Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Downloader.zlob.AZVF


(!)

DJ7791's Avatar
DJ7791 DJ7791 is offline
Computer Specs
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
29-Jan-2012, 01:21 AM #1
Question Downloader.zlob.AZVF
I am having a problem getting rid of a trojan downloader.zlob.AZVF

I found a few different threads regarding its removal on your site. I'm wondering if I should follow the instructions given to the other users or if every case is different.

"";"C:\WINDOWS\system32\svchost.exe (844):\memory_001a0000";"Trojan horse Downloader.Zlob.AZVF";"Object is inaccessible."
"";"C:\WINDOWS\system32\svchost.exe (844)";"Trojan horse Downloader.Zlob.AZVF";""
"";"C:\WINDOWS\explorer.exe (1736):\memory_001a0000";"Trojan horse Downloader.Zlob.AZVF";"Object is inaccessible."
"";"C:\WINDOWS\explorer.exe (1736)";"Trojan horse Downloader.Zlob.AZVF";""


I get this same result with every scan AVG does. Please HELP.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:52:23 PM, on 1/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080711
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080711
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallb...mb&ibd=1080711
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {345A64C8-ECDC-43EE-AF9A-917A8C8CA184} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F200D434-8604-4D50-8F63-8D8A2E5394C8} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Search - ?p=ZUzeb004YYUS_ZUman000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://photoshoppe.lifepics.com/net/...Uploader45.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02B902C4-9E03-434A-B422-B7AB2360472B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{02B902C4-9E03-434A-B422-B7AB2360472B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{02B902C4-9E03-434A-B422-B7AB2360472B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\..\{02B902C4-9E03-434A-B422-B7AB2360472B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter hijack: text/html - {2c36a1a6-e284-4b30-94b7-db9aa6897f30} - (no file)
O20 - AppInit_DLLs: :\ n??(
O20 - Winlogon Notify: avgrsstarter - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 12819 bytes




dss log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by misha at 22:48:18 on 2012-01-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2272 [GMT -6:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080711
uSearch Bar =
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080711
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {345A64C8-ECDC-43EE-AF9A-917A8C8CA184} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F200D434-8604-4D50-8F63-8D8A2E5394C8} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
StartupFolder: c:\docume~1\misha\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: &Search - ?p=ZUzeb004YYUS_ZUman000
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Open in new background tab
IE: Open in new foreground tab
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://photoshoppe.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.dotphoto.com/ImageUploader4.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{02B902C4-9E03-434A-B422-B7AB2360472B} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{02B902C4-9E03-434A-B422-B7AB2360472B} : DhcpNameServer = 192.168.1.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: :\ n??(
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: qblaunch.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: qbserverutilitymgr.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: softwareupdate.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: stax.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\misha\application data\mozilla\firefox\profiles\wtlh1w0y.default\
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\misha\application data\mozilla\plugins\NPAbacheck.dll
FF - plugin: c:\documents and settings\misha\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2008-7-21 140184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-3 652872]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-8 1514304]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-3 20464]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-2 10064]
S2 EdgeStat;EdgeStat; [x]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-1-23 42832]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-01-29 04:44:38 388096 ----a-r- c:\documents and settings\misha\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-29 04:44:38 -------- d-----w- c:\program files\Trend Micro
2012-01-28 17:57:24 -------- d-----w- c:\documents and settings\misha\application data\AVG2012
2012-01-28 17:43:14 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-01-28 17:16:38 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-01-28 17:16:23 -------- d-----w- c:\documents and settings\misha\application data\TuneUp Software
2012-01-28 17:16:10 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-01-28 17:15:55 -------- d-----w- c:\documents and settings\all users\application data\TuneUp Software
2012-01-28 17:15:40 -------- d-sh--w- c:\documents and settings\all users\application data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-01-03 14:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-28 16:18:54 165888 ----a-w- c:\windows\system32\wuauclt1.exe
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 11:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 09:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89C30EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8799e872; SUB DWORD [EBP-0x4], 0x8799e12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B077868]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A07A768]
[0x8A3B58B0] -> IRP_MJ_CREATE -> 0x89C30EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskARRAY1.0.00__#4&13bcaf4b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x89C30AEA
user & kernel MBR OK
sectors 488275966 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:50:07.17 ===============


gmer log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-28 22:58:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 Intel___ rev.1.0.
Running: 61pdye9q.exe; Driver: C:\DOCUME~1\misha\LOCALS~1\Temp\ugdyapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9B344F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9B344FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9B345080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9B34511C]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8CA0000, 0x2A12DC, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA77A8A00]
.rsrc C:\WINDOWS\System32\DRIVERS\RDPCDD.sys entry point in ".rsrc" section [0xBA5C2C14]
? C:\WINDOWS\System32\DRIVERS\RDPCDD.sys suspicious PE modification
? C:\DOCUME~1\misha\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB000A
.text C:\WINDOWS\System32\svchost.exe[672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DC000A
.text C:\WINDOWS\System32\svchost.exe[672] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DA000C
.text C:\WINDOWS\System32\svchost.exe[672] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 008A000A
.text C:\WINDOWS\System32\svchost.exe[672] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E4000A
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\Explorer.EXE[1300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D0000A
.text C:\WINDOWS\Explorer.EXE[1300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D1000A
.text C:\WINDOWS\Explorer.EXE[1300] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CF000C
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskARRAY1.0.00__#4&13bcaf4b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys suspicious modification

---- EOF - GMER 1.0.15 ----
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
29-Jan-2012, 01:40 AM #2
Hiya DJ7791,

Do the following:

Disable teatimer and leave off for now.
1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident
2. Run Spybot S&D
3. Go to the Mode menu, and make sure Advanced Mode is selected.
4. On the left hand side, choose Tools > Resident
uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

Next,

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Kevin
DJ7791's Avatar
DJ7791 DJ7791 is offline
Computer Specs
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
29-Jan-2012, 01:58 AM #3
Thanks for the quick response. Here is the log you asked for:


23:51:18.0890 3640 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
23:51:19.0921 3640 ============================================================
23:51:19.0921 3640 Current date / time: 2012/01/28 23:51:19.0921
23:51:19.0921 3640 SystemInfo:
23:51:19.0921 3640
23:51:19.0921 3640 OS Version: 5.1.2600 ServicePack: 3.0
23:51:19.0921 3640 Product type: Workstation
23:51:19.0921 3640 ComputerName: DDZS3TG1
23:51:19.0921 3640 UserName: misha
23:51:19.0921 3640 Windows directory: C:\WINDOWS
23:51:19.0921 3640 System windows directory: C:\WINDOWS
23:51:19.0921 3640 Processor architecture: Intel x86
23:51:19.0921 3640 Number of processors: 2
23:51:19.0921 3640 Page size: 0x1000
23:51:19.0921 3640 Boot type: Normal boot
23:51:19.0921 3640 ============================================================
23:51:20.0375 3640 Drive \Device\Harddisk0\DR0 - Size: 0x3A35000000 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76B9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:51:20.0375 3640 Drive \Device\Harddisk1\DR3 - Size: 0x1E98D1A00 (7.65 Gb), SectorSize: 0x200, Cylinders: 0x3E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:51:20.0406 3640 Drive \Device\Harddisk6\DR8 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:51:20.0750 3640 Initialize success
23:51:53.0250 3488 ============================================================
23:51:53.0250 3488 Scan started
23:51:53.0250 3488 Mode: Manual; SigCheck; TDLFS;
23:51:53.0250 3488 ============================================================
23:51:53.0421 3488 Abiosdsk - ok
23:51:53.0484 3488 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:51:53.0890 3488 abp480n5 - ok
23:51:53.0937 3488 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:51:54.0062 3488 ACPI - ok
23:51:54.0093 3488 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:51:54.0187 3488 ACPIEC - ok
23:51:54.0234 3488 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
23:51:54.0281 3488 ADIHdAudAddService - ok
23:51:54.0296 3488 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:51:54.0421 3488 adpu160m - ok
23:51:54.0453 3488 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:51:54.0562 3488 aec - ok
23:51:54.0625 3488 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
23:51:54.0718 3488 AFD - ok
23:51:54.0781 3488 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:51:54.0890 3488 agp440 - ok
23:51:54.0921 3488 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:51:55.0046 3488 agpCPQ - ok
23:51:55.0078 3488 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:51:55.0140 3488 Aha154x - ok
23:51:55.0171 3488 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:51:55.0296 3488 aic78u2 - ok
23:51:55.0328 3488 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:51:55.0406 3488 aic78xx - ok
23:51:55.0421 3488 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:51:55.0484 3488 AliIde - ok
23:51:55.0578 3488 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:51:55.0671 3488 alim1541 - ok
23:51:55.0671 3488 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:51:55.0765 3488 amdagp - ok
23:51:55.0781 3488 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:51:55.0812 3488 amsint - ok
23:51:55.0875 3488 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:51:55.0968 3488 asc - ok
23:51:55.0984 3488 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:51:56.0015 3488 asc3350p - ok
23:51:56.0031 3488 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:51:56.0093 3488 asc3550 - ok
23:51:56.0140 3488 AsfAlrt (c139fa963dbb9bd6560f404f509d1196) C:\WINDOWS\system32\Drivers\AsfAlrt.sys
23:52:06.0171 3488 AsfAlrt - ok
23:52:06.0328 3488 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:52:06.0484 3488 AsyncMac - ok
23:52:06.0546 3488 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:52:06.0640 3488 atapi - ok
23:52:06.0656 3488 Atdisk - ok
23:52:06.0875 3488 ati2mtag (23f1a61ae7553d086ef264c72afc4e6a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:52:07.0187 3488 ati2mtag - ok
23:52:07.0234 3488 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:52:07.0343 3488 Atmarpc - ok
23:52:07.0406 3488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:52:07.0546 3488 audstub - ok
23:52:07.0625 3488 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
23:52:07.0640 3488 Avgfwdx - ok
23:52:07.0671 3488 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
23:52:07.0671 3488 Avgfwfd - ok
23:52:07.0703 3488 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
23:52:07.0718 3488 AVGIDSDriver - ok
23:52:07.0734 3488 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
23:52:07.0734 3488 AVGIDSEH - ok
23:52:07.0750 3488 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
23:52:07.0765 3488 AVGIDSFilter - ok
23:52:07.0781 3488 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
23:52:07.0781 3488 AVGIDSShim - ok
23:52:07.0796 3488 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:52:07.0812 3488 Avgldx86 - ok
23:52:07.0812 3488 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:52:07.0812 3488 Avgmfx86 - ok
23:52:07.0828 3488 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:52:07.0828 3488 Avgrkx86 - ok
23:52:07.0843 3488 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:52:07.0859 3488 Avgtdix - ok
23:52:07.0875 3488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:52:07.0984 3488 Beep - ok
23:52:08.0031 3488 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
23:52:08.0062 3488 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
23:52:08.0062 3488 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
23:52:08.0093 3488 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:52:08.0218 3488 cbidf - ok
23:52:08.0218 3488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:52:08.0312 3488 cbidf2k - ok
23:52:08.0359 3488 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:52:08.0406 3488 cd20xrnt - ok
23:52:08.0437 3488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:52:08.0531 3488 Cdaudio - ok
23:52:08.0562 3488 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:52:08.0640 3488 Cdfs - ok
23:52:08.0671 3488 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:52:08.0765 3488 Cdrom - ok
23:52:08.0765 3488 Changer - ok
23:52:08.0796 3488 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:52:08.0921 3488 CmdIde - ok
23:52:08.0953 3488 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:52:09.0078 3488 Cpqarray - ok
23:52:09.0109 3488 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:52:09.0234 3488 dac2w2k - ok
23:52:09.0250 3488 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:52:09.0375 3488 dac960nt - ok
23:52:09.0421 3488 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:52:09.0515 3488 Disk - ok
23:52:09.0546 3488 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
23:52:09.0562 3488 DLABMFSM - ok
23:52:09.0593 3488 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
23:52:09.0609 3488 DLABOIOM - ok
23:52:09.0625 3488 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
23:52:09.0625 3488 DLACDBHM - ok
23:52:09.0625 3488 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
23:52:09.0640 3488 DLADResM - ok
23:52:09.0640 3488 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
23:52:09.0656 3488 DLAIFS_M - ok
23:52:09.0656 3488 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
23:52:09.0671 3488 DLAOPIOM - ok
23:52:09.0671 3488 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
23:52:09.0687 3488 DLAPoolM - ok
23:52:09.0687 3488 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
23:52:09.0687 3488 DLARTL_M - ok
23:52:09.0703 3488 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
23:52:09.0703 3488 DLAUDFAM - ok
23:52:09.0750 3488 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
23:52:09.0750 3488 DLAUDF_M - ok
23:52:09.0812 3488 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:52:09.0984 3488 dmboot - ok
23:52:10.0031 3488 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:52:10.0140 3488 dmio - ok
23:52:10.0140 3488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:52:10.0234 3488 dmload - ok
23:52:10.0265 3488 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:52:10.0343 3488 DMusic - ok
23:52:10.0406 3488 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:52:10.0500 3488 dpti2o - ok
23:52:10.0515 3488 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:52:10.0578 3488 drmkaud - ok
23:52:10.0625 3488 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
23:52:10.0625 3488 DRVMCDB - ok
23:52:10.0640 3488 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
23:52:10.0656 3488 DRVNDDM - ok
23:52:10.0703 3488 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:52:10.0796 3488 E100B - ok
23:52:10.0875 3488 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
23:52:10.0875 3488 e1express - ok
23:52:10.0890 3488 EdgeStat - ok
23:52:10.0937 3488 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:52:11.0046 3488 Fastfat - ok
23:52:11.0078 3488 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:52:11.0171 3488 Fdc - ok
23:52:11.0203 3488 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:52:11.0281 3488 Fips - ok
23:52:11.0281 3488 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:52:11.0343 3488 Flpydisk - ok
23:52:11.0421 3488 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:52:11.0484 3488 FltMgr - ok
23:52:11.0515 3488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:52:11.0625 3488 Fs_Rec - ok
23:52:11.0656 3488 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:52:11.0734 3488 Ftdisk - ok
23:52:11.0765 3488 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:52:11.0781 3488 GEARAspiWDM - ok
23:52:11.0812 3488 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:52:11.0906 3488 Gpc - ok
23:52:11.0937 3488 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:52:12.0031 3488 HDAudBus - ok
23:52:12.0031 3488 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
23:52:12.0093 3488 HECI - ok
23:52:12.0140 3488 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:52:12.0265 3488 HidUsb - ok
23:52:12.0296 3488 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:52:12.0406 3488 hpn - ok
23:52:12.0468 3488 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:52:12.0531 3488 HTTP - ok
23:52:12.0609 3488 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:52:12.0750 3488 i2omgmt - ok
23:52:12.0781 3488 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:52:12.0890 3488 i2omp - ok
23:52:12.0890 3488 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:52:12.0968 3488 i8042prt - ok
23:52:13.0000 3488 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
23:52:13.0015 3488 iaStor - ok
23:52:13.0046 3488 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:52:13.0125 3488 Imapi - ok
23:52:13.0156 3488 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:52:13.0234 3488 ini910u - ok
23:52:13.0281 3488 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:52:13.0359 3488 IntelIde - ok
23:52:13.0390 3488 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:52:13.0484 3488 intelppm - ok
23:52:13.0515 3488 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:52:13.0625 3488 Ip6Fw - ok
23:52:13.0656 3488 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:52:13.0781 3488 IpFilterDriver - ok
23:52:13.0828 3488 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:52:13.0921 3488 IpInIp - ok
23:52:13.0953 3488 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:52:14.0062 3488 IpNat - ok
23:52:14.0078 3488 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:52:14.0187 3488 IPSec - ok
23:52:14.0203 3488 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:52:14.0312 3488 IRENUM - ok
23:52:14.0343 3488 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:52:14.0500 3488 isapnp - ok
23:52:14.0546 3488 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:52:14.0671 3488 Kbdclass - ok
23:52:14.0703 3488 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:52:14.0828 3488 kbdhid - ok
23:52:14.0875 3488 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:52:14.0984 3488 kmixer - ok
23:52:15.0000 3488 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:52:15.0125 3488 KSecDD - ok
23:52:15.0140 3488 lbrtfdc - ok
23:52:15.0171 3488 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
23:52:15.0187 3488 MBAMProtector - ok
23:52:15.0218 3488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:52:15.0343 3488 mnmdd - ok
23:52:15.0406 3488 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:52:15.0500 3488 Modem - ok
23:52:15.0531 3488 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:52:15.0640 3488 Mouclass - ok
23:52:15.0703 3488 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:52:15.0812 3488 mouhid - ok
23:52:15.0828 3488 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:52:15.0921 3488 MountMgr - ok
23:52:15.0953 3488 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:52:16.0015 3488 mraid35x - ok
23:52:16.0046 3488 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:52:16.0125 3488 MRxDAV - ok
23:52:16.0171 3488 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:52:16.0250 3488 MRxSmb - ok
23:52:16.0265 3488 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:52:16.0328 3488 Msfs - ok
23:52:16.0359 3488 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:52:16.0421 3488 MSKSSRV - ok
23:52:16.0500 3488 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:52:16.0609 3488 MSPCLOCK - ok
23:52:16.0625 3488 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:52:16.0750 3488 MSPQM - ok
23:52:16.0781 3488 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:52:16.0875 3488 mssmbios - ok
23:52:16.0890 3488 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:52:16.0984 3488 Mup - ok
23:52:17.0000 3488 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:52:17.0109 3488 NDIS - ok
23:52:17.0125 3488 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:52:17.0234 3488 NdisTapi - ok
23:52:17.0250 3488 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:52:17.0343 3488 Ndisuio - ok
23:52:17.0343 3488 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:52:17.0437 3488 NdisWan - ok
23:52:17.0437 3488 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:52:17.0531 3488 NDProxy - ok
23:52:17.0546 3488 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:52:17.0609 3488 NetBIOS - ok
23:52:17.0671 3488 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:52:17.0750 3488 NetBT - ok
23:52:17.0750 3488 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:52:17.0843 3488 Npfs - ok
23:52:17.0875 3488 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:52:18.0015 3488 Ntfs - ok
23:52:18.0046 3488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:52:18.0156 3488 Null - ok
23:52:18.0234 3488 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:52:18.0390 3488 nv - ok
23:52:18.0421 3488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:52:18.0546 3488 NwlnkFlt - ok
23:52:18.0546 3488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:52:18.0656 3488 NwlnkFwd - ok
23:52:18.0656 3488 PAR1284 - ok
23:52:18.0703 3488 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:52:18.0796 3488 Parport - ok
23:52:18.0828 3488 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:52:18.0906 3488 PartMgr - ok
23:52:18.0921 3488 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:52:19.0015 3488 ParVdm - ok
23:52:19.0046 3488 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:52:19.0140 3488 PCI - ok
23:52:19.0140 3488 PCIDump - ok
23:52:19.0171 3488 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:52:19.0265 3488 PCIIde - ok
23:52:19.0312 3488 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:52:19.0437 3488 Pcmcia - ok
23:52:19.0437 3488 PDCOMP - ok
23:52:19.0453 3488 PDFRAME - ok
23:52:19.0453 3488 PDRELI - ok
23:52:19.0468 3488 PDRFRAME - ok
23:52:19.0484 3488 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:52:19.0609 3488 perc2 - ok
23:52:19.0625 3488 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:52:19.0734 3488 perc2hib - ok
23:52:19.0781 3488 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:52:19.0875 3488 PptpMiniport - ok
23:52:19.0875 3488 Profos - ok
23:52:19.0890 3488 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:52:20.0000 3488 PSched - ok
23:52:20.0000 3488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:52:20.0093 3488 Ptilink - ok
23:52:20.0125 3488 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:52:20.0125 3488 PxHelp20 - ok
23:52:20.0156 3488 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:52:20.0234 3488 ql1080 - ok
23:52:20.0265 3488 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:52:20.0343 3488 Ql10wnt - ok
23:52:20.0406 3488 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:52:20.0468 3488 ql12160 - ok
23:52:20.0484 3488 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:52:20.0546 3488 ql1240 - ok
23:52:20.0562 3488 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:52:20.0640 3488 ql1280 - ok
23:52:20.0656 3488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:52:20.0734 3488 RasAcd - ok
23:52:20.0781 3488 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:52:20.0875 3488 Rasl2tp - ok
23:52:20.0890 3488 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:52:20.0968 3488 RasPppoe - ok
23:52:20.0984 3488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:52:21.0062 3488 Raspti - ok
23:52:21.0109 3488 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:52:21.0203 3488 Rdbss - ok
23:52:21.0218 3488 RDPCDD (73629a675b88b259855f1eedd890e8d9) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:52:21.0218 3488 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: 73629a675b88b259855f1eedd890e8d9, Fake md5: 4912d5b403614ce99c28420f75353332
23:52:21.0218 3488 RDPCDD ( Rootkit.Win32.TDSS.tdl3 ) - infected
23:52:21.0218 3488 RDPCDD - detected Rootkit.Win32.TDSS.tdl3 (0)
23:52:21.0265 3488 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:52:21.0359 3488 rdpdr - ok
23:52:21.0437 3488 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:52:21.0531 3488 RDPWD - ok
23:52:21.0593 3488 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:52:21.0734 3488 redbook - ok
23:52:21.0781 3488 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
23:52:21.0843 3488 RimUsb - ok
23:52:21.0890 3488 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
23:52:21.0937 3488 RimVSerPort - ok
23:52:21.0953 3488 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
23:52:22.0062 3488 ROOTMODEM - ok
23:52:22.0109 3488 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
23:52:22.0125 3488 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
23:52:22.0125 3488 SCDEmu - detected UnsignedFile.Multi.Generic (1)
23:52:22.0171 3488 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:52:22.0281 3488 Secdrv - ok
23:52:22.0359 3488 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
23:52:22.0390 3488 SenFiltService - ok
23:52:22.0437 3488 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:52:22.0562 3488 serenum - ok
23:52:22.0625 3488 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:52:22.0750 3488 Serial - ok
23:52:22.0781 3488 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:52:22.0890 3488 Sfloppy - ok
23:52:22.0906 3488 Simbad - ok
23:52:22.0937 3488 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:52:23.0062 3488 sisagp - ok
23:52:23.0093 3488 SNTNLUSB (a1ff7d99b199cea1f3df371ba70d2780) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
23:52:23.0109 3488 SNTNLUSB - ok
23:52:23.0140 3488 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:52:23.0203 3488 Sparrow - ok
23:52:23.0250 3488 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:52:23.0343 3488 splitter - ok
23:52:23.0390 3488 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:52:23.0515 3488 sr - ok
23:52:23.0546 3488 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
23:52:23.0609 3488 Srv - ok
23:52:23.0640 3488 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:52:23.0765 3488 swenum - ok
23:52:23.0781 3488 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:52:23.0890 3488 swmidi - ok
23:52:23.0921 3488 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:52:24.0031 3488 symc810 - ok
23:52:24.0031 3488 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:52:24.0156 3488 symc8xx - ok
23:52:24.0187 3488 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:52:24.0281 3488 sym_hi - ok
23:52:24.0296 3488 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:52:24.0390 3488 sym_u3 - ok
23:52:24.0421 3488 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:52:24.0546 3488 sysaudio - ok
23:52:24.0625 3488 tap0901 (11d34fc869f5bda29949fe3858380894) C:\WINDOWS\system32\DRIVERS\tap0901.sys
23:52:24.0625 3488 tap0901 ( UnsignedFile.Multi.Generic ) - warning
23:52:24.0625 3488 tap0901 - detected UnsignedFile.Multi.Generic (1)
23:52:24.0671 3488 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:52:24.0750 3488 Tcpip - ok
23:52:24.0781 3488 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:52:24.0843 3488 Tcpip6 - ok
23:52:24.0890 3488 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:52:25.0000 3488 TDPIPE - ok
23:52:25.0046 3488 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:52:25.0171 3488 TDTCP - ok
23:52:25.0203 3488 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:52:25.0312 3488 TermDD - ok
23:52:25.0359 3488 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:52:25.0484 3488 TosIde - ok
23:52:25.0500 3488 Trufos - ok
23:52:25.0640 3488 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
23:52:25.0656 3488 TuneUpUtilitiesDrv - ok
23:52:25.0687 3488 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:52:25.0796 3488 tunmp - ok
23:52:25.0828 3488 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:52:25.0937 3488 Udfs - ok
23:52:25.0968 3488 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:52:26.0046 3488 ultra - ok
23:52:26.0062 3488 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:52:26.0265 3488 Update - ok
23:52:26.0406 3488 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:52:26.0437 3488 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
23:52:26.0437 3488 USBAAPL - detected UnsignedFile.Multi.Generic (1)
23:52:26.0468 3488 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:52:26.0562 3488 usbaudio - ok
23:52:26.0640 3488 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:52:26.0765 3488 usbccgp - ok
23:52:26.0796 3488 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:52:26.0937 3488 usbehci - ok
23:52:26.0968 3488 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:52:27.0093 3488 usbhub - ok
23:52:27.0125 3488 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:52:27.0234 3488 usbprint - ok
23:52:27.0312 3488 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:52:27.0437 3488 usbscan - ok
23:52:27.0468 3488 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:52:27.0609 3488 USBSTOR - ok
23:52:27.0656 3488 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:52:27.0750 3488 usbuhci - ok
23:52:27.0796 3488 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:52:27.0859 3488 usb_rndisx - ok
23:52:27.0906 3488 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:52:27.0984 3488 VgaSave - ok
23:52:28.0031 3488 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:52:28.0093 3488 viaagp - ok
23:52:28.0140 3488 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:52:28.0218 3488 ViaIde - ok
23:52:28.0250 3488 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:52:28.0328 3488 VolSnap - ok
23:52:28.0359 3488 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:52:28.0437 3488 Wanarp - ok
23:52:28.0484 3488 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
23:52:28.0546 3488 wceusbsh - ok
23:52:28.0640 3488 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:52:28.0656 3488 Wdf01000 - ok
23:52:28.0656 3488 WDICA - ok
23:52:28.0703 3488 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:52:28.0828 3488 wdmaud - ok
23:52:28.0859 3488 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys
23:52:28.0906 3488 WmBEnum - ok
23:52:28.0921 3488 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys
23:52:28.0984 3488 WmFilter - ok
23:52:29.0000 3488 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys
23:52:29.0062 3488 WmVirHid - ok
23:52:29.0062 3488 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys
23:52:29.0078 3488 WmXlCore - ok
23:52:29.0140 3488 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:52:29.0218 3488 WpdUsb - ok
23:52:29.0234 3488 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:52:29.0343 3488 WS2IFSL - ok
23:52:29.0375 3488 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:52:29.0421 3488 WudfPf - ok
23:52:29.0453 3488 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:52:29.0484 3488 WudfRd - ok
23:52:29.0546 3488 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
23:52:29.0562 3488 xusb21 - ok
23:52:29.0609 3488 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:52:29.0859 3488 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:52:29.0859 3488 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:52:29.0859 3488 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
23:52:29.0984 3488 \Device\Harddisk1\DR3 - ok
23:52:30.0000 3488 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk6\DR8
23:52:30.0406 3488 \Device\Harddisk6\DR8 - ok
23:52:30.0421 3488 Boot (0x1200) (e2c284bbd4b23abc7166a1fbb56d5f1a) \Device\Harddisk0\DR0\Partition0
23:52:30.0421 3488 \Device\Harddisk0\DR0\Partition0 - ok
23:52:30.0421 3488 Boot (0x1200) (0c8090cf00eb0ff9a1d7916c8aaa3cc7) \Device\Harddisk1\DR3\Partition0
23:52:30.0421 3488 \Device\Harddisk1\DR3\Partition0 - ok
23:52:30.0421 3488 Boot (0x1200) (0ee114293994062bab4de00429bdbab4) \Device\Harddisk6\DR8\Partition0
23:52:30.0421 3488 \Device\Harddisk6\DR8\Partition0 - ok
23:52:30.0421 3488 ============================================================
23:52:30.0421 3488 Scan finished
23:52:30.0421 3488 ============================================================
23:52:30.0546 3428 Detected object count: 6
23:52:30.0546 3428 Actual detected object count: 6
23:52:53.0281 3428 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
23:52:53.0281 3428 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:52:53.0609 3428 Backup copy found, using it..
23:52:53.0609 3428 C:\WINDOWS\system32\DRIVERS\RDPCDD.sys - will be cured on reboot
23:52:53.0609 3428 RDPCDD ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
23:52:53.0609 3428 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
23:52:53.0609 3428 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:52:53.0609 3428 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
23:52:53.0609 3428 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:52:53.0625 3428 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
23:52:53.0625 3428 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:52:53.0625 3428 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:52:53.0625 3428 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
23:53:10.0437 2316 Deinitialize success
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
29-Jan-2012, 02:14 AM #4
OK DJ7791, do this:

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

If you already have MB installed update and run as below...

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Kevin
DJ7791's Avatar
DJ7791 DJ7791 is offline
Computer Specs
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
29-Jan-2012, 03:06 AM #5
I have Malwarebytes Pro and run it daily. It continued to show 0 infections even when AVG showed the downloader.zlob

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
misha :: DDZS3TG1 [administrator]

Protection: Enabled

1/29/2012 12:50:09 AM
mbam-log-2012-01-29 (00-50-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220599
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
29-Jan-2012, 03:09 AM #6
How does your system respond since we remove the Rootkit, any alerts from AVG?
DJ7791's Avatar
DJ7791 DJ7791 is offline
Computer Specs
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
29-Jan-2012, 03:18 AM #7
System seems to operate smoothly and no AVG pop-ups yet. If I ran another scan with AVG would the trojan still show if present?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
29-Jan-2012, 03:23 AM #8
No, AVG will not see it anymore as it has been removed. OK do the following :-

Step 1

Download TFC to your desktop, from either of the following links
Link 1
Link 2
  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
  • If prompted, click "Yes" to reboot.
Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Step 2

This is a very indepth and thorough scan, as such it will take several hours to complete. We need to ensure all remnants of this infection are gone!

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Kevin
DJ7791's Avatar
DJ7791 DJ7791 is offline
Computer Specs
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
29-Jan-2012, 03:43 AM #9
Everytime I run TFC it closes explorer and freezes my pc....?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
29-Jan-2012, 03:56 AM #10
It should not do that, Normally it will close explorer, your Desktop will disappear, you should then see the TFC GUI, it should run, then either prompt for a re-boot or return your Desktop.... it may seem that your PC freezes, let it run for a few minutes

If that does not happen miss TFC out and progress to ESET
DJ7791's Avatar
DJ7791 DJ7791 is offline
Computer Specs
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
29-Jan-2012, 12:16 PM #11
This is what the ESETscan came up with:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bc5cb3e307a4c441b8fd5d99f5afdf9c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-29 12:07:06
# local_time=2012-01-29 06:07:06 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=190735
# found=3
# cleaned=0
# scan_time=11700
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRotator5.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\misha\Local Settings\Application Data\{A46394FD-4709-4FD0-A57C-D7156E0166BC}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan (unable to clean) 00000000000000000000000000000000 I
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
29-Jan-2012, 06:33 PM #12
OK, do the following:

Step 1

Re-run TDSSKiller, when you see this entry \Device\Harddisk0\DR0 ( TDSS File System ) Select Delete NOT Skip re-boot if required.

Step 2

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\misha\Local Settings\Application Data\{A46394FD-4709-4FD0-A57C-D7156E0166BC}\chrome\content\overlay.xul 
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Step 3

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see those three logs in next reply....

Kevin
DJ7791's Avatar
DJ7791 DJ7791 is offline
Computer Specs
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
29-Jan-2012, 10:29 PM #13
Everytime I run OTM I get nothing. The program starts and explorer.exe disappers as well as Object Dock. The desktop background is still visable along with the OTM program window but nothing happens, nothing is "clickable" and I cant preform a restart. It has been well over 15 minutes since I started "move it".
DJ7791's Avatar
DJ7791 DJ7791 is offline
Computer Specs
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
29-Jan-2012, 10:37 PM #14
Also when I click on the open OTM program window I get a "not responding" in the header.
DJ7791's Avatar
DJ7791 DJ7791 is offline
Computer Specs
Junior Member with 11 posts.
THREAD STARTER
 
Join Date: Jan 2012
Experience: Intermediate
29-Jan-2012, 11:11 PM #15
Here are the logs from TDSS and Security Check. Can not get OTM to work....?



21:03:53.0125 0356 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
21:03:53.0937 0356 ============================================================
21:03:53.0937 0356 Current date / time: 2012/01/29 21:03:53.0937
21:03:53.0937 0356 SystemInfo:
21:03:53.0937 0356
21:03:53.0937 0356 OS Version: 5.1.2600 ServicePack: 3.0
21:03:53.0937 0356 Product type: Workstation
21:03:53.0937 0356 ComputerName: DDZS3TG1
21:03:53.0937 0356 UserName: misha
21:03:53.0937 0356 Windows directory: C:\WINDOWS
21:03:53.0937 0356 System windows directory: C:\WINDOWS
21:03:53.0937 0356 Processor architecture: Intel x86
21:03:53.0937 0356 Number of processors: 2
21:03:53.0937 0356 Page size: 0x1000
21:03:53.0937 0356 Boot type: Normal boot
21:03:53.0937 0356 ============================================================
21:03:54.0312 0356 Drive \Device\Harddisk0\DR0 - Size: 0x3A35000000 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76B9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:03:54.0359 0356 Drive \Device\Harddisk5\DR7 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:03:54.0406 0356 Initialize success
21:03:59.0546 3080 ============================================================
21:03:59.0546 3080 Scan started
21:03:59.0546 3080 Mode: Manual; SigCheck; TDLFS;
21:03:59.0546 3080 ============================================================
21:03:59.0796 3080 Abiosdsk - ok
21:03:59.0906 3080 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:04:00.0328 3080 abp480n5 - ok
21:04:00.0390 3080 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:04:00.0515 3080 ACPI - ok
21:04:00.0546 3080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:04:00.0640 3080 ACPIEC - ok
21:04:00.0703 3080 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:04:00.0734 3080 ADIHdAudAddService - ok
21:04:00.0765 3080 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:04:00.0875 3080 adpu160m - ok
21:04:00.0968 3080 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:04:01.0078 3080 aec - ok
21:04:01.0125 3080 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:04:01.0218 3080 AFD - ok
21:04:01.0265 3080 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:04:01.0390 3080 agp440 - ok
21:04:01.0406 3080 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:04:01.0531 3080 agpCPQ - ok
21:04:01.0562 3080 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:04:01.0625 3080 Aha154x - ok
21:04:01.0656 3080 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:04:01.0781 3080 aic78u2 - ok
21:04:01.0812 3080 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:04:01.0921 3080 aic78xx - ok
21:04:01.0937 3080 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:04:02.0062 3080 AliIde - ok
21:04:02.0109 3080 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:04:02.0234 3080 alim1541 - ok
21:04:02.0265 3080 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:04:02.0390 3080 amdagp - ok
21:04:02.0406 3080 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:04:02.0453 3080 amsint - ok
21:04:02.0468 3080 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:04:02.0593 3080 asc - ok
21:04:02.0609 3080 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:04:02.0656 3080 asc3350p - ok
21:04:02.0671 3080 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:04:02.0765 3080 asc3550 - ok
21:04:02.0812 3080 AsfAlrt (c139fa963dbb9bd6560f404f509d1196) C:\WINDOWS\system32\Drivers\AsfAlrt.sys
21:04:03.0015 3080 AsfAlrt - ok
21:04:03.0046 3080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:04:03.0140 3080 AsyncMac - ok
21:04:03.0171 3080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:04:03.0234 3080 atapi - ok
21:04:03.0234 3080 Atdisk - ok
21:04:03.0421 3080 ati2mtag (23f1a61ae7553d086ef264c72afc4e6a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:04:03.0687 3080 ati2mtag - ok
21:04:03.0718 3080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:04:03.0828 3080 Atmarpc - ok
21:04:03.0875 3080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:04:04.0000 3080 audstub - ok
21:04:04.0046 3080 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
21:04:04.0062 3080 Avgfwdx - ok
21:04:04.0093 3080 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
21:04:04.0109 3080 Avgfwfd - ok
21:04:04.0156 3080 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:04:04.0171 3080 AVGIDSDriver - ok
21:04:04.0171 3080 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:04:04.0187 3080 AVGIDSEH - ok
21:04:04.0187 3080 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:04:04.0203 3080 AVGIDSFilter - ok
21:04:04.0218 3080 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:04:04.0218 3080 AVGIDSShim - ok
21:04:04.0234 3080 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:04:04.0250 3080 Avgldx86 - ok
21:04:04.0250 3080 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:04:04.0265 3080 Avgmfx86 - ok
21:04:04.0265 3080 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:04:04.0281 3080 Avgrkx86 - ok
21:04:04.0296 3080 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:04:04.0296 3080 Avgtdix - ok
21:04:04.0328 3080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:04:04.0453 3080 Beep - ok
21:04:04.0515 3080 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:04:04.0531 3080 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
21:04:04.0531 3080 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
21:04:04.0562 3080 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:04:04.0687 3080 cbidf - ok
21:04:04.0703 3080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:04:04.0781 3080 cbidf2k - ok
21:04:04.0812 3080 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:04:04.0875 3080 cd20xrnt - ok
21:04:04.0890 3080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:04:04.0984 3080 Cdaudio - ok
21:04:05.0015 3080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:04:05.0093 3080 Cdfs - ok
21:04:05.0109 3080 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:04:05.0203 3080 Cdrom - ok
21:04:05.0203 3080 Changer - ok
21:04:05.0234 3080 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:04:05.0328 3080 CmdIde - ok
21:04:05.0359 3080 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:04:05.0421 3080 Cpqarray - ok
21:04:05.0437 3080 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:04:05.0531 3080 dac2w2k - ok
21:04:05.0546 3080 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:04:05.0640 3080 dac960nt - ok
21:04:05.0671 3080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:04:05.0734 3080 Disk - ok
21:04:05.0750 3080 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
21:04:05.0750 3080 DLABMFSM - ok
21:04:05.0765 3080 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
21:04:05.0765 3080 DLABOIOM - ok
21:04:05.0781 3080 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:04:05.0781 3080 DLACDBHM - ok
21:04:05.0781 3080 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
21:04:05.0796 3080 DLADResM - ok
21:04:05.0796 3080 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
21:04:05.0812 3080 DLAIFS_M - ok
21:04:05.0812 3080 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
21:04:05.0812 3080 DLAOPIOM - ok
21:04:05.0828 3080 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
21:04:05.0828 3080 DLAPoolM - ok
21:04:05.0828 3080 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
21:04:05.0843 3080 DLARTL_M - ok
21:04:05.0843 3080 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
21:04:05.0859 3080 DLAUDFAM - ok
21:04:05.0875 3080 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
21:04:05.0875 3080 DLAUDF_M - ok
21:04:05.0968 3080 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:04:06.0093 3080 dmboot - ok
21:04:06.0093 3080 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:04:06.0171 3080 dmio - ok
21:04:06.0203 3080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:04:06.0281 3080 dmload - ok
21:04:06.0312 3080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:04:06.0406 3080 DMusic - ok
21:04:06.0437 3080 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:04:06.0515 3080 dpti2o - ok
21:04:06.0531 3080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:04:06.0593 3080 drmkaud - ok
21:04:06.0609 3080 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:04:06.0625 3080 DRVMCDB - ok
21:04:06.0640 3080 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:04:06.0640 3080 DRVNDDM - ok
21:04:06.0671 3080 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:04:06.0765 3080 E100B - ok
21:04:06.0796 3080 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:04:06.0796 3080 e1express - ok
21:04:06.0812 3080 EdgeStat - ok
21:04:06.0843 3080 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:04:06.0906 3080 Fastfat - ok
21:04:06.0984 3080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:04:07.0078 3080 Fdc - ok
21:04:07.0093 3080 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:04:07.0171 3080 Fips - ok
21:04:07.0187 3080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:04:07.0250 3080 Flpydisk - ok
21:04:07.0281 3080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:04:07.0343 3080 FltMgr - ok
21:04:07.0359 3080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:04:07.0437 3080 Fs_Rec - ok
21:04:07.0484 3080 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:04:07.0578 3080 Ftdisk - ok
21:04:07.0609 3080 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:04:07.0609 3080 GEARAspiWDM - ok
21:04:07.0625 3080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:04:07.0703 3080 Gpc - ok
21:04:07.0734 3080 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:04:07.0828 3080 HDAudBus - ok
21:04:07.0843 3080 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
21:04:07.0906 3080 HECI - ok
21:04:07.0968 3080 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:04:08.0093 3080 HidUsb - ok
21:04:08.0125 3080 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:04:08.0218 3080 hpn - ok
21:04:08.0281 3080 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:04:08.0343 3080 HTTP - ok
21:04:08.0375 3080 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:04:08.0484 3080 i2omgmt - ok
21:04:08.0515 3080 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:04:08.0640 3080 i2omp - ok
21:04:08.0640 3080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:04:08.0718 3080 i8042prt - ok
21:04:08.0781 3080 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
21:04:08.0781 3080 iaStor - ok
21:04:08.0812 3080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:04:08.0890 3080 Imapi - ok
21:04:08.0937 3080 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:04:09.0015 3080 ini910u - ok
21:04:09.0078 3080 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:04:09.0156 3080 IntelIde - ok
21:04:09.0187 3080 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:04:09.0281 3080 intelppm - ok
21:04:09.0312 3080 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:04:09.0421 3080 Ip6Fw - ok
21:04:09.0453 3080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:04:09.0562 3080 IpFilterDriver - ok
21:04:09.0609 3080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:04:09.0703 3080 IpInIp - ok
21:04:09.0734 3080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:04:09.0843 3080 IpNat - ok
21:04:09.0875 3080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:04:09.0984 3080 IPSec - ok
21:04:10.0031 3080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:04:10.0156 3080 IRENUM - ok
21:04:10.0187 3080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:04:10.0296 3080 isapnp - ok
21:04:10.0343 3080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:04:10.0453 3080 Kbdclass - ok
21:04:10.0484 3080 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:04:10.0593 3080 kbdhid - ok
21:04:10.0625 3080 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:04:10.0734 3080 kmixer - ok
21:04:10.0750 3080 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:04:10.0890 3080 KSecDD - ok
21:04:10.0890 3080 lbrtfdc - ok
21:04:10.0953 3080 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
21:04:10.0968 3080 MBAMProtector - ok
21:04:10.0968 3080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:04:11.0093 3080 mnmdd - ok
21:04:11.0125 3080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:04:11.0187 3080 Modem - ok
21:04:11.0218 3080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:04:11.0281 3080 Mouclass - ok
21:04:11.0328 3080 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:04:11.0421 3080 mouhid - ok
21:04:11.0453 3080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:04:11.0531 3080 MountMgr - ok
21:04:11.0562 3080 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:04:11.0640 3080 mraid35x - ok
21:04:11.0656 3080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:04:11.0750 3080 MRxDAV - ok
21:04:11.0781 3080 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:04:11.0859 3080 MRxSmb - ok
21:04:11.0890 3080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:04:11.0953 3080 Msfs - ok
21:04:12.0000 3080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:04:12.0062 3080 MSKSSRV - ok
21:04:12.0078 3080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:04:12.0140 3080 MSPCLOCK - ok
21:04:12.0156 3080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:04:12.0234 3080 MSPQM - ok
21:04:12.0265 3080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:04:12.0328 3080 mssmbios - ok
21:04:12.0359 3080 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:04:12.0421 3080 Mup - ok
21:04:12.0437 3080 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:04:12.0531 3080 NDIS - ok
21:04:12.0546 3080 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:04:12.0625 3080 NdisTapi - ok
21:04:12.0671 3080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:04:12.0750 3080 Ndisuio - ok
21:04:12.0765 3080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:04:12.0828 3080 NdisWan - ok
21:04:12.0843 3080 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:04:12.0937 3080 NDProxy - ok
21:04:12.0984 3080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:04:13.0062 3080 NetBIOS - ok
21:04:13.0140 3080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:04:13.0218 3080 NetBT - ok
21:04:13.0234 3080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:04:13.0312 3080 Npfs - ok
21:04:13.0359 3080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:04:13.0437 3080 Ntfs - ok
21:04:13.0484 3080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:04:13.0578 3080 Null - ok
21:04:13.0656 3080 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:04:13.0796 3080 nv - ok
21:04:13.0812 3080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:04:13.0906 3080 NwlnkFlt - ok
21:04:14.0015 3080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:04:14.0093 3080 NwlnkFwd - ok
21:04:14.0109 3080 PAR1284 - ok
21:04:14.0140 3080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:04:14.0250 3080 Parport - ok
21:04:14.0281 3080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:04:14.0359 3080 PartMgr - ok
21:04:14.0390 3080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:04:14.0468 3080 ParVdm - ok
21:04:14.0500 3080 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:04:14.0578 3080 PCI - ok
21:04:14.0593 3080 PCIDump - ok
21:04:14.0593 3080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:04:14.0656 3080 PCIIde - ok
21:04:14.0703 3080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:04:14.0781 3080 Pcmcia - ok
21:04:14.0781 3080 PDCOMP - ok
21:04:14.0781 3080 PDFRAME - ok
21:04:14.0796 3080 PDRELI - ok
21:04:14.0796 3080 PDRFRAME - ok
21:04:14.0843 3080 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:04:14.0906 3080 perc2 - ok
21:04:14.0937 3080 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:04:15.0000 3080 perc2hib - ok
21:04:15.0062 3080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:04:15.0140 3080 PptpMiniport - ok
21:04:15.0140 3080 Profos - ok
21:04:15.0156 3080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:04:15.0234 3080 PSched - ok
21:04:15.0250 3080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:04:15.0328 3080 Ptilink - ok
21:04:15.0359 3080 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:04:15.0375 3080 PxHelp20 - ok
21:04:15.0421 3080 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:04:15.0500 3080 ql1080 - ok
21:04:15.0546 3080 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:04:15.0640 3080 Ql10wnt - ok
21:04:15.0656 3080 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:04:15.0734 3080 ql12160 - ok
21:04:15.0734 3080 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:04:15.0796 3080 ql1240 - ok
21:04:15.0812 3080 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:04:15.0875 3080 ql1280 - ok
21:04:15.0906 3080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:04:16.0000 3080 RasAcd - ok
21:04:16.0046 3080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:04:16.0125 3080 Rasl2tp - ok
21:04:16.0140 3080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:04:16.0218 3080 RasPppoe - ok
21:04:16.0218 3080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:04:16.0296 3080 Raspti - ok
21:04:16.0328 3080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:04:16.0406 3080 Rdbss - ok
21:04:16.0421 3080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:04:16.0515 3080 RDPCDD - ok
21:04:16.0531 3080 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:04:16.0609 3080 rdpdr - ok
21:04:16.0656 3080 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:04:16.0734 3080 RDPWD - ok
21:04:16.0765 3080 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:04:16.0843 3080 redbook - ok
21:04:16.0890 3080 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
21:04:16.0984 3080 RimUsb - ok
21:04:17.0031 3080 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:04:17.0093 3080 RimVSerPort - ok
21:04:17.0171 3080 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:04:17.0265 3080 ROOTMODEM - ok
21:04:17.0312 3080 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
21:04:17.0328 3080 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
21:04:17.0328 3080 SCDEmu - detected UnsignedFile.Multi.Generic (1)
21:04:17.0375 3080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:04:17.0500 3080 Secdrv - ok
21:04:17.0562 3080 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
21:04:17.0625 3080 SenFiltService - ok
21:04:17.0671 3080 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:04:17.0781 3080 serenum - ok
21:04:17.0812 3080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:04:17.0921 3080 Serial - ok
21:04:17.0968 3080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:04:18.0062 3080 Sfloppy - ok
21:04:18.0078 3080 Simbad - ok
21:04:18.0125 3080 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:04:18.0250 3080 sisagp - ok
21:04:18.0281 3080 SNTNLUSB (a1ff7d99b199cea1f3df371ba70d2780) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
21:04:18.0296 3080 SNTNLUSB - ok
21:04:18.0312 3080 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:04:18.0359 3080 Sparrow - ok
21:04:18.0390 3080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:04:18.0515 3080 splitter - ok
21:04:18.0531 3080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:04:18.0609 3080 sr - ok
21:04:18.0640 3080 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
21:04:18.0703 3080 Srv - ok
21:04:18.0734 3080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:04:18.0812 3080 swenum - ok
21:04:18.0812 3080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:04:18.0875 3080 swmidi - ok
21:04:18.0921 3080 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:04:18.0984 3080 symc810 - ok
21:04:19.0015 3080 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:04:19.0093 3080 symc8xx - ok
21:04:19.0125 3080 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:04:19.0203 3080 sym_hi - ok
21:04:19.0218 3080 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:04:19.0312 3080 sym_u3 - ok
21:04:19.0343 3080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:04:19.0421 3080 sysaudio - ok
21:04:19.0468 3080 tap0901 (11d34fc869f5bda29949fe3858380894) C:\WINDOWS\system32\DRIVERS\tap0901.sys
21:04:19.0468 3080 tap0901 ( UnsignedFile.Multi.Generic ) - warning
21:04:19.0468 3080 tap0901 - detected UnsignedFile.Multi.Generic (1)
21:04:19.0515 3080 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:04:19.0578 3080 Tcpip - ok
21:04:19.0625 3080 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
21:04:19.0671 3080 Tcpip6 - ok
21:04:19.0734 3080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:04:19.0812 3080 TDPIPE - ok
21:04:19.0859 3080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:04:19.0968 3080 TDTCP - ok
21:04:20.0000 3080 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:04:20.0109 3080 TermDD - ok
21:04:20.0140 3080 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:04:20.0250 3080 TosIde - ok
21:04:20.0265 3080 Trufos - ok
21:04:20.0359 3080 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
21:04:20.0375 3080 TuneUpUtilitiesDrv - ok
21:04:20.0406 3080 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
21:04:20.0515 3080 tunmp - ok
21:04:20.0546 3080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:04:20.0656 3080 Udfs - ok
21:04:20.0687 3080 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:04:20.0750 3080 ultra - ok
21:04:20.0781 3080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:04:20.0890 3080 Update - ok
21:04:20.0953 3080 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:04:20.0968 3080 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
21:04:20.0968 3080 USBAAPL - detected UnsignedFile.Multi.Generic (1)
21:04:21.0000 3080 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:04:21.0093 3080 usbaudio - ok
21:04:21.0156 3080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:04:21.0281 3080 usbccgp - ok
21:04:21.0312 3080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:04:21.0421 3080 usbehci - ok
21:04:21.0468 3080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:04:21.0578 3080 usbhub - ok
21:04:21.0609 3080 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:04:21.0718 3080 usbprint - ok
21:04:21.0765 3080 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:04:21.0875 3080 usbscan - ok
21:04:21.0906 3080 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:04:22.0031 3080 USBSTOR - ok
21:04:22.0062 3080 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:04:22.0171 3080 usbuhci - ok
21:04:22.0234 3080 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
21:04:22.0328 3080 usb_rndisx - ok
21:04:22.0359 3080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:04:22.0468 3080 VgaSave - ok
21:04:22.0500 3080 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:04:22.0609 3080 viaagp - ok
21:04:22.0656 3080 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:04:22.0765 3080 ViaIde - ok
21:04:22.0796 3080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:04:22.0890 3080 VolSnap - ok
21:04:22.0937 3080 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:04:23.0093 3080 Wanarp - ok
21:04:23.0140 3080 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
21:04:23.0187 3080 wceusbsh - ok
21:04:23.0250 3080 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:04:23.0265 3080 Wdf01000 - ok
21:04:23.0281 3080 WDICA - ok
21:04:23.0312 3080 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:04:23.0437 3080 wdmaud - ok
21:04:23.0468 3080 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys
21:04:23.0515 3080 WmBEnum - ok
21:04:23.0531 3080 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys
21:04:23.0593 3080 WmFilter - ok
21:04:23.0625 3080 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys
21:04:23.0671 3080 WmVirHid - ok
21:04:23.0687 3080 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys
21:04:23.0687 3080 WmXlCore - ok
21:04:23.0750 3080 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:04:23.0875 3080 WpdUsb - ok
21:04:23.0890 3080 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:04:24.0015 3080 WS2IFSL - ok
21:04:24.0046 3080 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:04:24.0109 3080 WudfPf - ok
21:04:24.0125 3080 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:04:24.0156 3080 WudfRd - ok
21:04:24.0187 3080 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
21:04:24.0203 3080 xusb21 - ok
21:04:24.0234 3080 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:04:24.0531 3080 \Device\Harddisk0\DR0 - ok
21:04:24.0531 3080 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk5\DR7
21:04:24.0921 3080 \Device\Harddisk5\DR7 - ok
21:04:24.0968 3080 Boot (0x1200) (e2c284bbd4b23abc7166a1fbb56d5f1a) \Device\Harddisk0\DR0\Partition0
21:04:24.0968 3080 \Device\Harddisk0\DR0\Partition0 - ok
21:04:24.0968 3080 Boot (0x1200) (34728c80127712084854d6290dc143ab) \Device\Harddisk5\DR7\Partition0
21:04:24.0968 3080 \Device\Harddisk5\DR7\Partition0 - ok
21:04:24.0968 3080 ============================================================
21:04:24.0968 3080 Scan finished
21:04:24.0968 3080 ============================================================
21:04:25.0109 1472 Detected object count: 4
21:04:25.0109 1472 Actual detected object count: 4
21:04:32.0359 1472 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:32.0359 1472 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:32.0359 1472 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:32.0359 1472 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:32.0359 1472 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:32.0359 1472 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:32.0375 1472 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
21:04:32.0375 1472 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:04:42.0656 0604 Deinitialize success




Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2012
ESET Online Scanner v3
OneCare Advisor (Windows Live Toolbar)
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
CCleaner
Java(TM) 6 Update 30
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java version out of date!
Adobe Flash Player 10.3.181.34 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox 8.0.1 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
downloader.zlob, explor.exe, svchost.exe, zlob.azvf

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑