgr.sys

06:56:59.0195 0924 mountmgr - ok

06:56:59.0305 0924 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:Windowssystem32driversmpio.sys

06:56:59.0320 0924 mpio - ok

06:56:59.0429 0924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:Windowssystem32driversmpsdrv.sys

06:56:59.0476 0924 mpsdrv - ok

06:56:59.0601 0924 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:Windowssystem32driversmrxdav.sys

06:56:59.0695 0924 MRxDAV - ok

06:56:59.0788 0924 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:Windowssystem32DRIVERSmrxsmb.sys

06:56:59.0835 0924 mrxsmb - ok

06:56:59.0944 0924 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:Windowssystem32DRIVERSmrxsmb10.sys

06:56:59.0960 0924 mrxsmb10 - ok

06:57:00.0069 0924 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:Windowssystem32DRIVERSmrxsmb20.sys

06:57:00.0085 0924 mrxsmb20 - ok

06:57:00.0194 0924 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:Windowssystem32driversmsahci.sys

06:57:00.0209 0924 msahci - ok

06:57:00.0303 0924 msdsm (db801a638d011b9633829eb6f663c900) C:Windowssystem32driversmsdsm.sys

06:57:00.0319 0924 msdsm - ok

06:57:00.0428 0924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:Windowssystem32driversMsfs.sys

06:57:00.0475 0924 Msfs - ok

06:57:00.0568 0924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:WindowsSystem32driversmshidkmdf.sys

06:57:00.0631 0924 mshidkmdf - ok

06:57:00.0724 0924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:Windowssystem32driversmsisadrv.sys

06:57:00.0740 0924 msisadrv - ok

06:57:00.0865 0924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:Windowssystem32driversMSKSSRV.sys

06:57:00.0911 0924 MSKSSRV - ok

06:57:01.0021 0924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:Windowssystem32driversMSPCLOCK.sys

06:57:01.0083 0924 MSPCLOCK - ok

06:57:01.0177 0924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:Windowssystem32driversMSPQM.sys

06:57:01.0239 0924 MSPQM - ok

06:57:01.0348 0924 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:Windowssystem32driversMsRPC.sys

06:57:01.0364 0924 MsRPC - ok

06:57:01.0489 0924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:Windowssystem32driversmssmbios.sys

06:57:01.0504 0924 mssmbios - ok

06:57:01.0613 0924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:Windowssystem32driversMSTEE.sys

06:57:01.0676 0924 MSTEE - ok

06:57:01.0769 0924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:Windowssystem32DRIVERSMTConfig.sys

06:57:01.0801 0924 MTConfig - ok

06:57:01.0910 0924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:Windowssystem32Driversmup.sys

06:57:01.0925 0924 Mup - ok

06:57:02.0066 0924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:Windowssystem32DRIVERSnwifi.sys

06:57:02.0097 0924 NativeWifiP - ok

06:57:02.0237 0924 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:Windowssystem32driversndis.sys

06:57:02.0269 0924 NDIS - ok

06:57:02.0378 0924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:Windowssystem32DRIVERSndiscap.sys

06:57:02.0425 0924 NdisCap - ok

06:57:02.0534 0924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:Windowssystem32DRIVERSndistapi.sys

06:57:02.0596 0924 NdisTapi - ok

06:57:02.0705 0924 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:Windowssystem32DRIVERSndisuio.sys

06:57:02.0768 0924 Ndisuio - ok

06:57:02.0877 0924 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:Windowssystem32DRIVERSndiswan.sys

06:57:02.0939 0924 NdisWan - ok

06:57:03.0049 0924 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:Windowssystem32driversNDProxy.sys

06:57:03.0095 0924 NDProxy - ok

06:57:03.0205 0924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:Windowssystem32DRIVERSnetbios.sys

06:57:03.0251 0924 NetBIOS - ok

06:57:03.0361 0924 NetBT (09594d1089c523423b32a4229263f068) C:Windowssystem32DRIVERSnetbt.sys

06:57:03.0407 0924 NetBT - ok

06:57:03.0548 0924 nfrd960 (77889813be4d166cdab78ddba990da92) C:Windowssystem32DRIVERSnfrd960.sys

06:57:03.0563 0924 nfrd960 - ok

06:57:03.0673 0924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:Windowssystem32driversNpfs.sys

06:57:03.0719 0924 Npfs - ok

06:57:03.0829 0924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:Windowssystem32driversnsiproxy.sys

06:57:03.0891 0924 nsiproxy - ok

06:57:04.0031 0924 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:Windowssystem32driversNtfs.sys

06:57:04.0078 0924 Ntfs - ok

06:57:04.0172 0924 Null (9899284589f75fa8724ff3d16aed75c1) C:Windowssystem32driversNull.sys

06:57:04.0234 0924 Null - ok

06:57:04.0328 0924 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:Windowssystem32driversnvraid.sys

06:57:04.0343 0924 nvraid - ok

06:57:04.0468 0924 nvrd64 (5266d03c0628fae9c35f40eec078fc88) C:Windowssystem32DRIVERSnvrd64.sys

06:57:04.0484 0924 nvrd64 - ok

06:57:04.0593 0924 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:Windowssystem32DRIVERSnvsmu.sys

06:57:04.0593 0924 nvsmu - ok

06:57:04.0702 0924 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:Windowssystem32driversnvstor.sys

06:57:04.0718 0924 nvstor - ok

06:57:04.0843 0924 nvstor64 (2a718473ede7032a508a8f44c633657f) C:Windowssystem32DRIVERSnvstor64.sys

06:57:04.0858 0924 nvstor64 - ok

06:57:04.0952 0924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:Windowssystem32driversnv_agp.sys

06:57:04.0967 0924 nv_agp - ok

06:57:05.0077 0924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:Windowssystem32driversohci1394.sys

06:57:05.0092 0924 ohci1394 - ok

06:57:05.0217 0924 Parport (0086431c29c35be1dbc43f52cc273887) C:Windowssystem32DRIVERSparport.sys

06:57:05.0233 0924 Parport - ok

06:57:05.0342 0924 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:Windowssystem32driverspartmgr.sys

06:57:05.0357 0924 partmgr - ok

06:57:05.0467 0924 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:Windowssystem32driverspci.sys

06:57:05.0482 0924 pci - ok

06:57:05.0591 0924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:Windowssystem32driverspciide.sys

06:57:05.0607 0924 pciide - ok

06:57:05.0716 0924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:Windowssystem32DRIVERSpcmcia.sys

06:57:05.0732 0924 pcmcia - ok

06:57:05.0857 0924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:Windowssystem32driverspcw.sys

06:57:05.0872 0924 pcw - ok

06:57:05.0997 0924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:Windowssystem32driverspeauth.sys

06:57:06.0059 0924 PEAUTH - ok

06:57:06.0200 0924 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:Windowssystem32DRIVERSraspptp.sys

06:57:06.0262 0924 PptpMiniport - ok

06:57:06.0371 0924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:Windowssystem32DRIVERSprocessr.sys

06:57:06.0403 0924 Processor - ok

06:57:06.0512 0924 Psched (0557cf5a2556bd58e26384169d72438d) C:Windowssystem32DRIVERSpacer.sys

06:57:06.0574 0924 Psched - ok

06:57:06.0699 0924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:Windowssystem32DRIVERSql2300.sys

06:57:06.0746 0924 ql2300 - ok

06:57:06.0855 0924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:Windowssystem32DRIVERSql40xx.sys

06:57:06.0871 0924 ql40xx - ok

06:57:06.0980 0924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:Windowssystem32driversqwavedrv.sys

06:57:07.0027 0924 QWAVEdrv - ok

06:57:07.0120 0924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:Windowssystem32DRIVERSrasacd.sys

06:57:07.0167 0924 RasAcd - ok

06:57:07.0276 0924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:Windowssystem32DRIVERSAgileVpn.sys

06:57:07.0323 0924 RasAgileVpn - ok

06:57:07.0417 0924 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:Windowssystem32DRIVERSrasl2tp.sys

06:57:07.0479 0924 Rasl2tp - ok

06:57:07.0588 0924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:Windowssystem32DRIVERSraspppoe.sys

06:57:07.0651 0924 RasPppoe - ok

06:57:07.0760 0924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:Windowssystem32DRIVERSrassstp.sys

06:57:07.0807 0924 RasSstp - ok

06:57:07.0916 0924 rdbss (77f665941019a1594d887a74f301fa2f) C:Windowssystem32DRIVERSrdbss.sys

06:57:07.0963 0924 rdbss - ok

06:57:08.0072 0924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:Windowssystem32DRIVERSrdpbus.sys

06:57:08.0103 0924 rdpbus - ok

06:57:08.0212 0924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:Windowssystem32DRIVERSRDPCDD.sys

06:57:08.0259 0924 RDPCDD - ok

06:57:08.0368 0924 RDPDR (1b6163c503398b23ff8b939c67747683) C:Windowssystem32driversrdpdr.sys

06:57:08.0415 0924 RDPDR - ok

06:57:08.0524 0924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:Windowssystem32driversrdpencdd.sys

06:57:08.0571 0924 RDPENCDD - ok

06:57:08.0680 0924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:Windowssystem32driversrdprefmp.sys

06:57:08.0727 0924 RDPREFMP - ok

06:57:08.0852 0924 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:Windowssystem32driversrdpvideominiport.sys

06:57:08.0899 0924 RdpVideoMiniport - ok

06:57:09.0008 0924 RDPWD (15b66c206b5cb095bab980553f38ed23) C:Windowssystem32driversRDPWD.sys

06:57:09.0039 0924 RDPWD - ok

06:57:09.0164 0924 rdyboost (34ed295fa0121c241bfef24764fc4520) C:Windowssystem32driversrdyboost.sys

06:57:09.0179 0924 rdyboost - ok

06:57:09.0304 0924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:Windowssystem32DRIVERSrspndr.sys

06:57:09.0351 0924 rspndr - ok

06:57:09.0476 0924 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:Windowssystem32DRIVERSRt64win7.sys

06:57:09.0491 0924 RTL8167 - ok

06:57:09.0601 0924 RTL8187B (f70a9384917659a4c5ef30f0f4ec484d) C:Windowssystem32DRIVERSRTL8187B.sys

06:57:09.0647 0924 RTL8187B - ok

06:57:09.0741 0924 s3cap (e60c0a09f997826c7627b244195ab581) C:Windowssystem32driversvms3cap.sys

06:57:09.0788 0924 s3cap - ok

06:57:09.0881 0924 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:Program FilesSUPERAntiSpywareSASDIFSV64.SYS

06:57:09.0881 0924 SASDIFSV - ok

06:57:09.0991 0924 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:Program FilesSUPERAntiSpywareSASKUTIL64.SYS

06:57:10.0006 0924 SASKUTIL - ok

06:57:10.0115 0924 sbapifs (f90431c321f42f0e647b0c6a49644d97) C:Windowssystem32DRIVERSsbapifs.sys

06:57:10.0115 0924 sbapifs - ok

06:57:10.0225 0924 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:Windowssystem32driverssbp2port.sys

06:57:10.0240 0924 sbp2port - ok

06:57:10.0349 0924 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:Windowssystem32DRIVERSscfilter.sys

06:57:10.0412 0924 scfilter - ok

06:57:10.0505 0924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:Windowssystem32driverssecdrv.sys

06:57:10.0552 0924 secdrv - ok

06:57:10.0661 0924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:Windowssystem32DRIVERSserenum.sys

06:57:10.0693 0924 Serenum - ok

06:57:10.0786 0924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:Windowssystem32DRIVERSserial.sys

06:57:10.0817 0924 Serial - ok

06:57:10.0927 0924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:Windowssystem32DRIVERSsermouse.sys

06:57:10.0958 0924 sermouse - ok

06:57:11.0067 0924 sffdisk (a554811bcd09279536440c964ae35bbf) C:Windowssystem32driverssffdisk.sys

06:57:11.0098 0924 sffdisk - ok

06:57:11.0207 0924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:Windowssystem32driverssffp_mmc.sys

06:57:11.0239 0924 sffp_mmc - ok

06:57:11.0332 0924 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:Windowssystem32driverssffp_sd.sys

06:57:11.0363 0924 sffp_sd - ok

06:57:11.0473 0924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:Windowssystem32DRIVERSsfloppy.sys

06:57:11.0488 0924 sfloppy - ok

06:57:11.0597 0924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:Windowssystem32DRIVERSSiSRaid2.sys

06:57:11.0613 0924 SiSRaid2 - ok

06:57:11.0722 0924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:Windowssystem32DRIVERSsisraid4.sys

06:57:11.0722 0924 SiSRaid4 - ok

06:57:11.0831 0924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:Windowssystem32DRIVERSsmb.sys

06:57:11.0878 0924 Smb - ok

06:57:11.0987 0924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:Windowssystem32driversspldr.sys

06:57:12.0003 0924 spldr - ok

06:57:12.0112 0924 srv (441fba48bff01fdb9d5969ebc1838f0b) C:Windowssystem32DRIVERSsrv.sys

06:57:12.0175 0924 srv - ok

06:57:12.0284 0924 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:Windowssystem32DRIVERSsrv2.sys

06:57:12.0299 0924 srv2 - ok

06:57:12.0409 0924 srvnet (27e461f0be5bff5fc737328f749538c3) C:Windowssystem32DRIVERSsrvnet.sys

06:57:12.0440 0924 srvnet - ok

06:57:12.0549 0924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:Windowssystem32DRIVERSstexstor.sys

06:57:12.0565 0924 stexstor - ok

06:57:12.0658 0924 storflt (7785dc213270d2fc066538daf94087e7) C:Windowssystem32driversvmstorfl.sys

06:57:12.0674 0924 storflt - ok

06:57:12.0799 0924 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:Windowssystem32driversstorvsc.sys

06:57:12.0814 0924 storvsc - ok

06:57:12.0908 0924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:Windowssystem32driversswenum.sys

06:57:12.0923 0924 swenum - ok

06:57:13.0033 0924 Synth3dVsc - ok

06:57:13.0173 0924 Tcpip (fc62769e7bff2896035aeed399108162) C:Windowssystem32driverstcpip.sys

06:57:13.0220 0924 Tcpip - ok

06:57:13.0345 0924 TCPIP6 (fc62769e7bff2896035aeed399108162) C:Windowssystem32DRIVERStcpip.sys

06:57:13.0391 0924 TCPIP6 - ok

06:57:13.0501 0924 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:Windowssystem32driverstcpipreg.sys

06:57:13.0532 0924 tcpipreg - ok

06:57:13.0641 0924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:Windowssystem32driverstdpipe.sys

06:57:13.0703 0924 TDPIPE - ok

06:57:13.0797 0924 TDTCP (e4245bda3190a582d55ed09e137401a9) C:Windowssystem32driverstdtcp.sys

06:57:13.0859 0924 TDTCP - ok

06:57:13.0969 0924 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:Windowssystem32DRIVERStdx.sys

06:57:14.0015 0924 tdx - ok

06:57:14.0109 0924 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:Windowssystem32driverstermdd.sys

06:57:14.0125 0924 TermDD - ok

06:57:14.0249 0924 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:Windowssystem32DRIVERStssecsrv.sys

06:57:14.0312 0924 tssecsrv - ok

06:57:14.0405 0924 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:Windowssystem32driverstsusbflt.sys

06:57:14.0437 0924 TsUsbFlt - ok

06:57:14.0515 0924 tsusbhub - ok

06:57:14.0608 0924 tunnel (3566a8daafa27af944f5d705eaa64894) C:Windowssystem32DRIVERStunnel.sys

06:57:14.0671 0924 tunnel - ok

06:57:14.0764 0924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:Windowssystem32DRIVERSuagp35.sys

06:57:14.0780 0924 uagp35 - ok

06:57:14.0889 0924 udfs (ff4232a1a64012baa1fd97c7b67df593) C:Windowssystem32DRIVERSudfs.sys

06:57:14.0936 0924 udfs - ok

06:57:15.0045 0924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:Windowssystem32driversuliagpkx.sys

06:57:15.0061 0924 uliagpkx - ok

06:57:15.0170 0924 umbus (dc54a574663a895c8763af0fa1ff7561) C:Windowssystem32driversumbus.sys

06:57:15.0185 0924 umbus - ok

06:57:15.0295 0924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:Windowssystem32DRIVERSumpass.sys

06:57:15.0326 0924 UmPass - ok

06:57:15.0451 0924 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:Windowssystem32driversusbccgp.sys

06:57:15.0466 0924 usbccgp - ok

06:57:15.0575 0924 usbcir (af0892a803fdda7492f595368e3b68e7) C:Windowssystem32driversusbcir.sys

06:57:15.0622 0924 usbcir - ok

06:57:15.0716 0924 usbehci (74ee782b1d9c241efe425565854c661c) C:Windowssystem32driversusbehci.sys

06:57:15.0747 0924 usbehci - ok

06:57:15.0872 0924 usbhub (dc96bd9ccb8403251bcf25047573558e) C:Windowssystem32driversusbhub.sys

06:57:15.0903 0924 usbhub - ok

06:57:16.0012 0924 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:Windowssystem32driversusbohci.sys

06:57:16.0028 0924 usbohci - ok

06:57:16.0121 0924 usbprint (73188f58fb384e75c4063d29413cee3d) C:Windowssystem32DRIVERSusbprint.sys

06:57:16.0153 0924 usbprint - ok

06:57:16.0262 0924 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:Windowssystem32driversUSBSTOR.SYS

06:57:16.0293 0924 USBSTOR - ok

06:57:16.0402 0924 usbuhci (81fb2216d3a60d1284455d511797db3d) C:Windowssystem32driversusbuhci.sys

06:57:16.0418 0924 usbuhci - ok

06:57:16.0527 0924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:Windowssystem32driversvdrvroot.sys

06:57:16.0543 0924 vdrvroot - ok

06:57:16.0652 0924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:Windowssystem32DRIVERSvgapnp.sys

06:57:16.0667 0924 vga - ok

06:57:16.0777 0924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:WindowsSystem32driversvga.sys

06:57:16.0823 0924 VgaSave - ok

06:57:16.0933 0924 VGPU - ok

06:57:17.0026 0924 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:Windowssystem32driversvhdmp.sys

06:57:17.0057 0924 vhdmp - ok

06:57:17.0151 0924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:Windowssystem32driversviaide.sys

06:57:17.0167 0924 viaide - ok

06:57:17.0276 0924 vmbus (86ea3e79ae350fea5331a1303054005f) C:Windowssystem32driversvmbus.sys

06:57:17.0291 0924 vmbus - ok

06:57:17.0401 0924 VMBusHID (7de90b48f210d29649380545db45a187) C:Windowssystem32driversVMBusHID.sys

06:57:17.0432 0924 VMBusHID - ok

06:57:17.0525 0924 volmgr (d2aafd421940f640b407aefaaebd91b0) C:Windowssystem32driversvolmgr.sys

06:57:17.0541 0924 volmgr - ok

06:57:17.0666 0924 volmgrx (a255814907c89be58b79ef2f189b843b) C:Windowssystem32driversvolmgrx.sys

06:57:17.0681 0924 volmgrx - ok

06:57:17.0791 0924 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:Windowssystem32driversvolsnap.sys

06:57:17.0806 0924 volsnap - ok

06:57:17.0931 0924 vpcbus (7254b4f4a59f9d18b49caf8aa0428631) C:Windowssystem32DRIVERSvpchbus.sys

06:57:17.0962 0924 vpcbus - ok

06:57:18.0071 0924 vpcnfltr (ed501cebf6f571fcce55887bdf4888ea) C:Windowssystem32DRIVERSvpcnfltr.sys

06:57:18.0103 0924 vpcnfltr - ok

06:57:18.0212 0924 vpcusb (2ce21ffd391fe21763ddc32b1caaba7d) C:Windowssystem32DRIVERSvpcusb.sys

06:57:18.0227 0924 vpcusb - ok

06:57:18.0352 0924 vpcvmm (c3f658cd063ea677fccbb620167b44c8) C:Windowssystem32driversvpcvmm.sys

06:57:18.0368 0924 vpcvmm - ok

06:57:18.0477 0924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:Windowssystem32DRIVERSvsmraid.sys

06:57:18.0493 0924 vsmraid - ok

06:57:18.0586 0924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:WindowsSystem32driversvwifibus.sys

06:57:18.0617 0924 vwifibus - ok

06:57:18.0727 0924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:Windowssystem32DRIVERSwacompen.sys

06:57:18.0758 0924 WacomPen - ok

06:57:18.0867 0924 WANARP (356afd78a6ed4457169241ac3965230c) C:Windowssystem32DRIVERSwanarp.sys

06:57:18.0914 0924 WANARP - ok

06:57:18.0914 0924 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:Windowssystem32DRIVERSwanarp.sys

06:57:18.0961 0924 Wanarpv6 - ok

06:57:19.0085 0924 Wd (72889e16ff12ba0f235467d6091b17dc) C:Windowssystem32DRIVERSwd.sys

06:57:19.0101 0924 Wd - ok

06:57:19.0226 0924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:Windowssystem32driversWdf01000.sys

06:57:19.0241 0924 Wdf01000 - ok

06:57:19.0366 0924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:Windowssystem32DRIVERSwfplwf.sys

06:57:19.0413 0924 WfpLwf - ok

06:57:19.0507 0924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:Windowssystem32driverswimmount.sys

06:57:19.0522 0924 WIMMount - ok

06:57:19.0647 0924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:Windowssystem32driverswmiacpi.sys

06:57:19.0678 0924 WmiAcpi - ok

06:57:19.0803 0924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:Windowssystem32driversws2ifsl.sys

06:57:19.0865 0924 ws2ifsl - ok

06:57:19.0975 0924 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:Windowssystem32driversWudfPf.sys

06:57:20.0021 0924 WudfPf - ok

06:57:20.0131 0924 WUDFRd (cf8d590be3373029d57af80914190682) C:Windowssystem32DRIVERSWUDFRd.sys

06:57:20.0193 0924 WUDFRd - ok

06:57:20.0224 0924 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) DeviceHarddisk0DR0

06:57:21.0113 0924 DeviceHarddisk0DR0 - ok

06:57:21.0145 0924 Boot (0x1200) (b657ac9821e8023b63840047b51e5799) DeviceHarddisk0DR0Partition0

06:57:21.0145 0924 DeviceHarddisk0DR0Partition0 - ok

06:57:21.0145 0924 Boot (0x1200) (b2c0cf911a8c8363914e82a80dfee8f0) DeviceHarddisk0DR0Partition1

06:57:21.0145 0924 DeviceHarddisk0DR0Partition1 - ok

06:57:21.0160 0924 Boot (0x1200) (6956a538804f0ad4d574cc60c4e78b74) DeviceHarddisk0DR0Partition2

06:57:21.0176 0924 DeviceHarddisk0DR0Partition2 - ok

06:57:21.0176 0924 Boot (0x1200) (9013e72cc8c457ba0500c8311628310a) DeviceHarddisk0DR0Partition3

06:57:21.0176 0924 DeviceHarddisk0DR0Partition3 - ok

06:57:21.0176 0924 ============================================================

06:57:21.0176 0924 Scan finished

06:57:21.0176 0924 ============================================================

06:57:21.0191 2948 Detected object count: 2

06:57:21.0191 2948 Actual detected object count: 2

06:58:00.0987 2948 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user

06:58:00.0987 2948 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

06:58:00.0987 2948 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user

06:58:00.0987 2948 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

06:58:07.0742 1828 Deinitialize success

 

 

 

 

 

:geezer:

Link to comment
Share on other sites

Hi. :)

 

File has been uploaded.

Thank you. The outcome does indeed prove a original False Positive detection. So no further action is required...

 

Here's the TDSS log

Nothing malicious there either. The unsigned files relate to the installed Easeus Partition Manager. Not overly familiar with the software myself but many vendors do use such with their respective applications. Why? No idea and the last they thing they probably consider is how there software may be detected by anything Anti-Malware related for example.

 

So also no further action is required...

 

Next:

 

Any other issues remaining? If not we will remove all tools used during the course of the Malware Removal process(check) and I will provide some advice about online safety etc.

Link to comment
Share on other sites

Hi. :)

 

No issues at all. Let's clean up, I'll await your instructions...

Good...Congratulations your computer appears to be malware free!

 

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

 

Importance of Regular System Maintenance:

 

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

 

Help! My computer is slow!

 

Also so is this:

 

What to do if your Computer is running slowly

 

Clean up with OTL:

  • Right-click OTL and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

 

Any left over merely delete yourself and empty the Recycle Bin.

 

Now some advice for on-line safety:

 

Malwarebyte's Anti-Malware:

 

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

 

Other installed security software:

 

Your presently installed security application, PC Matic(SuperShield) automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

 

I advise you also run a complete scan with this also once per week.

 

Erunt:

 

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

 

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

 

Keep your system updated:

 

Microsoft releases patches for Windows and other products regularly:

  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:

 

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

Never open emails from unknown senders.

Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

 

Stop malicious scripts:

 

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

 

Avoid Peer to Peer software:

 

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

 

Hosts File:

 

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

 

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

 

Here are some Hosts files:

 

Only use one of the above!

 

Install WinPatrol:

 

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

 

Download it from here.

 

You can find information about how WinPatrol works here.

 

Next:

 

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Centre .

 

Any questions? Feel free to ask, if not stay safe!

Link to comment
Share on other sites

Hi. :)

 

O.K. and what about DDS and aswMBR? :geezer:

 

Referring to a part of my prior Clean up with OTL advice:-

 

The above process should clean up and remove the vast majority of scanners used and logs created etc.

 

Any left over merely delete yourself and empty the Recycle Bin.

Link to comment
Share on other sites

You're welcome! :)

 

--------------

 

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

 

Everyone else please begin a New Topic.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...