1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Downloader.zlob.AZVF

Discussion in 'Virus & Other Malware Removal' started by DJ7791, Jan 29, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. DJ7791

    DJ7791 Thread Starter

    Joined:
    Jan 28, 2012
    Messages:
    11
    I am having a problem getting rid of a trojan downloader.zlob.AZVF

    I found a few different threads regarding its removal on your site. I'm wondering if I should follow the instructions given to the other users or if every case is different.

    "";"C:\WINDOWS\system32\svchost.exe (844):\memory_001a0000";"Trojan horse Downloader.Zlob.AZVF";"Object is inaccessible."
    "";"C:\WINDOWS\system32\svchost.exe (844)";"Trojan horse Downloader.Zlob.AZVF";""
    "";"C:\WINDOWS\explorer.exe (1736):\memory_001a0000";"Trojan horse Downloader.Zlob.AZVF";"Object is inaccessible."
    "";"C:\WINDOWS\explorer.exe (1736)";"Trojan horse Downloader.Zlob.AZVF";""


    I get this same result with every scan AVG does. Please HELP.



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:52:23 PM, on 1/28/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\AVG\AVG2012\avgfws.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080711
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080711
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/small...n&client=dell-usuk&channel=us-smb&ibd=1080711
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {345A64C8-ECDC-43EE-AF9A-917A8C8CA184} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {F200D434-8604-4D50-8F63-8D8A2E5394C8} - (no file)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 - Extra context menu item: &Search - ?p=ZUzeb004YYUS_ZUman000
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://photoshoppe.lifepics.com/net/Uploader/LPUploader45.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{02B902C4-9E03-434A-B422-B7AB2360472B}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{02B902C4-9E03-434A-B422-B7AB2360472B}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\..\{02B902C4-9E03-434A-B422-B7AB2360472B}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS4\Services\Tcpip\..\{02B902C4-9E03-434A-B422-B7AB2360472B}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Filter hijack: text/html - {2c36a1a6-e284-4b30-94b7-db9aa6897f30} - (no file)
    O20 - AppInit_DLLs: :\ n??(
    O20 - Winlogon Notify: avgrsstarter - Invalid registry found
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

    --
    End of file - 12819 bytes




    dss log
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
    Run by misha at 22:48:18 on 2012-01-28
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2272 [GMT -6:00]
    .
    AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\AVG\AVG2012\avgfws.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080711
    uSearch Bar =
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080711
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {345A64C8-ECDC-43EE-AF9A-917A8C8CA184} - No File
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: 1 (0x1) - No File
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {F200D434-8604-4D50-8F63-8D8A2E5394C8} - No File
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    StartupFolder: c:\docume~1\misha\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    IE: &Search - ?p=ZUzeb004YYUS_ZUman000
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: Open in new background tab
    IE: Open in new foreground tab
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://photoshoppe.lifepics.com/net/Uploader/LPUploader45.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.dotphoto.com/ImageUploader4.cab
    TCP: NameServer = 208.67.220.220,208.67.222.222
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{02B902C4-9E03-434A-B422-B7AB2360472B} : NameServer = 208.67.220.220,208.67.222.222
    TCP: Interfaces\{02B902C4-9E03-434A-B422-B7AB2360472B} : DhcpNameServer = 192.168.1.1
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: :\ n??(
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    IFEO: qblaunch.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
    IFEO: qbserverutilitymgr.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
    IFEO: softwareupdate.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
    IFEO: stax.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\misha\application data\mozilla\firefox\profiles\wtlh1w0y.default\
    FF - prefs.js: browser.startup.homepage - www.bing.com
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\documents and settings\misha\application data\mozilla\plugins\NPAbacheck.dll
    FF - plugin: c:\documents and settings\misha\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-connections-per-server - 6
    FF - user.js: network.http.max-persistent-connections-per-server - 3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
    R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2008-7-21 140184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-3 652872]
    R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-8 1514304]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-3 20464]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-2 10064]
    S2 EdgeStat;EdgeStat; [x]
    S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-1-23 42832]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
    S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    .
    =============== Created Last 30 ================
    .
    2012-01-29 04:44:38 388096 ----a-r- c:\documents and settings\misha\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-01-29 04:44:38 -------- d-----w- c:\program files\Trend Micro
    2012-01-28 17:57:24 -------- d-----w- c:\documents and settings\misha\application data\AVG2012
    2012-01-28 17:43:14 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2012-01-28 17:16:38 31552 ----a-w- c:\windows\system32\TURegOpt.exe
    2012-01-28 17:16:23 -------- d-----w- c:\documents and settings\misha\application data\TuneUp Software
    2012-01-28 17:16:10 -------- d-----w- c:\program files\TuneUp Utilities 2012
    2012-01-28 17:15:55 -------- d-----w- c:\documents and settings\all users\application data\TuneUp Software
    2012-01-28 17:15:40 -------- d-sh--w- c:\documents and settings\all users\application data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-01-03 14:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2012-01-28 16:18:54 165888 ----a-w- c:\windows\system32\wuauclt1.exe
    2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-10 11:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 09:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\iaStor0
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89C30EC5]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8799e872; SUB DWORD [EBP-0x4], 0x8799e12e; PUSH EDI; CALL 0xffffffffffffdf33; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B077868]
    3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A07A768]
    [0x8A3B58B0] -> IRP_MJ_CREATE -> 0x89C30EC5
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskARRAY1.0.00__#4&13bcaf4b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\iaStor DriverStartIo -> 0x89C30AEA
    user & kernel MBR OK
    sectors 488275966 (+255): user != kernel
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 22:50:07.17 ===============


    gmer log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-28 22:58:31
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 Intel___ rev.1.0.
    Running: 61pdye9q.exe; Driver: C:\DOCUME~1\misha\LOCALS~1\Temp\ugdyapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9B344F3C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9B344FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9B345080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9B34511C]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8CA0000, 0x2A12DC, 0xE8000020]
    init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA77A8A00]
    .rsrc C:\WINDOWS\System32\DRIVERS\RDPCDD.sys entry point in ".rsrc" section [0xBA5C2C14]
    ? C:\WINDOWS\System32\DRIVERS\RDPCDD.sys suspicious PE modification
    ? C:\DOCUME~1\misha\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DB000A
    .text C:\WINDOWS\System32\svchost.exe[672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DC000A
    .text C:\WINDOWS\System32\svchost.exe[672] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DA000C
    .text C:\WINDOWS\System32\svchost.exe[672] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 008A000A
    .text C:\WINDOWS\System32\svchost.exe[672] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E4000A
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\WINDOWS\Explorer.EXE[1300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D0000A
    .text C:\WINDOWS\Explorer.EXE[1300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D1000A
    .text C:\WINDOWS\Explorer.EXE[1300] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CF000C
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3392] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3744] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\misha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4960] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
    Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskARRAY1.0.00__#4&13bcaf4b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys suspicious modification

    ---- EOF - GMER 1.0.15 ----
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Hiya DJ7791,

    Do the following:

    Disable teatimer and leave off for now.
    1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident
    2. Run Spybot S&D
    3. Go to the Mode menu, and make sure Advanced Mode is selected.
    4. On the left hand side, choose Tools > Resident
    uncheck Resident TeaTimer and OK any prompt and Restart your computer.

    Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    Next,

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Kevin
     
  3. DJ7791

    DJ7791 Thread Starter

    Joined:
    Jan 28, 2012
    Messages:
    11
    Thanks for the quick response. Here is the log you asked for:


    23:51:18.0890 3640 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
    23:51:19.0921 3640 ============================================================
    23:51:19.0921 3640 Current date / time: 2012/01/28 23:51:19.0921
    23:51:19.0921 3640 SystemInfo:
    23:51:19.0921 3640
    23:51:19.0921 3640 OS Version: 5.1.2600 ServicePack: 3.0
    23:51:19.0921 3640 Product type: Workstation
    23:51:19.0921 3640 ComputerName: DDZS3TG1
    23:51:19.0921 3640 UserName: misha
    23:51:19.0921 3640 Windows directory: C:\WINDOWS
    23:51:19.0921 3640 System windows directory: C:\WINDOWS
    23:51:19.0921 3640 Processor architecture: Intel x86
    23:51:19.0921 3640 Number of processors: 2
    23:51:19.0921 3640 Page size: 0x1000
    23:51:19.0921 3640 Boot type: Normal boot
    23:51:19.0921 3640 ============================================================
    23:51:20.0375 3640 Drive \Device\Harddisk0\DR0 - Size: 0x3A35000000 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76B9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    23:51:20.0375 3640 Drive \Device\Harddisk1\DR3 - Size: 0x1E98D1A00 (7.65 Gb), SectorSize: 0x200, Cylinders: 0x3E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    23:51:20.0406 3640 Drive \Device\Harddisk6\DR8 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    23:51:20.0750 3640 Initialize success
    23:51:53.0250 3488 ============================================================
    23:51:53.0250 3488 Scan started
    23:51:53.0250 3488 Mode: Manual; SigCheck; TDLFS;
    23:51:53.0250 3488 ============================================================
    23:51:53.0421 3488 Abiosdsk - ok
    23:51:53.0484 3488 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    23:51:53.0890 3488 abp480n5 - ok
    23:51:53.0937 3488 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:51:54.0062 3488 ACPI - ok
    23:51:54.0093 3488 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:51:54.0187 3488 ACPIEC - ok
    23:51:54.0234 3488 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    23:51:54.0281 3488 ADIHdAudAddService - ok
    23:51:54.0296 3488 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    23:51:54.0421 3488 adpu160m - ok
    23:51:54.0453 3488 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    23:51:54.0562 3488 aec - ok
    23:51:54.0625 3488 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    23:51:54.0718 3488 AFD - ok
    23:51:54.0781 3488 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    23:51:54.0890 3488 agp440 - ok
    23:51:54.0921 3488 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    23:51:55.0046 3488 agpCPQ - ok
    23:51:55.0078 3488 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    23:51:55.0140 3488 Aha154x - ok
    23:51:55.0171 3488 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    23:51:55.0296 3488 aic78u2 - ok
    23:51:55.0328 3488 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    23:51:55.0406 3488 aic78xx - ok
    23:51:55.0421 3488 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    23:51:55.0484 3488 AliIde - ok
    23:51:55.0578 3488 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    23:51:55.0671 3488 alim1541 - ok
    23:51:55.0671 3488 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    23:51:55.0765 3488 amdagp - ok
    23:51:55.0781 3488 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    23:51:55.0812 3488 amsint - ok
    23:51:55.0875 3488 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    23:51:55.0968 3488 asc - ok
    23:51:55.0984 3488 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    23:51:56.0015 3488 asc3350p - ok
    23:51:56.0031 3488 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    23:51:56.0093 3488 asc3550 - ok
    23:51:56.0140 3488 AsfAlrt (c139fa963dbb9bd6560f404f509d1196) C:\WINDOWS\system32\Drivers\AsfAlrt.sys
    23:52:06.0171 3488 AsfAlrt - ok
    23:52:06.0328 3488 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:52:06.0484 3488 AsyncMac - ok
    23:52:06.0546 3488 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:52:06.0640 3488 atapi - ok
    23:52:06.0656 3488 Atdisk - ok
    23:52:06.0875 3488 ati2mtag (23f1a61ae7553d086ef264c72afc4e6a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    23:52:07.0187 3488 ati2mtag - ok
    23:52:07.0234 3488 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:52:07.0343 3488 Atmarpc - ok
    23:52:07.0406 3488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:52:07.0546 3488 audstub - ok
    23:52:07.0625 3488 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    23:52:07.0640 3488 Avgfwdx - ok
    23:52:07.0671 3488 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    23:52:07.0671 3488 Avgfwfd - ok
    23:52:07.0703 3488 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    23:52:07.0718 3488 AVGIDSDriver - ok
    23:52:07.0734 3488 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    23:52:07.0734 3488 AVGIDSEH - ok
    23:52:07.0750 3488 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    23:52:07.0765 3488 AVGIDSFilter - ok
    23:52:07.0781 3488 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    23:52:07.0781 3488 AVGIDSShim - ok
    23:52:07.0796 3488 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    23:52:07.0812 3488 Avgldx86 - ok
    23:52:07.0812 3488 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    23:52:07.0812 3488 Avgmfx86 - ok
    23:52:07.0828 3488 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    23:52:07.0828 3488 Avgrkx86 - ok
    23:52:07.0843 3488 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    23:52:07.0859 3488 Avgtdix - ok
    23:52:07.0875 3488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    23:52:07.0984 3488 Beep - ok
    23:52:08.0031 3488 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    23:52:08.0062 3488 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
    23:52:08.0062 3488 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
    23:52:08.0093 3488 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    23:52:08.0218 3488 cbidf - ok
    23:52:08.0218 3488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:52:08.0312 3488 cbidf2k - ok
    23:52:08.0359 3488 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    23:52:08.0406 3488 cd20xrnt - ok
    23:52:08.0437 3488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:52:08.0531 3488 Cdaudio - ok
    23:52:08.0562 3488 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    23:52:08.0640 3488 Cdfs - ok
    23:52:08.0671 3488 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:52:08.0765 3488 Cdrom - ok
    23:52:08.0765 3488 Changer - ok
    23:52:08.0796 3488 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    23:52:08.0921 3488 CmdIde - ok
    23:52:08.0953 3488 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    23:52:09.0078 3488 Cpqarray - ok
    23:52:09.0109 3488 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    23:52:09.0234 3488 dac2w2k - ok
    23:52:09.0250 3488 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    23:52:09.0375 3488 dac960nt - ok
    23:52:09.0421 3488 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    23:52:09.0515 3488 Disk - ok
    23:52:09.0546 3488 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
    23:52:09.0562 3488 DLABMFSM - ok
    23:52:09.0593 3488 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
    23:52:09.0609 3488 DLABOIOM - ok
    23:52:09.0625 3488 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    23:52:09.0625 3488 DLACDBHM - ok
    23:52:09.0625 3488 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
    23:52:09.0640 3488 DLADResM - ok
    23:52:09.0640 3488 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
    23:52:09.0656 3488 DLAIFS_M - ok
    23:52:09.0656 3488 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
    23:52:09.0671 3488 DLAOPIOM - ok
    23:52:09.0671 3488 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
    23:52:09.0687 3488 DLAPoolM - ok
    23:52:09.0687 3488 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    23:52:09.0687 3488 DLARTL_M - ok
    23:52:09.0703 3488 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
    23:52:09.0703 3488 DLAUDFAM - ok
    23:52:09.0750 3488 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
    23:52:09.0750 3488 DLAUDF_M - ok
    23:52:09.0812 3488 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    23:52:09.0984 3488 dmboot - ok
    23:52:10.0031 3488 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    23:52:10.0140 3488 dmio - ok
    23:52:10.0140 3488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    23:52:10.0234 3488 dmload - ok
    23:52:10.0265 3488 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    23:52:10.0343 3488 DMusic - ok
    23:52:10.0406 3488 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    23:52:10.0500 3488 dpti2o - ok
    23:52:10.0515 3488 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    23:52:10.0578 3488 drmkaud - ok
    23:52:10.0625 3488 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    23:52:10.0625 3488 DRVMCDB - ok
    23:52:10.0640 3488 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    23:52:10.0656 3488 DRVNDDM - ok
    23:52:10.0703 3488 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    23:52:10.0796 3488 E100B - ok
    23:52:10.0875 3488 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    23:52:10.0875 3488 e1express - ok
    23:52:10.0890 3488 EdgeStat - ok
    23:52:10.0937 3488 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    23:52:11.0046 3488 Fastfat - ok
    23:52:11.0078 3488 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    23:52:11.0171 3488 Fdc - ok
    23:52:11.0203 3488 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    23:52:11.0281 3488 Fips - ok
    23:52:11.0281 3488 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    23:52:11.0343 3488 Flpydisk - ok
    23:52:11.0421 3488 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    23:52:11.0484 3488 FltMgr - ok
    23:52:11.0515 3488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:52:11.0625 3488 Fs_Rec - ok
    23:52:11.0656 3488 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:52:11.0734 3488 Ftdisk - ok
    23:52:11.0765 3488 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    23:52:11.0781 3488 GEARAspiWDM - ok
    23:52:11.0812 3488 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:52:11.0906 3488 Gpc - ok
    23:52:11.0937 3488 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    23:52:12.0031 3488 HDAudBus - ok
    23:52:12.0031 3488 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
    23:52:12.0093 3488 HECI - ok
    23:52:12.0140 3488 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:52:12.0265 3488 HidUsb - ok
    23:52:12.0296 3488 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    23:52:12.0406 3488 hpn - ok
    23:52:12.0468 3488 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    23:52:12.0531 3488 HTTP - ok
    23:52:12.0609 3488 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    23:52:12.0750 3488 i2omgmt - ok
    23:52:12.0781 3488 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    23:52:12.0890 3488 i2omp - ok
    23:52:12.0890 3488 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:52:12.0968 3488 i8042prt - ok
    23:52:13.0000 3488 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
    23:52:13.0015 3488 iaStor - ok
    23:52:13.0046 3488 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:52:13.0125 3488 Imapi - ok
    23:52:13.0156 3488 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    23:52:13.0234 3488 ini910u - ok
    23:52:13.0281 3488 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    23:52:13.0359 3488 IntelIde - ok
    23:52:13.0390 3488 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    23:52:13.0484 3488 intelppm - ok
    23:52:13.0515 3488 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    23:52:13.0625 3488 Ip6Fw - ok
    23:52:13.0656 3488 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:52:13.0781 3488 IpFilterDriver - ok
    23:52:13.0828 3488 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:52:13.0921 3488 IpInIp - ok
    23:52:13.0953 3488 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:52:14.0062 3488 IpNat - ok
    23:52:14.0078 3488 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:52:14.0187 3488 IPSec - ok
    23:52:14.0203 3488 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:52:14.0312 3488 IRENUM - ok
    23:52:14.0343 3488 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:52:14.0500 3488 isapnp - ok
    23:52:14.0546 3488 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:52:14.0671 3488 Kbdclass - ok
    23:52:14.0703 3488 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    23:52:14.0828 3488 kbdhid - ok
    23:52:14.0875 3488 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    23:52:14.0984 3488 kmixer - ok
    23:52:15.0000 3488 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    23:52:15.0125 3488 KSecDD - ok
    23:52:15.0140 3488 lbrtfdc - ok
    23:52:15.0171 3488 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
    23:52:15.0187 3488 MBAMProtector - ok
    23:52:15.0218 3488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    23:52:15.0343 3488 mnmdd - ok
    23:52:15.0406 3488 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    23:52:15.0500 3488 Modem - ok
    23:52:15.0531 3488 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:52:15.0640 3488 Mouclass - ok
    23:52:15.0703 3488 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:52:15.0812 3488 mouhid - ok
    23:52:15.0828 3488 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    23:52:15.0921 3488 MountMgr - ok
    23:52:15.0953 3488 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    23:52:16.0015 3488 mraid35x - ok
    23:52:16.0046 3488 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:52:16.0125 3488 MRxDAV - ok
    23:52:16.0171 3488 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:52:16.0250 3488 MRxSmb - ok
    23:52:16.0265 3488 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    23:52:16.0328 3488 Msfs - ok
    23:52:16.0359 3488 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:52:16.0421 3488 MSKSSRV - ok
    23:52:16.0500 3488 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:52:16.0609 3488 MSPCLOCK - ok
    23:52:16.0625 3488 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    23:52:16.0750 3488 MSPQM - ok
    23:52:16.0781 3488 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:52:16.0875 3488 mssmbios - ok
    23:52:16.0890 3488 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    23:52:16.0984 3488 Mup - ok
    23:52:17.0000 3488 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    23:52:17.0109 3488 NDIS - ok
    23:52:17.0125 3488 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:52:17.0234 3488 NdisTapi - ok
    23:52:17.0250 3488 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:52:17.0343 3488 Ndisuio - ok
    23:52:17.0343 3488 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:52:17.0437 3488 NdisWan - ok
    23:52:17.0437 3488 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    23:52:17.0531 3488 NDProxy - ok
    23:52:17.0546 3488 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:52:17.0609 3488 NetBIOS - ok
    23:52:17.0671 3488 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:52:17.0750 3488 NetBT - ok
    23:52:17.0750 3488 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    23:52:17.0843 3488 Npfs - ok
    23:52:17.0875 3488 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    23:52:18.0015 3488 Ntfs - ok
    23:52:18.0046 3488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    23:52:18.0156 3488 Null - ok
    23:52:18.0234 3488 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    23:52:18.0390 3488 nv - ok
    23:52:18.0421 3488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:52:18.0546 3488 NwlnkFlt - ok
    23:52:18.0546 3488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:52:18.0656 3488 NwlnkFwd - ok
    23:52:18.0656 3488 PAR1284 - ok
    23:52:18.0703 3488 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    23:52:18.0796 3488 Parport - ok
    23:52:18.0828 3488 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    23:52:18.0906 3488 PartMgr - ok
    23:52:18.0921 3488 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    23:52:19.0015 3488 ParVdm - ok
    23:52:19.0046 3488 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    23:52:19.0140 3488 PCI - ok
    23:52:19.0140 3488 PCIDump - ok
    23:52:19.0171 3488 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    23:52:19.0265 3488 PCIIde - ok
    23:52:19.0312 3488 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:52:19.0437 3488 Pcmcia - ok
    23:52:19.0437 3488 PDCOMP - ok
    23:52:19.0453 3488 PDFRAME - ok
    23:52:19.0453 3488 PDRELI - ok
    23:52:19.0468 3488 PDRFRAME - ok
    23:52:19.0484 3488 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    23:52:19.0609 3488 perc2 - ok
    23:52:19.0625 3488 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    23:52:19.0734 3488 perc2hib - ok
    23:52:19.0781 3488 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:52:19.0875 3488 PptpMiniport - ok
    23:52:19.0875 3488 Profos - ok
    23:52:19.0890 3488 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    23:52:20.0000 3488 PSched - ok
    23:52:20.0000 3488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:52:20.0093 3488 Ptilink - ok
    23:52:20.0125 3488 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:52:20.0125 3488 PxHelp20 - ok
    23:52:20.0156 3488 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    23:52:20.0234 3488 ql1080 - ok
    23:52:20.0265 3488 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    23:52:20.0343 3488 Ql10wnt - ok
    23:52:20.0406 3488 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    23:52:20.0468 3488 ql12160 - ok
    23:52:20.0484 3488 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    23:52:20.0546 3488 ql1240 - ok
    23:52:20.0562 3488 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    23:52:20.0640 3488 ql1280 - ok
    23:52:20.0656 3488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:52:20.0734 3488 RasAcd - ok
    23:52:20.0781 3488 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:52:20.0875 3488 Rasl2tp - ok
    23:52:20.0890 3488 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:52:20.0968 3488 RasPppoe - ok
    23:52:20.0984 3488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:52:21.0062 3488 Raspti - ok
    23:52:21.0109 3488 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:52:21.0203 3488 Rdbss - ok
    23:52:21.0218 3488 RDPCDD (73629a675b88b259855f1eedd890e8d9) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:52:21.0218 3488 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: 73629a675b88b259855f1eedd890e8d9, Fake md5: 4912d5b403614ce99c28420f75353332
    23:52:21.0218 3488 RDPCDD ( Rootkit.Win32.TDSS.tdl3 ) - infected
    23:52:21.0218 3488 RDPCDD - detected Rootkit.Win32.TDSS.tdl3 (0)
    23:52:21.0265 3488 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    23:52:21.0359 3488 rdpdr - ok
    23:52:21.0437 3488 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    23:52:21.0531 3488 RDPWD - ok
    23:52:21.0593 3488 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:52:21.0734 3488 redbook - ok
    23:52:21.0781 3488 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
    23:52:21.0843 3488 RimUsb - ok
    23:52:21.0890 3488 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    23:52:21.0937 3488 RimVSerPort - ok
    23:52:21.0953 3488 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    23:52:22.0062 3488 ROOTMODEM - ok
    23:52:22.0109 3488 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
    23:52:22.0125 3488 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
    23:52:22.0125 3488 SCDEmu - detected UnsignedFile.Multi.Generic (1)
    23:52:22.0171 3488 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:52:22.0281 3488 Secdrv - ok
    23:52:22.0359 3488 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
    23:52:22.0390 3488 SenFiltService - ok
    23:52:22.0437 3488 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    23:52:22.0562 3488 serenum - ok
    23:52:22.0625 3488 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    23:52:22.0750 3488 Serial - ok
    23:52:22.0781 3488 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:52:22.0890 3488 Sfloppy - ok
    23:52:22.0906 3488 Simbad - ok
    23:52:22.0937 3488 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    23:52:23.0062 3488 sisagp - ok
    23:52:23.0093 3488 SNTNLUSB (a1ff7d99b199cea1f3df371ba70d2780) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
    23:52:23.0109 3488 SNTNLUSB - ok
    23:52:23.0140 3488 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    23:52:23.0203 3488 Sparrow - ok
    23:52:23.0250 3488 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    23:52:23.0343 3488 splitter - ok
    23:52:23.0390 3488 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    23:52:23.0515 3488 sr - ok
    23:52:23.0546 3488 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    23:52:23.0609 3488 Srv - ok
    23:52:23.0640 3488 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:52:23.0765 3488 swenum - ok
    23:52:23.0781 3488 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    23:52:23.0890 3488 swmidi - ok
    23:52:23.0921 3488 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    23:52:24.0031 3488 symc810 - ok
    23:52:24.0031 3488 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    23:52:24.0156 3488 symc8xx - ok
    23:52:24.0187 3488 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    23:52:24.0281 3488 sym_hi - ok
    23:52:24.0296 3488 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    23:52:24.0390 3488 sym_u3 - ok
    23:52:24.0421 3488 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    23:52:24.0546 3488 sysaudio - ok
    23:52:24.0625 3488 tap0901 (11d34fc869f5bda29949fe3858380894) C:\WINDOWS\system32\DRIVERS\tap0901.sys
    23:52:24.0625 3488 tap0901 ( UnsignedFile.Multi.Generic ) - warning
    23:52:24.0625 3488 tap0901 - detected UnsignedFile.Multi.Generic (1)
    23:52:24.0671 3488 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:52:24.0750 3488 Tcpip - ok
    23:52:24.0781 3488 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    23:52:24.0843 3488 Tcpip6 - ok
    23:52:24.0890 3488 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:52:25.0000 3488 TDPIPE - ok
    23:52:25.0046 3488 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    23:52:25.0171 3488 TDTCP - ok
    23:52:25.0203 3488 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:52:25.0312 3488 TermDD - ok
    23:52:25.0359 3488 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    23:52:25.0484 3488 TosIde - ok
    23:52:25.0500 3488 Trufos - ok
    23:52:25.0640 3488 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
    23:52:25.0656 3488 TuneUpUtilitiesDrv - ok
    23:52:25.0687 3488 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    23:52:25.0796 3488 tunmp - ok
    23:52:25.0828 3488 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    23:52:25.0937 3488 Udfs - ok
    23:52:25.0968 3488 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    23:52:26.0046 3488 ultra - ok
    23:52:26.0062 3488 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    23:52:26.0265 3488 Update - ok
    23:52:26.0406 3488 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
    23:52:26.0437 3488 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
    23:52:26.0437 3488 USBAAPL - detected UnsignedFile.Multi.Generic (1)
    23:52:26.0468 3488 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    23:52:26.0562 3488 usbaudio - ok
    23:52:26.0640 3488 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:52:26.0765 3488 usbccgp - ok
    23:52:26.0796 3488 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:52:26.0937 3488 usbehci - ok
    23:52:26.0968 3488 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:52:27.0093 3488 usbhub - ok
    23:52:27.0125 3488 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    23:52:27.0234 3488 usbprint - ok
    23:52:27.0312 3488 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:52:27.0437 3488 usbscan - ok
    23:52:27.0468 3488 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:52:27.0609 3488 USBSTOR - ok
    23:52:27.0656 3488 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    23:52:27.0750 3488 usbuhci - ok
    23:52:27.0796 3488 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    23:52:27.0859 3488 usb_rndisx - ok
    23:52:27.0906 3488 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    23:52:27.0984 3488 VgaSave - ok
    23:52:28.0031 3488 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    23:52:28.0093 3488 viaagp - ok
    23:52:28.0140 3488 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    23:52:28.0218 3488 ViaIde - ok
    23:52:28.0250 3488 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    23:52:28.0328 3488 VolSnap - ok
    23:52:28.0359 3488 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:52:28.0437 3488 Wanarp - ok
    23:52:28.0484 3488 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    23:52:28.0546 3488 wceusbsh - ok
    23:52:28.0640 3488 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    23:52:28.0656 3488 Wdf01000 - ok
    23:52:28.0656 3488 WDICA - ok
    23:52:28.0703 3488 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    23:52:28.0828 3488 wdmaud - ok
    23:52:28.0859 3488 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys
    23:52:28.0906 3488 WmBEnum - ok
    23:52:28.0921 3488 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys
    23:52:28.0984 3488 WmFilter - ok
    23:52:29.0000 3488 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys
    23:52:29.0062 3488 WmVirHid - ok
    23:52:29.0062 3488 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys
    23:52:29.0078 3488 WmXlCore - ok
    23:52:29.0140 3488 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    23:52:29.0218 3488 WpdUsb - ok
    23:52:29.0234 3488 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    23:52:29.0343 3488 WS2IFSL - ok
    23:52:29.0375 3488 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    23:52:29.0421 3488 WudfPf - ok
    23:52:29.0453 3488 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    23:52:29.0484 3488 WudfRd - ok
    23:52:29.0546 3488 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
    23:52:29.0562 3488 xusb21 - ok
    23:52:29.0609 3488 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    23:52:29.0859 3488 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    23:52:29.0859 3488 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    23:52:29.0859 3488 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
    23:52:29.0984 3488 \Device\Harddisk1\DR3 - ok
    23:52:30.0000 3488 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk6\DR8
    23:52:30.0406 3488 \Device\Harddisk6\DR8 - ok
    23:52:30.0421 3488 Boot (0x1200) (e2c284bbd4b23abc7166a1fbb56d5f1a) \Device\Harddisk0\DR0\Partition0
    23:52:30.0421 3488 \Device\Harddisk0\DR0\Partition0 - ok
    23:52:30.0421 3488 Boot (0x1200) (0c8090cf00eb0ff9a1d7916c8aaa3cc7) \Device\Harddisk1\DR3\Partition0
    23:52:30.0421 3488 \Device\Harddisk1\DR3\Partition0 - ok
    23:52:30.0421 3488 Boot (0x1200) (0ee114293994062bab4de00429bdbab4) \Device\Harddisk6\DR8\Partition0
    23:52:30.0421 3488 \Device\Harddisk6\DR8\Partition0 - ok
    23:52:30.0421 3488 ============================================================
    23:52:30.0421 3488 Scan finished
    23:52:30.0421 3488 ============================================================
    23:52:30.0546 3428 Detected object count: 6
    23:52:30.0546 3428 Actual detected object count: 6
    23:52:53.0281 3428 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
    23:52:53.0281 3428 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:52:53.0609 3428 Backup copy found, using it..
    23:52:53.0609 3428 C:\WINDOWS\system32\DRIVERS\RDPCDD.sys - will be cured on reboot
    23:52:53.0609 3428 RDPCDD ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
    23:52:53.0609 3428 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
    23:52:53.0609 3428 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:52:53.0609 3428 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
    23:52:53.0609 3428 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:52:53.0625 3428 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
    23:52:53.0625 3428 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
    23:52:53.0625 3428 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    23:52:53.0625 3428 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    23:53:10.0437 2316 Deinitialize success
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    OK DJ7791, do this:

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    If you already have MB installed update and run as below...

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Kevin
     
  5. DJ7791

    DJ7791 Thread Starter

    Joined:
    Jan 28, 2012
    Messages:
    11
    I have Malwarebytes Pro and run it daily. It continued to show 0 infections even when AVG showed the downloader.zlob

    Malwarebytes Anti-Malware (PRO) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.27.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    misha :: DDZS3TG1 [administrator]

    Protection: Enabled

    1/29/2012 12:50:09 AM
    mbam-log-2012-01-29 (00-50-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220599
    Time elapsed: 6 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    How does your system respond since we remove the Rootkit, any alerts from AVG?
     
  7. DJ7791

    DJ7791 Thread Starter

    Joined:
    Jan 28, 2012
    Messages:
    11
    System seems to operate smoothly and no AVG pop-ups yet. If I ran another scan with AVG would the trojan still show if present?
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    No, AVG will not see it anymore as it has been removed. OK do the following :-

    Step 1

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select ┬ôRun as Administartor┬ö
    • If prompted, click "Yes" to reboot.
    Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Step 2

    This is a very indepth and thorough scan, as such it will take several hours to complete. We need to ensure all remnants of this infection are gone!

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Kevin
     
  9. DJ7791

    DJ7791 Thread Starter

    Joined:
    Jan 28, 2012
    Messages:
    11
    Everytime I run TFC it closes explorer and freezes my pc....?
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    It should not do that, Normally it will close explorer, your Desktop will disappear, you should then see the TFC GUI, it should run, then either prompt for a re-boot or return your Desktop.... it may seem that your PC freezes, let it run for a few minutes

    If that does not happen miss TFC out and progress to ESET
     
  11. DJ7791

    DJ7791 Thread Starter

    Joined:
    Jan 28, 2012
    Messages:
    11
    This is what the ESETscan came up with:


    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=bc5cb3e307a4c441b8fd5d99f5afdf9c
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-01-29 12:07:06
    # local_time=2012-01-29 06:07:06 (-0600, Central Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1024 16777175 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=190735
    # found=3
    # cleaned=0
    # scan_time=11700
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRotator5.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo.zip Win32/Bagle.gen.zip worm (unable to clean) 00000000000000000000000000000000 I
    C:\Documents and Settings\misha\Local Settings\Application Data\{A46394FD-4709-4FD0-A57C-D7156E0166BC}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan (unable to clean) 00000000000000000000000000000000 I
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    OK, do the following:

    Step 1

    Re-run TDSSKiller, when you see this entry \Device\Harddisk0\DR0 ( TDSS File System ) Select Delete NOT Skip re-boot if required.

    Step 2

    Please download OTM by OldTimer.
    Alternative Mirror 1
    Alternative Mirror 2
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      ipconfig /flushdns /c
      C:\Documents and Settings\misha\Local Settings\Application Data\{A46394FD-4709-4FD0-A57C-D7156E0166BC}\chrome\content\overlay.xul 
      :Commands
      [EmptyTemp]
      [Reboot]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Step 3

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Let me see those three logs in next reply....

    Kevin
     
  13. DJ7791

    DJ7791 Thread Starter

    Joined:
    Jan 28, 2012
    Messages:
    11
    Everytime I run OTM I get nothing. The program starts and explorer.exe disappers as well as Object Dock. The desktop background is still visable along with the OTM program window but nothing happens, nothing is "clickable" and I cant preform a restart. It has been well over 15 minutes since I started "move it".
     
  14. DJ7791

    DJ7791 Thread Starter

    Joined:
    Jan 28, 2012
    Messages:
    11
    Also when I click on the open OTM program window I get a "not responding" in the header.
     
  15. DJ7791

    DJ7791 Thread Starter

    Joined:
    Jan 28, 2012
    Messages:
    11
    Here are the logs from TDSS and Security Check. Can not get OTM to work....?



    21:03:53.0125 0356 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
    21:03:53.0937 0356 ============================================================
    21:03:53.0937 0356 Current date / time: 2012/01/29 21:03:53.0937
    21:03:53.0937 0356 SystemInfo:
    21:03:53.0937 0356
    21:03:53.0937 0356 OS Version: 5.1.2600 ServicePack: 3.0
    21:03:53.0937 0356 Product type: Workstation
    21:03:53.0937 0356 ComputerName: DDZS3TG1
    21:03:53.0937 0356 UserName: misha
    21:03:53.0937 0356 Windows directory: C:\WINDOWS
    21:03:53.0937 0356 System windows directory: C:\WINDOWS
    21:03:53.0937 0356 Processor architecture: Intel x86
    21:03:53.0937 0356 Number of processors: 2
    21:03:53.0937 0356 Page size: 0x1000
    21:03:53.0937 0356 Boot type: Normal boot
    21:03:53.0937 0356 ============================================================
    21:03:54.0312 0356 Drive \Device\Harddisk0\DR0 - Size: 0x3A35000000 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76B9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    21:03:54.0359 0356 Drive \Device\Harddisk5\DR7 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    21:03:54.0406 0356 Initialize success
    21:03:59.0546 3080 ============================================================
    21:03:59.0546 3080 Scan started
    21:03:59.0546 3080 Mode: Manual; SigCheck; TDLFS;
    21:03:59.0546 3080 ============================================================
    21:03:59.0796 3080 Abiosdsk - ok
    21:03:59.0906 3080 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    21:04:00.0328 3080 abp480n5 - ok
    21:04:00.0390 3080 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    21:04:00.0515 3080 ACPI - ok
    21:04:00.0546 3080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    21:04:00.0640 3080 ACPIEC - ok
    21:04:00.0703 3080 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    21:04:00.0734 3080 ADIHdAudAddService - ok
    21:04:00.0765 3080 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    21:04:00.0875 3080 adpu160m - ok
    21:04:00.0968 3080 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    21:04:01.0078 3080 aec - ok
    21:04:01.0125 3080 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    21:04:01.0218 3080 AFD - ok
    21:04:01.0265 3080 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    21:04:01.0390 3080 agp440 - ok
    21:04:01.0406 3080 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    21:04:01.0531 3080 agpCPQ - ok
    21:04:01.0562 3080 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    21:04:01.0625 3080 Aha154x - ok
    21:04:01.0656 3080 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    21:04:01.0781 3080 aic78u2 - ok
    21:04:01.0812 3080 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    21:04:01.0921 3080 aic78xx - ok
    21:04:01.0937 3080 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    21:04:02.0062 3080 AliIde - ok
    21:04:02.0109 3080 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    21:04:02.0234 3080 alim1541 - ok
    21:04:02.0265 3080 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    21:04:02.0390 3080 amdagp - ok
    21:04:02.0406 3080 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    21:04:02.0453 3080 amsint - ok
    21:04:02.0468 3080 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    21:04:02.0593 3080 asc - ok
    21:04:02.0609 3080 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    21:04:02.0656 3080 asc3350p - ok
    21:04:02.0671 3080 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    21:04:02.0765 3080 asc3550 - ok
    21:04:02.0812 3080 AsfAlrt (c139fa963dbb9bd6560f404f509d1196) C:\WINDOWS\system32\Drivers\AsfAlrt.sys
    21:04:03.0015 3080 AsfAlrt - ok
    21:04:03.0046 3080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    21:04:03.0140 3080 AsyncMac - ok
    21:04:03.0171 3080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    21:04:03.0234 3080 atapi - ok
    21:04:03.0234 3080 Atdisk - ok
    21:04:03.0421 3080 ati2mtag (23f1a61ae7553d086ef264c72afc4e6a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    21:04:03.0687 3080 ati2mtag - ok
    21:04:03.0718 3080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    21:04:03.0828 3080 Atmarpc - ok
    21:04:03.0875 3080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    21:04:04.0000 3080 audstub - ok
    21:04:04.0046 3080 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    21:04:04.0062 3080 Avgfwdx - ok
    21:04:04.0093 3080 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    21:04:04.0109 3080 Avgfwfd - ok
    21:04:04.0156 3080 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    21:04:04.0171 3080 AVGIDSDriver - ok
    21:04:04.0171 3080 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    21:04:04.0187 3080 AVGIDSEH - ok
    21:04:04.0187 3080 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    21:04:04.0203 3080 AVGIDSFilter - ok
    21:04:04.0218 3080 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    21:04:04.0218 3080 AVGIDSShim - ok
    21:04:04.0234 3080 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    21:04:04.0250 3080 Avgldx86 - ok
    21:04:04.0250 3080 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    21:04:04.0265 3080 Avgmfx86 - ok
    21:04:04.0265 3080 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    21:04:04.0281 3080 Avgrkx86 - ok
    21:04:04.0296 3080 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    21:04:04.0296 3080 Avgtdix - ok
    21:04:04.0328 3080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    21:04:04.0453 3080 Beep - ok
    21:04:04.0515 3080 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    21:04:04.0531 3080 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
    21:04:04.0531 3080 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
    21:04:04.0562 3080 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    21:04:04.0687 3080 cbidf - ok
    21:04:04.0703 3080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    21:04:04.0781 3080 cbidf2k - ok
    21:04:04.0812 3080 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    21:04:04.0875 3080 cd20xrnt - ok
    21:04:04.0890 3080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    21:04:04.0984 3080 Cdaudio - ok
    21:04:05.0015 3080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    21:04:05.0093 3080 Cdfs - ok
    21:04:05.0109 3080 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    21:04:05.0203 3080 Cdrom - ok
    21:04:05.0203 3080 Changer - ok
    21:04:05.0234 3080 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    21:04:05.0328 3080 CmdIde - ok
    21:04:05.0359 3080 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    21:04:05.0421 3080 Cpqarray - ok
    21:04:05.0437 3080 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    21:04:05.0531 3080 dac2w2k - ok
    21:04:05.0546 3080 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    21:04:05.0640 3080 dac960nt - ok
    21:04:05.0671 3080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    21:04:05.0734 3080 Disk - ok
    21:04:05.0750 3080 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
    21:04:05.0750 3080 DLABMFSM - ok
    21:04:05.0765 3080 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
    21:04:05.0765 3080 DLABOIOM - ok
    21:04:05.0781 3080 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    21:04:05.0781 3080 DLACDBHM - ok
    21:04:05.0781 3080 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
    21:04:05.0796 3080 DLADResM - ok
    21:04:05.0796 3080 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
    21:04:05.0812 3080 DLAIFS_M - ok
    21:04:05.0812 3080 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
    21:04:05.0812 3080 DLAOPIOM - ok
    21:04:05.0828 3080 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
    21:04:05.0828 3080 DLAPoolM - ok
    21:04:05.0828 3080 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    21:04:05.0843 3080 DLARTL_M - ok
    21:04:05.0843 3080 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
    21:04:05.0859 3080 DLAUDFAM - ok
    21:04:05.0875 3080 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
    21:04:05.0875 3080 DLAUDF_M - ok
    21:04:05.0968 3080 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    21:04:06.0093 3080 dmboot - ok
    21:04:06.0093 3080 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    21:04:06.0171 3080 dmio - ok
    21:04:06.0203 3080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    21:04:06.0281 3080 dmload - ok
    21:04:06.0312 3080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    21:04:06.0406 3080 DMusic - ok
    21:04:06.0437 3080 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    21:04:06.0515 3080 dpti2o - ok
    21:04:06.0531 3080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    21:04:06.0593 3080 drmkaud - ok
    21:04:06.0609 3080 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    21:04:06.0625 3080 DRVMCDB - ok
    21:04:06.0640 3080 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    21:04:06.0640 3080 DRVNDDM - ok
    21:04:06.0671 3080 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    21:04:06.0765 3080 E100B - ok
    21:04:06.0796 3080 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    21:04:06.0796 3080 e1express - ok
    21:04:06.0812 3080 EdgeStat - ok
    21:04:06.0843 3080 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    21:04:06.0906 3080 Fastfat - ok
    21:04:06.0984 3080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    21:04:07.0078 3080 Fdc - ok
    21:04:07.0093 3080 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    21:04:07.0171 3080 Fips - ok
    21:04:07.0187 3080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    21:04:07.0250 3080 Flpydisk - ok
    21:04:07.0281 3080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    21:04:07.0343 3080 FltMgr - ok
    21:04:07.0359 3080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    21:04:07.0437 3080 Fs_Rec - ok
    21:04:07.0484 3080 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    21:04:07.0578 3080 Ftdisk - ok
    21:04:07.0609 3080 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    21:04:07.0609 3080 GEARAspiWDM - ok
    21:04:07.0625 3080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    21:04:07.0703 3080 Gpc - ok
    21:04:07.0734 3080 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    21:04:07.0828 3080 HDAudBus - ok
    21:04:07.0843 3080 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
    21:04:07.0906 3080 HECI - ok
    21:04:07.0968 3080 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    21:04:08.0093 3080 HidUsb - ok
    21:04:08.0125 3080 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    21:04:08.0218 3080 hpn - ok
    21:04:08.0281 3080 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    21:04:08.0343 3080 HTTP - ok
    21:04:08.0375 3080 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    21:04:08.0484 3080 i2omgmt - ok
    21:04:08.0515 3080 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    21:04:08.0640 3080 i2omp - ok
    21:04:08.0640 3080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    21:04:08.0718 3080 i8042prt - ok
    21:04:08.0781 3080 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
    21:04:08.0781 3080 iaStor - ok
    21:04:08.0812 3080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    21:04:08.0890 3080 Imapi - ok
    21:04:08.0937 3080 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    21:04:09.0015 3080 ini910u - ok
    21:04:09.0078 3080 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    21:04:09.0156 3080 IntelIde - ok
    21:04:09.0187 3080 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    21:04:09.0281 3080 intelppm - ok
    21:04:09.0312 3080 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    21:04:09.0421 3080 Ip6Fw - ok
    21:04:09.0453 3080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    21:04:09.0562 3080 IpFilterDriver - ok
    21:04:09.0609 3080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    21:04:09.0703 3080 IpInIp - ok
    21:04:09.0734 3080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    21:04:09.0843 3080 IpNat - ok
    21:04:09.0875 3080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    21:04:09.0984 3080 IPSec - ok
    21:04:10.0031 3080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    21:04:10.0156 3080 IRENUM - ok
    21:04:10.0187 3080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    21:04:10.0296 3080 isapnp - ok
    21:04:10.0343 3080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    21:04:10.0453 3080 Kbdclass - ok
    21:04:10.0484 3080 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    21:04:10.0593 3080 kbdhid - ok
    21:04:10.0625 3080 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    21:04:10.0734 3080 kmixer - ok
    21:04:10.0750 3080 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    21:04:10.0890 3080 KSecDD - ok
    21:04:10.0890 3080 lbrtfdc - ok
    21:04:10.0953 3080 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
    21:04:10.0968 3080 MBAMProtector - ok
    21:04:10.0968 3080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    21:04:11.0093 3080 mnmdd - ok
    21:04:11.0125 3080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    21:04:11.0187 3080 Modem - ok
    21:04:11.0218 3080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    21:04:11.0281 3080 Mouclass - ok
    21:04:11.0328 3080 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    21:04:11.0421 3080 mouhid - ok
    21:04:11.0453 3080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    21:04:11.0531 3080 MountMgr - ok
    21:04:11.0562 3080 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    21:04:11.0640 3080 mraid35x - ok
    21:04:11.0656 3080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    21:04:11.0750 3080 MRxDAV - ok
    21:04:11.0781 3080 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    21:04:11.0859 3080 MRxSmb - ok
    21:04:11.0890 3080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    21:04:11.0953 3080 Msfs - ok
    21:04:12.0000 3080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    21:04:12.0062 3080 MSKSSRV - ok
    21:04:12.0078 3080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    21:04:12.0140 3080 MSPCLOCK - ok
    21:04:12.0156 3080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    21:04:12.0234 3080 MSPQM - ok
    21:04:12.0265 3080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    21:04:12.0328 3080 mssmbios - ok
    21:04:12.0359 3080 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    21:04:12.0421 3080 Mup - ok
    21:04:12.0437 3080 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    21:04:12.0531 3080 NDIS - ok
    21:04:12.0546 3080 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    21:04:12.0625 3080 NdisTapi - ok
    21:04:12.0671 3080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    21:04:12.0750 3080 Ndisuio - ok
    21:04:12.0765 3080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    21:04:12.0828 3080 NdisWan - ok
    21:04:12.0843 3080 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    21:04:12.0937 3080 NDProxy - ok
    21:04:12.0984 3080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    21:04:13.0062 3080 NetBIOS - ok
    21:04:13.0140 3080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    21:04:13.0218 3080 NetBT - ok
    21:04:13.0234 3080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    21:04:13.0312 3080 Npfs - ok
    21:04:13.0359 3080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    21:04:13.0437 3080 Ntfs - ok
    21:04:13.0484 3080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    21:04:13.0578 3080 Null - ok
    21:04:13.0656 3080 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    21:04:13.0796 3080 nv - ok
    21:04:13.0812 3080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    21:04:13.0906 3080 NwlnkFlt - ok
    21:04:14.0015 3080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    21:04:14.0093 3080 NwlnkFwd - ok
    21:04:14.0109 3080 PAR1284 - ok
    21:04:14.0140 3080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    21:04:14.0250 3080 Parport - ok
    21:04:14.0281 3080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    21:04:14.0359 3080 PartMgr - ok
    21:04:14.0390 3080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    21:04:14.0468 3080 ParVdm - ok
    21:04:14.0500 3080 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    21:04:14.0578 3080 PCI - ok
    21:04:14.0593 3080 PCIDump - ok
    21:04:14.0593 3080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    21:04:14.0656 3080 PCIIde - ok
    21:04:14.0703 3080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    21:04:14.0781 3080 Pcmcia - ok
    21:04:14.0781 3080 PDCOMP - ok
    21:04:14.0781 3080 PDFRAME - ok
    21:04:14.0796 3080 PDRELI - ok
    21:04:14.0796 3080 PDRFRAME - ok
    21:04:14.0843 3080 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    21:04:14.0906 3080 perc2 - ok
    21:04:14.0937 3080 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    21:04:15.0000 3080 perc2hib - ok
    21:04:15.0062 3080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    21:04:15.0140 3080 PptpMiniport - ok
    21:04:15.0140 3080 Profos - ok
    21:04:15.0156 3080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    21:04:15.0234 3080 PSched - ok
    21:04:15.0250 3080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    21:04:15.0328 3080 Ptilink - ok
    21:04:15.0359 3080 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    21:04:15.0375 3080 PxHelp20 - ok
    21:04:15.0421 3080 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    21:04:15.0500 3080 ql1080 - ok
    21:04:15.0546 3080 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    21:04:15.0640 3080 Ql10wnt - ok
    21:04:15.0656 3080 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    21:04:15.0734 3080 ql12160 - ok
    21:04:15.0734 3080 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    21:04:15.0796 3080 ql1240 - ok
    21:04:15.0812 3080 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    21:04:15.0875 3080 ql1280 - ok
    21:04:15.0906 3080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    21:04:16.0000 3080 RasAcd - ok
    21:04:16.0046 3080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    21:04:16.0125 3080 Rasl2tp - ok
    21:04:16.0140 3080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    21:04:16.0218 3080 RasPppoe - ok
    21:04:16.0218 3080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    21:04:16.0296 3080 Raspti - ok
    21:04:16.0328 3080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    21:04:16.0406 3080 Rdbss - ok
    21:04:16.0421 3080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    21:04:16.0515 3080 RDPCDD - ok
    21:04:16.0531 3080 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    21:04:16.0609 3080 rdpdr - ok
    21:04:16.0656 3080 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    21:04:16.0734 3080 RDPWD - ok
    21:04:16.0765 3080 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    21:04:16.0843 3080 redbook - ok
    21:04:16.0890 3080 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
    21:04:16.0984 3080 RimUsb - ok
    21:04:17.0031 3080 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    21:04:17.0093 3080 RimVSerPort - ok
    21:04:17.0171 3080 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    21:04:17.0265 3080 ROOTMODEM - ok
    21:04:17.0312 3080 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
    21:04:17.0328 3080 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
    21:04:17.0328 3080 SCDEmu - detected UnsignedFile.Multi.Generic (1)
    21:04:17.0375 3080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    21:04:17.0500 3080 Secdrv - ok
    21:04:17.0562 3080 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
    21:04:17.0625 3080 SenFiltService - ok
    21:04:17.0671 3080 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    21:04:17.0781 3080 serenum - ok
    21:04:17.0812 3080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    21:04:17.0921 3080 Serial - ok
    21:04:17.0968 3080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    21:04:18.0062 3080 Sfloppy - ok
    21:04:18.0078 3080 Simbad - ok
    21:04:18.0125 3080 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    21:04:18.0250 3080 sisagp - ok
    21:04:18.0281 3080 SNTNLUSB (a1ff7d99b199cea1f3df371ba70d2780) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
    21:04:18.0296 3080 SNTNLUSB - ok
    21:04:18.0312 3080 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    21:04:18.0359 3080 Sparrow - ok
    21:04:18.0390 3080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    21:04:18.0515 3080 splitter - ok
    21:04:18.0531 3080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    21:04:18.0609 3080 sr - ok
    21:04:18.0640 3080 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    21:04:18.0703 3080 Srv - ok
    21:04:18.0734 3080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    21:04:18.0812 3080 swenum - ok
    21:04:18.0812 3080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    21:04:18.0875 3080 swmidi - ok
    21:04:18.0921 3080 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    21:04:18.0984 3080 symc810 - ok
    21:04:19.0015 3080 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    21:04:19.0093 3080 symc8xx - ok
    21:04:19.0125 3080 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    21:04:19.0203 3080 sym_hi - ok
    21:04:19.0218 3080 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    21:04:19.0312 3080 sym_u3 - ok
    21:04:19.0343 3080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    21:04:19.0421 3080 sysaudio - ok
    21:04:19.0468 3080 tap0901 (11d34fc869f5bda29949fe3858380894) C:\WINDOWS\system32\DRIVERS\tap0901.sys
    21:04:19.0468 3080 tap0901 ( UnsignedFile.Multi.Generic ) - warning
    21:04:19.0468 3080 tap0901 - detected UnsignedFile.Multi.Generic (1)
    21:04:19.0515 3080 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    21:04:19.0578 3080 Tcpip - ok
    21:04:19.0625 3080 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    21:04:19.0671 3080 Tcpip6 - ok
    21:04:19.0734 3080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    21:04:19.0812 3080 TDPIPE - ok
    21:04:19.0859 3080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    21:04:19.0968 3080 TDTCP - ok
    21:04:20.0000 3080 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    21:04:20.0109 3080 TermDD - ok
    21:04:20.0140 3080 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    21:04:20.0250 3080 TosIde - ok
    21:04:20.0265 3080 Trufos - ok
    21:04:20.0359 3080 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
    21:04:20.0375 3080 TuneUpUtilitiesDrv - ok
    21:04:20.0406 3080 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    21:04:20.0515 3080 tunmp - ok
    21:04:20.0546 3080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    21:04:20.0656 3080 Udfs - ok
    21:04:20.0687 3080 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    21:04:20.0750 3080 ultra - ok
    21:04:20.0781 3080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    21:04:20.0890 3080 Update - ok
    21:04:20.0953 3080 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
    21:04:20.0968 3080 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
    21:04:20.0968 3080 USBAAPL - detected UnsignedFile.Multi.Generic (1)
    21:04:21.0000 3080 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    21:04:21.0093 3080 usbaudio - ok
    21:04:21.0156 3080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    21:04:21.0281 3080 usbccgp - ok
    21:04:21.0312 3080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    21:04:21.0421 3080 usbehci - ok
    21:04:21.0468 3080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    21:04:21.0578 3080 usbhub - ok
    21:04:21.0609 3080 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    21:04:21.0718 3080 usbprint - ok
    21:04:21.0765 3080 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    21:04:21.0875 3080 usbscan - ok
    21:04:21.0906 3080 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    21:04:22.0031 3080 USBSTOR - ok
    21:04:22.0062 3080 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    21:04:22.0171 3080 usbuhci - ok
    21:04:22.0234 3080 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    21:04:22.0328 3080 usb_rndisx - ok
    21:04:22.0359 3080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    21:04:22.0468 3080 VgaSave - ok
    21:04:22.0500 3080 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    21:04:22.0609 3080 viaagp - ok
    21:04:22.0656 3080 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    21:04:22.0765 3080 ViaIde - ok
    21:04:22.0796 3080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    21:04:22.0890 3080 VolSnap - ok
    21:04:22.0937 3080 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    21:04:23.0093 3080 Wanarp - ok
    21:04:23.0140 3080 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    21:04:23.0187 3080 wceusbsh - ok
    21:04:23.0250 3080 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    21:04:23.0265 3080 Wdf01000 - ok
    21:04:23.0281 3080 WDICA - ok
    21:04:23.0312 3080 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    21:04:23.0437 3080 wdmaud - ok
    21:04:23.0468 3080 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys
    21:04:23.0515 3080 WmBEnum - ok
    21:04:23.0531 3080 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys
    21:04:23.0593 3080 WmFilter - ok
    21:04:23.0625 3080 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys
    21:04:23.0671 3080 WmVirHid - ok
    21:04:23.0687 3080 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys
    21:04:23.0687 3080 WmXlCore - ok
    21:04:23.0750 3080 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    21:04:23.0875 3080 WpdUsb - ok
    21:04:23.0890 3080 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    21:04:24.0015 3080 WS2IFSL - ok
    21:04:24.0046 3080 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    21:04:24.0109 3080 WudfPf - ok
    21:04:24.0125 3080 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    21:04:24.0156 3080 WudfRd - ok
    21:04:24.0187 3080 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
    21:04:24.0203 3080 xusb21 - ok
    21:04:24.0234 3080 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    21:04:24.0531 3080 \Device\Harddisk0\DR0 - ok
    21:04:24.0531 3080 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk5\DR7
    21:04:24.0921 3080 \Device\Harddisk5\DR7 - ok
    21:04:24.0968 3080 Boot (0x1200) (e2c284bbd4b23abc7166a1fbb56d5f1a) \Device\Harddisk0\DR0\Partition0
    21:04:24.0968 3080 \Device\Harddisk0\DR0\Partition0 - ok
    21:04:24.0968 3080 Boot (0x1200) (34728c80127712084854d6290dc143ab) \Device\Harddisk5\DR7\Partition0
    21:04:24.0968 3080 \Device\Harddisk5\DR7\Partition0 - ok
    21:04:24.0968 3080 ============================================================
    21:04:24.0968 3080 Scan finished
    21:04:24.0968 3080 ============================================================
    21:04:25.0109 1472 Detected object count: 4
    21:04:25.0109 1472 Actual detected object count: 4
    21:04:32.0359 1472 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
    21:04:32.0359 1472 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:04:32.0359 1472 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
    21:04:32.0359 1472 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:04:32.0359 1472 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
    21:04:32.0359 1472 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:04:32.0375 1472 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
    21:04:32.0375 1472 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:04:42.0656 0604 Deinitialize success




    Results of screen317's Security Check version 0.99.30
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    AVG 2012
    ESET Online Scanner v3
    OneCare Advisor (Windows Live Toolbar)
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    CCleaner
    Java(TM) 6 Update 30
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java version out of date!
    Adobe Flash Player 10.3.181.34 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of date!
    Mozilla Firefox 8.0.1 Firefox out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe is disabled!
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1038595