Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

real slow rootkit and AV scans

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 30th, 2011, 8:51 am

Logs to follow
my screensaver/wallpaper keeps risizing and computer freezing
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm
Advertisement
Register to Remove

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 30th, 2011, 8:52 am

OTL logfile created on: 30/10/2011 12:49:17 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.22% Memory free
6.17 Gb Paging File | 4.95 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 186.54 Gb Free Space | 64.70% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.81% Space Free | Partition Type: NTFS

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 21:28:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/10/21 13:00:14 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/10/17 17:18:23 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/10/14 06:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 06:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/14 06:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/09/29 07:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccsvchst.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/30 12:47:05 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/30 12:47:02 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/21 15:53:23 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/10/21 15:53:23 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/10/21 12:54:11 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 07:09:46 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/14 06:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 06:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/10 20:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe -- (NIS)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/21 12:29:49 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111029.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/21 12:29:49 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/10/21 12:29:49 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/21 12:29:49 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111029.006\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/21 12:01:56 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/20 12:26:36 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111028.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/10/14 23:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111014.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/08 23:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/03 02:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1301010.003\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/03 02:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/29 03:20:02 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\SYMEFA.SYS -- (SymEFA)
DRV - [2011/07/26 02:18:39 | 000,344,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1301010.003\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/07/26 02:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\Ironx86.SYS -- (SymIRON)
DRV - [2011/07/25 18:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1301010.003\SYMDS.SYS -- (SymDS)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/01 08:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/12/10 20:48:26 | 000,043,520 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2008/03/18 15:23:06 | 000,020,480 | ---- | M] (GoTrusted) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gttap1.sys -- (gttap1)
DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 07:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.visagecomputers.co.uk/
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.visagecomputers.co.uk/
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2011/10/22 03:49:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2011/10/30 12:47:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/21 13:00:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/28 13:20:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/28 13:20:04 | 000,000,000 | ---D | M]

[2011/10/21 12:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/10/24 13:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1i32whaz.default\extensions
[2011/10/21 15:39:49 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1i32whaz.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/10/25 13:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/21 13:13:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011/10/30 12:47:02 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2011/10/22 03:49:44 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2011/10/21 13:00:32 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1I32WHAZ.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1I32WHAZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/21 12:31:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/29 07:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/21 13:12:56 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 01:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 01:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 01:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/29 01:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/29 01:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/10/29 15:45:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.1.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001..\Run: [GoTrusted] C:\Program Files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.1.5\GoTrusted Secure Tunnel.exe (GoTrusted.com)
O4 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3299710142-3868310564-1978959094-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/29 15:45:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/28 13:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/28 13:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/10/28 11:13:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Ahead
[2011/10/26 22:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2011/10/25 21:28:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/10/25 13:47:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/24 23:21:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Skype
[2011/10/24 23:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/10/24 13:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2011/10/22 23:01:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\vlc
[2011/10/22 22:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/10/22 22:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/10/22 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\Tracing
[2011/10/22 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/10/22 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/10/22 12:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/10/22 12:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/10/22 04:50:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\ConvertXToDVD
[2011/10/22 04:49:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
[2011/10/22 04:49:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Vso
[2011/10/22 04:49:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\PcSetup
[2011/10/22 04:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2011/10/22 04:49:06 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll
[2011/10/22 04:49:06 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll
[2011/10/22 04:49:06 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll
[2011/10/22 04:49:06 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll
[2011/10/22 04:49:06 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll
[2011/10/22 04:49:05 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2011/10/22 04:49:05 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2011/10/22 04:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2011/10/22 00:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2011/10/22 00:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2011/10/21 20:44:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Apple Computer
[2011/10/21 20:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/21 20:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/21 20:42:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple
[2011/10/21 20:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/21 20:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/10/21 18:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/21 16:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/10/21 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/21 15:53:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/21 15:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/10/21 15:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/21 15:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/21 15:44:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/10/21 15:32:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\My Received Files
[2011/10/21 14:49:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\GoTrusted.com
[2011/10/21 14:39:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoTrusted
[2011/10/21 14:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\GoTrusted.com
[2011/10/21 13:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/10/21 13:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/21 13:33:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/10/21 13:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/21 13:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/21 13:33:43 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/21 13:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/21 13:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/21 13:13:42 | 000,344,184 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\symtdiv.sys
[2011/10/21 13:13:41 | 000,897,656 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\symefa.sys
[2011/10/21 13:13:41 | 000,566,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\srtsp.sys
[2011/10/21 13:13:41 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\symds.sys
[2011/10/21 13:13:41 | 000,314,488 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\symnets.sys
[2011/10/21 13:13:41 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\ironx86.sys
[2011/10/21 13:13:41 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\ccsetx86.sys
[2011/10/21 13:13:41 | 000,031,864 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301010.003\srtspx.sys
[2011/10/21 13:13:17 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/10/21 13:13:17 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/10/21 13:13:17 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/10/21 13:13:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1301010.003
[2011/10/21 13:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/10/21 13:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/21 13:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/10/21 13:07:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2011/10/21 13:04:21 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/10/21 13:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/10/21 13:00:29 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/10/21 13:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/10/21 13:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2011/10/21 12:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/10/21 12:59:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Real
[2011/10/21 12:55:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Secunia PSI
[2011/10/21 12:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/10/21 12:54:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/10/21 12:54:11 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/21 12:52:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2011/10/21 12:52:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Mozilla
[2011/10/21 12:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/10/21 12:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/21 12:46:12 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/10/21 12:46:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/21 12:46:05 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/10/21 12:46:05 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/10/21 12:46:05 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/21 12:46:05 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/10/21 12:46:05 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/10/21 12:46:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/21 12:46:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/21 12:46:04 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/21 12:46:03 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/21 12:46:03 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/21 12:46:03 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/21 12:46:03 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/21 12:46:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/21 12:46:03 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/21 12:46:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/21 12:46:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/21 12:46:03 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/21 12:46:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/21 12:46:02 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/21 12:46:02 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/21 12:46:02 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/10/21 12:46:02 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/10/21 12:46:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/21 12:46:02 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/21 12:46:02 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/10/21 12:46:02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/21 12:46:02 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/21 12:46:01 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/21 12:46:01 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/21 12:46:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/21 12:46:01 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/10/21 12:46:01 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/21 12:46:01 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/10/21 12:46:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/21 12:46:01 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/10/21 12:46:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/21 12:17:24 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/10/21 12:17:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/10/21 12:17:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/10/21 12:16:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/10/21 12:16:21 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/10/21 12:16:21 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/10/21 12:16:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/10/21 12:16:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/10/21 12:16:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/10/21 12:16:20 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/10/21 12:16:20 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/10/21 12:16:20 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/10/21 12:16:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/10/21 12:16:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/10/21 12:16:18 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/10/21 12:16:18 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/10/21 12:16:18 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/10/21 12:16:18 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/10/21 12:16:18 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/10/21 12:15:59 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/10/21 12:15:59 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/21 12:15:59 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/21 12:15:59 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/21 12:15:59 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/21 12:15:57 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/10/21 12:15:57 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/10/21 12:15:56 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/10/21 12:15:56 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/10/21 12:15:56 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/10/21 12:15:56 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/10/21 12:15:56 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/10/21 12:15:56 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/10/21 12:15:54 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/10/21 12:15:54 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/10/21 12:15:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/10/21 12:15:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/10/21 12:15:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/10/21 12:15:47 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/10/21 12:15:47 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/10/21 12:15:46 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/21 12:15:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/10/21 12:15:42 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/10/21 12:15:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/10/21 12:15:26 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/10/21 12:15:24 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/10/21 12:15:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/10/21 12:15:05 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/10/21 12:15:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/10/21 12:15:05 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/10/21 12:15:05 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/10/21 12:15:05 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/10/21 12:15:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/10/21 12:15:05 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/10/21 12:15:05 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/10/21 12:15:05 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/10/21 12:15:05 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/10/21 12:15:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/10/21 12:13:54 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/21 12:13:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/21 12:13:06 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/10/21 12:13:06 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/10/21 12:13:06 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/10/21 12:13:06 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/10/21 12:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/10/21 12:01:56 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/10/21 12:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/10/21 12:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/10/21 12:00:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011/10/21 12:00:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/10/21 12:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/10/21 12:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/10/21 12:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/10/21 12:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/10/21 11:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

========== Files - Modified Within 30 Days ==========

[2011/10/30 12:46:27 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 12:46:27 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 12:46:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/30 12:46:21 | 3209,875,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/30 12:33:27 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/30 12:33:27 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/29 15:45:50 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/29 07:58:12 | 022,070,440 | ---- | M] () -- C:\Users\Chris\Documents\w3.pdf
[2011/10/28 23:10:59 | 000,440,472 | ---- | M] () -- C:\Users\Chris\AppData\Local\census.cache
[2011/10/28 23:10:56 | 000,168,329 | ---- | M] () -- C:\Users\Chris\AppData\Local\ars.cache
[2011/10/28 22:23:39 | 000,001,041 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2011/10/28 13:19:48 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/27 21:37:45 | 000,025,600 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/25 21:29:42 | 000,302,592 | ---- | M] () -- C:\Users\Chris\Desktop\svxr0kv0.exe
[2011/10/25 21:28:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/10/25 00:37:09 | 000,004,782 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301010.003\VT20111023.024
[2011/10/24 13:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2011/10/23 21:33:51 | 000,000,036 | ---- | M] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/10/22 22:28:19 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/10/22 17:23:41 | 000,000,938 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/22 12:26:02 | 000,000,759 | ---- | M] () -- C:\Users\Chris\Documents\My Sharing Folders.lnk
[2011/10/22 10:12:54 | 026,150,480 | ---- | M] () -- C:\Users\Chris\Documents\w2.pdf
[2011/10/22 04:49:31 | 001,703,671 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301010.003\Cat.DB
[2011/10/22 04:49:13 | 000,087,608 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\inst.exe
[2011/10/22 04:49:13 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
[2011/10/22 04:49:13 | 000,007,887 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/10/22 04:49:13 | 000,001,144 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/10/22 04:49:11 | 000,001,017 | ---- | M] () -- C:\Users\Chris\Desktop\ConvertXtoDVD 4.lnk
[2011/10/22 04:49:11 | 000,001,009 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/10/22 00:54:13 | 000,001,728 | ---- | M] () -- C:\Users\Chris\Desktop\PeerBlock.lnk
[2011/10/21 16:15:02 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/21 15:52:47 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/21 13:36:54 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/10/21 13:33:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/21 13:19:46 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/10/21 13:12:55 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/10/21 13:12:55 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/10/21 13:12:55 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/10/21 13:12:55 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/10/21 13:11:49 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/21 13:09:59 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/21 13:01:00 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/10/21 13:00:29 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/10/21 13:00:18 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/10/21 13:00:18 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/10/21 13:00:15 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/10/21 12:55:02 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/10/21 12:52:12 | 000,000,870 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/21 12:52:11 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/21 12:50:15 | 000,000,943 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/21 12:46:15 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/10/21 12:46:15 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/10/21 12:46:05 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/21 12:46:05 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/10/21 12:46:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/10/21 12:46:05 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/21 12:46:05 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/10/21 12:46:05 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/10/21 12:46:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/21 12:46:05 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/21 12:46:04 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/21 12:46:03 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/21 12:46:03 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/21 12:46:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/21 12:46:03 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/21 12:46:03 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/21 12:46:03 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/21 12:46:03 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/21 12:46:03 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/21 12:46:03 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/10/21 12:46:03 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/21 12:46:02 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/21 12:46:02 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/21 12:46:02 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/21 12:46:02 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/10/21 12:46:02 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/10/21 12:46:02 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/21 12:46:02 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/21 12:46:02 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/10/21 12:46:02 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/21 12:46:02 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/21 12:46:01 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/21 12:46:01 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/21 12:46:01 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/21 12:46:01 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/10/21 12:46:01 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/21 12:46:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/10/21 12:46:01 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/21 12:46:01 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/10/21 12:46:01 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/21 12:40:58 | 000,245,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/21 12:01:56 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/10/21 12:01:56 | 000,007,510 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/10/21 12:01:56 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

========== Files Created - No Company Name ==========

[2011/10/29 07:58:11 | 022,070,440 | ---- | C] () -- C:\Users\Chris\Documents\w3.pdf
[2011/10/28 13:19:47 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/25 21:29:11 | 000,302,592 | ---- | C] () -- C:\Users\Chris\Desktop\svxr0kv0.exe
[2011/10/25 00:37:16 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\VT20111023.024
[2011/10/23 22:58:08 | 000,440,472 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2011/10/23 22:57:42 | 000,168,329 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2011/10/23 21:33:51 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/10/22 22:28:18 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/10/22 17:23:41 | 000,000,938 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/22 12:26:02 | 000,000,759 | ---- | C] () -- C:\Users\Chris\Documents\My Sharing Folders.lnk
[2011/10/22 10:12:53 | 026,150,480 | ---- | C] () -- C:\Users\Chris\Documents\w2.pdf
[2011/10/22 04:50:27 | 000,001,041 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2011/10/22 04:49:13 | 000,087,608 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\inst.exe
[2011/10/22 04:49:13 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/10/22 04:49:13 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/10/22 04:49:11 | 000,001,009 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/10/22 04:49:10 | 000,001,017 | ---- | C] () -- C:\Users\Chris\Desktop\ConvertXtoDVD 4.lnk
[2011/10/22 03:42:48 | 000,025,600 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 00:54:13 | 000,001,728 | ---- | C] () -- C:\Users\Chris\Desktop\PeerBlock.lnk
[2011/10/21 20:42:31 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/21 16:15:02 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/21 15:52:47 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/21 13:33:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/21 13:18:46 | 001,703,671 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\Cat.DB
[2011/10/21 13:13:41 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symnetv.cat
[2011/10/21 13:13:41 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\ccsetx86.cat
[2011/10/21 13:13:41 | 000,007,498 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symefa.cat
[2011/10/21 13:13:41 | 000,007,496 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\srtspx.cat
[2011/10/21 13:13:41 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symds.cat
[2011/10/21 13:13:41 | 000,007,492 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\srtsp.cat
[2011/10/21 13:13:41 | 000,007,492 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\iron.cat
[2011/10/21 13:13:41 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symnet.cat
[2011/10/21 13:13:41 | 000,003,433 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symefa.inf
[2011/10/21 13:13:41 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symds.inf
[2011/10/21 13:13:41 | 000,001,468 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symnetv.inf
[2011/10/21 13:13:41 | 000,001,440 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\symnet.inf
[2011/10/21 13:13:41 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\srtspx.inf
[2011/10/21 13:13:41 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\srtsp.inf
[2011/10/21 13:13:41 | 000,000,828 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\ccsetx86.inf
[2011/10/21 13:13:41 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\iron.inf
[2011/10/21 13:13:09 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301010.003\isolate.ini
[2011/10/21 13:09:57 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/21 13:09:57 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/21 13:01:00 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/10/21 12:55:02 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/10/21 12:55:02 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/10/21 12:54:37 | 3209,875,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/21 12:52:11 | 000,000,870 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/21 12:52:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/21 12:52:10 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/21 12:46:03 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/10/21 12:16:18 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/10/21 12:16:18 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/10/21 12:16:18 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/10/21 12:01:56 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/10/21 12:01:56 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/10/21 12:01:40 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/02/04 13:50:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/04 13:50:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/04 13:19:09 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2011/02/04 12:24:09 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2008/10/23 12:54:22 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/10/23 12:20:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/23 12:05:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,245,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/02/04 13:38:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG10
[2011/10/28 22:23:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
[2011/10/30 12:45:44 | 000,017,128 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 30th, 2011, 8:55 am

12:55:08.0617 1160 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
12:55:09.0603 1160 ============================================================
12:55:09.0603 1160 Current date / time: 2011/10/30 12:55:09.0603
12:55:09.0603 1160 SystemInfo:
12:55:09.0603 1160
12:55:09.0603 1160 OS Version: 6.0.6002 ServicePack: 2.0
12:55:09.0603 1160 Product type: Workstation
12:55:09.0603 1160 ComputerName: DELL-530
12:55:09.0603 1160 UserName: Chris
12:55:09.0603 1160 Windows directory: C:\Windows
12:55:09.0603 1160 System windows directory: C:\Windows
12:55:09.0603 1160 Processor architecture: Intel x86
12:55:09.0603 1160 Number of processors: 2
12:55:09.0603 1160 Page size: 0x1000
12:55:09.0603 1160 Boot type: Normal boot
12:55:09.0603 1160 ============================================================
12:55:10.0632 1160 Initialize success
12:55:12.0348 1324 ============================================================
12:55:12.0348 1324 Scan started
12:55:12.0348 1324 Mode: Manual;
12:55:12.0348 1324 ============================================================
12:55:13.0131 1324 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:55:13.0133 1324 ACPI - ok
12:55:13.0170 1324 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:55:13.0178 1324 adp94xx - ok
12:55:13.0196 1324 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:55:13.0198 1324 adpahci - ok
12:55:13.0221 1324 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:55:13.0222 1324 adpu160m - ok
12:55:13.0244 1324 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:55:13.0246 1324 adpu320 - ok
12:55:13.0294 1324 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:55:13.0299 1324 AFD - ok
12:55:13.0327 1324 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:55:13.0328 1324 agp440 - ok
12:55:13.0361 1324 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:55:13.0362 1324 aic78xx - ok
12:55:13.0388 1324 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
12:55:13.0389 1324 aliide - ok
12:55:13.0412 1324 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:55:13.0413 1324 amdagp - ok
12:55:13.0433 1324 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
12:55:13.0433 1324 amdide - ok
12:55:13.0452 1324 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:55:13.0454 1324 AmdK7 - ok
12:55:13.0467 1324 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
12:55:13.0468 1324 AmdK8 - ok
12:55:13.0501 1324 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:55:13.0503 1324 arc - ok
12:55:13.0526 1324 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:55:13.0529 1324 arcsas - ok
12:55:13.0551 1324 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:55:13.0552 1324 AsyncMac - ok
12:55:13.0571 1324 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:55:13.0572 1324 atapi - ok
12:55:13.0605 1324 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:55:13.0606 1324 Beep - ok
12:55:13.0716 1324 BHDrvx86 (fe57ab6683f48264d1cd36f5d5ee95a8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111014.001\BHDrvx86.sys
12:55:13.0733 1324 BHDrvx86 - ok
12:55:13.0748 1324 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:55:13.0750 1324 blbdrive - ok
12:55:13.0773 1324 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:55:13.0776 1324 bowser - ok
12:55:13.0799 1324 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:55:13.0800 1324 BrFiltLo - ok
12:55:13.0810 1324 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:55:13.0812 1324 BrFiltUp - ok
12:55:13.0837 1324 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:55:13.0839 1324 Brserid - ok
12:55:13.0860 1324 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:55:13.0863 1324 BrSerWdm - ok
12:55:13.0885 1324 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:55:13.0886 1324 BrUsbMdm - ok
12:55:13.0901 1324 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:55:13.0903 1324 BrUsbSer - ok
12:55:13.0929 1324 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:55:13.0931 1324 BTHMODEM - ok
12:55:14.0000 1324 ccSet_NIS (2b2f9b4a08190334a9c36446b208bae9) C:\Windows\system32\drivers\NIS\1301010.003\ccSetx86.sys
12:55:14.0003 1324 ccSet_NIS - ok
12:55:14.0025 1324 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:55:14.0026 1324 cdfs - ok
12:55:14.0040 1324 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:55:14.0041 1324 cdrom - ok
12:55:14.0061 1324 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:55:14.0063 1324 circlass - ok
12:55:14.0093 1324 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:55:14.0097 1324 CLFS - ok
12:55:14.0119 1324 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
12:55:14.0121 1324 cmdide - ok
12:55:14.0137 1324 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
12:55:14.0138 1324 Compbatt - ok
12:55:14.0152 1324 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:55:14.0153 1324 crcdisk - ok
12:55:14.0170 1324 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:55:14.0172 1324 Crusoe - ok
12:55:14.0202 1324 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:55:14.0203 1324 DfsC - ok
12:55:14.0240 1324 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:55:14.0243 1324 disk - ok
12:55:14.0269 1324 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:55:14.0270 1324 drmkaud - ok
12:55:14.0309 1324 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:55:14.0326 1324 DXGKrnl - ok
12:55:14.0341 1324 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
12:55:14.0345 1324 e1express - ok
12:55:14.0372 1324 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:55:14.0373 1324 E1G60 - ok
12:55:14.0404 1324 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:55:14.0407 1324 Ecache - ok
12:55:14.0477 1324 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:55:14.0483 1324 eeCtrl - ok
12:55:14.0514 1324 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:55:14.0520 1324 elxstor - ok
12:55:14.0552 1324 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:55:14.0554 1324 EraserUtilRebootDrv - ok
12:55:14.0573 1324 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:55:14.0575 1324 ErrDev - ok
12:55:14.0611 1324 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:55:14.0614 1324 exfat - ok
12:55:14.0634 1324 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:55:14.0637 1324 fastfat - ok
12:55:14.0656 1324 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:55:14.0657 1324 fdc - ok
12:55:14.0684 1324 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:55:14.0686 1324 FileInfo - ok
12:55:14.0701 1324 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:55:14.0702 1324 Filetrace - ok
12:55:14.0718 1324 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:55:14.0720 1324 flpydisk - ok
12:55:14.0753 1324 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:55:14.0755 1324 FltMgr - ok
12:55:14.0801 1324 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:55:14.0802 1324 Fs_Rec - ok
12:55:14.0821 1324 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:55:14.0823 1324 gagp30kx - ok
12:55:14.0929 1324 gttap1 (696099dee7610b726f61e26e4ec92aaf) C:\Windows\system32\DRIVERS\gttap1.sys
12:55:14.0930 1324 gttap1 - ok
12:55:14.0963 1324 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
12:55:14.0965 1324 HdAudAddService - ok
12:55:14.0991 1324 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:55:14.0996 1324 HDAudBus - ok
12:55:15.0015 1324 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:55:15.0017 1324 HidBth - ok
12:55:15.0040 1324 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:55:15.0042 1324 HidIr - ok
12:55:15.0071 1324 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:55:15.0073 1324 HidUsb - ok
12:55:15.0112 1324 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:55:15.0114 1324 HpCISSs - ok
12:55:15.0133 1324 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:55:15.0140 1324 HTTP - ok
12:55:15.0154 1324 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:55:15.0155 1324 i2omp - ok
12:55:15.0187 1324 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:55:15.0188 1324 i8042prt - ok
12:55:15.0215 1324 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:55:15.0219 1324 iaStorV - ok
12:55:15.0331 1324 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111028.030\IDSvix86.sys
12:55:15.0337 1324 IDSVix86 - ok
12:55:15.0395 1324 igfx (63c56dac467ef814b60ff2aa2286c917) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:55:15.0410 1324 igfx - ok
12:55:15.0430 1324 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:55:15.0432 1324 iirsp - ok
12:55:15.0456 1324 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:55:15.0458 1324 intelide - ok
12:55:15.0484 1324 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:55:15.0485 1324 intelppm - ok
12:55:15.0503 1324 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:55:15.0505 1324 IpFilterDriver - ok
12:55:15.0520 1324 IpInIp - ok
12:55:15.0543 1324 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:55:15.0545 1324 IPMIDRV - ok
12:55:15.0565 1324 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:55:15.0568 1324 IPNAT - ok
12:55:15.0584 1324 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:55:15.0586 1324 IRENUM - ok
12:55:15.0615 1324 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:55:15.0616 1324 isapnp - ok
12:55:15.0641 1324 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:55:15.0645 1324 iScsiPrt - ok
12:55:15.0659 1324 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:55:15.0661 1324 iteatapi - ok
12:55:15.0675 1324 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:55:15.0676 1324 iteraid - ok
12:55:15.0696 1324 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:55:15.0699 1324 kbdclass - ok
12:55:15.0707 1324 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:55:15.0708 1324 kbdhid - ok
12:55:15.0750 1324 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
12:55:15.0756 1324 KSecDD - ok
12:55:15.0778 1324 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:55:15.0780 1324 lltdio - ok
12:55:15.0807 1324 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:55:15.0810 1324 LSI_FC - ok
12:55:15.0827 1324 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:55:15.0829 1324 LSI_SAS - ok
12:55:15.0850 1324 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:55:15.0884 1324 LSI_SCSI - ok
12:55:15.0896 1324 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:55:15.0898 1324 luafv - ok
12:55:15.0918 1324 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:55:15.0920 1324 megasas - ok
12:55:15.0943 1324 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:55:15.0949 1324 MegaSR - ok
12:55:15.0973 1324 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:55:15.0975 1324 Modem - ok
12:55:16.0005 1324 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:55:16.0006 1324 monitor - ok
12:55:16.0027 1324 MOSUMAC (e07afaf733d3004f5dc64aa3a47700b1) C:\Windows\system32\DRIVERS\MOSUMAC.SYS
12:55:16.0029 1324 MOSUMAC - ok
12:55:16.0039 1324 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:55:16.0040 1324 mouclass - ok
12:55:16.0050 1324 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:55:16.0051 1324 mouhid - ok
12:55:16.0064 1324 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:55:16.0066 1324 MountMgr - ok
12:55:16.0090 1324 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:55:16.0093 1324 mpio - ok
12:55:16.0109 1324 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:55:16.0111 1324 mpsdrv - ok
12:55:16.0129 1324 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:55:16.0131 1324 Mraid35x - ok
12:55:16.0145 1324 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:55:16.0148 1324 MRxDAV - ok
12:55:16.0231 1324 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:55:16.0234 1324 mrxsmb - ok
12:55:16.0300 1324 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:55:16.0305 1324 mrxsmb10 - ok
12:55:16.0320 1324 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:55:16.0322 1324 mrxsmb20 - ok
12:55:16.0342 1324 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
12:55:16.0344 1324 msahci - ok
12:55:16.0361 1324 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:55:16.0364 1324 msdsm - ok
12:55:16.0384 1324 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:55:16.0385 1324 Msfs - ok
12:55:16.0408 1324 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:55:16.0409 1324 msisadrv - ok
12:55:16.0460 1324 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:55:16.0462 1324 MSKSSRV - ok
12:55:16.0481 1324 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:55:16.0482 1324 MSPCLOCK - ok
12:55:16.0500 1324 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:55:16.0502 1324 MSPQM - ok
12:55:16.0523 1324 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:55:16.0526 1324 MsRPC - ok
12:55:16.0557 1324 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:55:16.0557 1324 mssmbios - ok
12:55:16.0579 1324 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:55:16.0580 1324 MSTEE - ok
12:55:16.0600 1324 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:55:16.0601 1324 Mup - ok
12:55:16.0639 1324 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:55:16.0642 1324 NativeWifiP - ok
12:55:16.0880 1324 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111029.006\NAVENG.SYS
12:55:16.0883 1324 NAVENG - ok
12:55:16.0918 1324 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111029.006\NAVEX15.SYS
12:55:16.0944 1324 NAVEX15 - ok
12:55:16.0997 1324 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:55:17.0030 1324 NDIS - ok
12:55:17.0057 1324 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:55:17.0059 1324 NdisTapi - ok
12:55:17.0080 1324 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:55:17.0082 1324 Ndisuio - ok
12:55:17.0109 1324 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:55:17.0112 1324 NdisWan - ok
12:55:17.0125 1324 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:55:17.0127 1324 NDProxy - ok
12:55:17.0144 1324 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:55:17.0146 1324 NetBIOS - ok
12:55:17.0161 1324 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:55:17.0166 1324 netbt - ok
12:55:17.0193 1324 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:55:17.0195 1324 nfrd960 - ok
12:55:17.0221 1324 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:55:17.0222 1324 Npfs - ok
12:55:17.0243 1324 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:55:17.0245 1324 nsiproxy - ok
12:55:17.0281 1324 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:55:17.0307 1324 Ntfs - ok
12:55:17.0325 1324 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:55:17.0326 1324 ntrigdigi - ok
12:55:17.0344 1324 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:55:17.0345 1324 Null - ok
12:55:17.0365 1324 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:55:17.0368 1324 nvraid - ok
12:55:17.0383 1324 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:55:17.0384 1324 nvstor - ok
12:55:17.0398 1324 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:55:17.0400 1324 nv_agp - ok
12:55:17.0408 1324 NwlnkFlt - ok
12:55:17.0420 1324 NwlnkFwd - ok
12:55:17.0451 1324 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
12:55:17.0453 1324 ohci1394 - ok
12:55:17.0471 1324 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
12:55:17.0474 1324 Parport - ok
12:55:17.0484 1324 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:55:17.0486 1324 partmgr - ok
12:55:17.0511 1324 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
12:55:17.0512 1324 Parvdm - ok
12:55:17.0532 1324 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:55:17.0535 1324 pci - ok
12:55:17.0557 1324 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
12:55:17.0559 1324 pciide - ok
12:55:17.0577 1324 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:55:17.0580 1324 pcmcia - ok
12:55:17.0622 1324 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
12:55:17.0636 1324 pcouffin - ok
12:55:17.0679 1324 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:55:17.0696 1324 PEAUTH - ok
12:55:17.0760 1324 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:55:17.0762 1324 PptpMiniport - ok
12:55:17.0782 1324 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
12:55:17.0784 1324 Processor - ok
12:55:17.0821 1324 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:55:17.0823 1324 PSched - ok
12:55:17.0843 1324 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
12:55:17.0877 1324 PSI - ok
12:55:17.0922 1324 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:55:17.0946 1324 ql2300 - ok
12:55:17.0964 1324 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:55:17.0967 1324 ql40xx - ok
12:55:17.0988 1324 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:55:17.0990 1324 QWAVEdrv - ok
12:55:18.0004 1324 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:55:18.0005 1324 RasAcd - ok
12:55:18.0024 1324 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:55:18.0027 1324 Rasl2tp - ok
12:55:18.0042 1324 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:55:18.0044 1324 RasPppoe - ok
12:55:18.0060 1324 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:55:18.0063 1324 RasSstp - ok
12:55:18.0088 1324 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:55:18.0092 1324 rdbss - ok
12:55:18.0112 1324 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:55:18.0114 1324 RDPCDD - ok
12:55:18.0136 1324 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:55:18.0140 1324 rdpdr - ok
12:55:18.0150 1324 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:55:18.0151 1324 RDPENCDD - ok
12:55:18.0199 1324 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
12:55:18.0206 1324 RDPWD - ok
12:55:18.0243 1324 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:55:18.0245 1324 rspndr - ok
12:55:18.0296 1324 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
12:55:18.0297 1324 RTL8169 - ok
12:55:18.0353 1324 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:55:18.0367 1324 SASDIFSV - ok
12:55:18.0391 1324 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:55:18.0393 1324 SASKUTIL - ok
12:55:18.0408 1324 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:55:18.0410 1324 sbp2port - ok
12:55:18.0438 1324 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:55:18.0440 1324 secdrv - ok
12:55:18.0468 1324 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
12:55:18.0470 1324 Serenum - ok
12:55:18.0483 1324 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
12:55:18.0485 1324 Serial - ok
12:55:18.0502 1324 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:55:18.0504 1324 sermouse - ok
12:55:18.0531 1324 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:55:18.0532 1324 sffdisk - ok
12:55:18.0545 1324 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:55:18.0546 1324 sffp_mmc - ok
12:55:18.0564 1324 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:55:18.0567 1324 sffp_sd - ok
12:55:18.0585 1324 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:55:18.0587 1324 sfloppy - ok
12:55:18.0615 1324 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:55:18.0618 1324 sisagp - ok
12:55:18.0637 1324 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:55:18.0639 1324 SiSRaid2 - ok
12:55:18.0651 1324 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:55:18.0653 1324 SiSRaid4 - ok
12:55:18.0675 1324 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:55:18.0675 1324 Smb - ok
12:55:18.0691 1324 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:55:18.0708 1324 spldr - ok
12:55:18.0826 1324 SRTSP (2c5fbf6a00a4a3dcf643e46e8acb20c2) C:\Windows\System32\Drivers\NIS\1301010.003\SRTSP.SYS
12:55:18.0836 1324 SRTSP - ok
12:55:18.0868 1324 SRTSPX (9034ea58552b55f370e5293a7175c5ac) C:\Windows\system32\drivers\NIS\1301010.003\SRTSPX.SYS
12:55:18.0870 1324 SRTSPX - ok
12:55:18.0905 1324 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:55:18.0924 1324 srv - ok
12:55:18.0949 1324 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:55:18.0952 1324 srv2 - ok
12:55:18.0974 1324 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:55:18.0976 1324 srvnet - ok
12:55:19.0022 1324 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:55:19.0023 1324 swenum - ok
12:55:19.0043 1324 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:55:19.0045 1324 Symc8xx - ok
12:55:19.0078 1324 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1301010.003\SYMDS.SYS
12:55:19.0082 1324 SymDS - ok
12:55:19.0116 1324 SymEFA (a0c7005387bb6f055bb50bd8e779368b) C:\Windows\system32\drivers\NIS\1301010.003\SYMEFA.SYS
12:55:19.0127 1324 SymEFA - ok
12:55:19.0150 1324 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\Windows\system32\Drivers\SYMEVENT.SYS
12:55:19.0154 1324 SymEvent - ok
12:55:19.0201 1324 SymIRON (39c35ddbb570e9f334f239248e4de34d) C:\Windows\system32\drivers\NIS\1301010.003\Ironx86.SYS
12:55:19.0204 1324 SymIRON - ok
12:55:19.0239 1324 SYMTDIv (671753e39b8f12cf9b6bcefcb19f89b0) C:\Windows\System32\Drivers\NIS\1301010.003\SYMTDIV.SYS
12:55:19.0245 1324 SYMTDIv - ok
12:55:19.0267 1324 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:55:19.0269 1324 Sym_hi - ok
12:55:19.0288 1324 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:55:19.0290 1324 Sym_u3 - ok
12:55:19.0339 1324 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
12:55:19.0349 1324 Tcpip - ok
12:55:19.0389 1324 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
12:55:19.0396 1324 Tcpip6 - ok
12:55:19.0411 1324 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:55:19.0412 1324 tcpipreg - ok
12:55:19.0428 1324 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:55:19.0429 1324 TDPIPE - ok
12:55:19.0445 1324 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:55:19.0447 1324 TDTCP - ok
12:55:19.0465 1324 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:55:19.0468 1324 tdx - ok
12:55:19.0485 1324 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:55:19.0487 1324 TermDD - ok
12:55:19.0519 1324 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:55:19.0521 1324 tssecsrv - ok
12:55:19.0539 1324 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:55:19.0541 1324 tunmp - ok
12:55:19.0551 1324 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
12:55:19.0553 1324 tunnel - ok
12:55:19.0569 1324 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:55:19.0571 1324 uagp35 - ok
12:55:19.0588 1324 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:55:19.0592 1324 udfs - ok
12:55:19.0627 1324 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:55:19.0629 1324 uliagpkx - ok
12:55:19.0646 1324 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:55:19.0651 1324 uliahci - ok
12:55:19.0666 1324 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:55:19.0669 1324 UlSata - ok
12:55:19.0686 1324 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:55:19.0689 1324 ulsata2 - ok
12:55:19.0713 1324 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:55:19.0716 1324 umbus - ok
12:55:19.0745 1324 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
12:55:19.0747 1324 usbccgp - ok
12:55:19.0763 1324 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:55:19.0765 1324 usbcir - ok
12:55:19.0797 1324 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:55:19.0799 1324 usbehci - ok
12:55:19.0816 1324 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:55:19.0820 1324 usbhub - ok
12:55:19.0839 1324 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
12:55:19.0841 1324 usbohci - ok
12:55:19.0857 1324 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
12:55:19.0859 1324 usbprint - ok
12:55:19.0878 1324 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:55:19.0894 1324 USBSTOR - ok
12:55:19.0920 1324 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:55:19.0924 1324 usbuhci - ok
12:55:19.0986 1324 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:55:19.0999 1324 vga - ok
12:55:20.0020 1324 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:55:20.0022 1324 VgaSave - ok
12:55:20.0040 1324 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:55:20.0042 1324 viaagp - ok
12:55:20.0068 1324 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:55:20.0071 1324 ViaC7 - ok
12:55:20.0083 1324 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
12:55:20.0085 1324 viaide - ok
12:55:20.0095 1324 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:55:20.0096 1324 volmgr - ok
12:55:20.0119 1324 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:55:20.0125 1324 volmgrx - ok
12:55:20.0141 1324 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:55:20.0145 1324 volsnap - ok
12:55:20.0163 1324 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:55:20.0166 1324 vsmraid - ok
12:55:20.0190 1324 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:55:20.0191 1324 WacomPen - ok
12:55:20.0211 1324 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:55:20.0214 1324 Wanarp - ok
12:55:20.0226 1324 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:55:20.0227 1324 Wanarpv6 - ok
12:55:20.0258 1324 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:55:20.0259 1324 Wd - ok
12:55:20.0282 1324 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:55:20.0290 1324 Wdf01000 - ok
12:55:20.0348 1324 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
12:55:20.0349 1324 WmiAcpi - ok
12:55:20.0386 1324 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:55:20.0388 1324 ws2ifsl - ok
12:55:20.0426 1324 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:55:20.0428 1324 WUDFRd - ok
12:55:20.0453 1324 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:55:20.0469 1324 \Device\Harddisk0\DR0 - ok
12:55:20.0477 1324 Boot (0x1200) (2dda9478316b999aa18fbea008220212) \Device\Harddisk0\DR0\Partition0
12:55:20.0478 1324 \Device\Harddisk0\DR0\Partition0 - ok
12:55:20.0514 1324 Boot (0x1200) (c16041381db22404c8fc65dde425fb44) \Device\Harddisk0\DR0\Partition1
12:55:20.0551 1324 \Device\Harddisk0\DR0\Partition1 - ok
12:55:20.0551 1324 ============================================================
12:55:20.0551 1324 Scan finished
12:55:20.0551 1324 ============================================================
12:55:20.0558 2520 Detected object count: 0
12:55:20.0558 2520 Actual detected object count: 0
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Gary R » October 30th, 2011, 10:33 am

I can still see remnants of AVG in your log, did you run the AVG uninstall tool ?

If you did not then please run it.

If you did, please do the following ....

Please download SystemLook from one of the links below and save it to your Desktop.

For 32 bit Systems
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:filefind
AVG

:folderfind
AVG

:Regfind
AVG

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 30th, 2011, 1:22 pm

Yes Ran the tool twice

SystemLook 30.07.11 by jpshortstuff
Log created at 17:19 on 30/10/2011 by Chris
Administrator - Elevation successful

========== filefind ==========

Searching for "AVG"
No files found.

========== folderfind ==========

Searching for "AVG"
No folders found.

========== Regfind ==========

Searching for "AVG"
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\AVGeneral]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\AVG Security Toolbar]
[HKEY_CURRENT_USER\Software\Classes\Applications\avgtray.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files\AVG\AVG10\avguires.dll,-128"
[HKEY_CURRENT_USER\Software\Classes\Applications\avgui.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files\AVG\AVG10\avguires.dll,-128"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Chris\Downloads\avg_remover_stf_x86_2011_1322.exe"="AVG Remover Utility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG10\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG10\log\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG10\Cfg\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG10\cfgall\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG10\Chjw\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSSHIM]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSSHIM\0000]
"Service"="AVGIDSShim"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSSHIM\0000]
"DeviceDesc"="AVGIDSShim"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX86]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX86\0000]
"Service"="Avgrkx86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX86\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIX\0000]
"Service"="Avgtdix"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIX\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6F2BB904-B011-49BA-9FCC-D9B076A725D6}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\AVG\AVG10\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E00B87B6-1B74-441A-B6C4-529AD3385CBF}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\AVG\AVG10\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGIDSSHIM]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGIDSSHIM\0000]
"Service"="AVGIDSShim"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGIDSSHIM\0000]
"DeviceDesc"="AVGIDSShim"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGRKX86]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGRKX86\0000]
"Service"="Avgrkx86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGRKX86\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGTDIX]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGTDIX\0000]
"Service"="Avgtdix"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AVGTDIX\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6F2BB904-B011-49BA-9FCC-D9B076A725D6}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\AVG\AVG10\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E00B87B6-1B74-441A-B6C4-529AD3385CBF}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\AVG\AVG10\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"Service"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\0000]
"DeviceDesc"="AVGIDSFilter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSSHIM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSSHIM\0000]
"Service"="AVGIDSShim"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSSHIM\0000]
"DeviceDesc"="AVGIDSShim"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX86]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX86\0000]
"Service"="Avgrkx86"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX86\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIX]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIX\0000]
"Service"="Avgtdix"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIX\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6F2BB904-B011-49BA-9FCC-D9B076A725D6}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\AVG\AVG10\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E00B87B6-1B74-441A-B6C4-529AD3385CBF}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\AVG\AVG10\avgmfapx.exe|Name=AVG Installer|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Adobe\Acrobat Reader\10.0\AVGeneral]
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\AVG Security Toolbar]
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Classes\Applications\avgtray.exe]
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Classes\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files\AVG\AVG10\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Classes\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Classes\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files\AVG\AVG10\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Chris\Downloads\avg_remover_stf_x86_2011_1322.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001_Classes\Applications\avgtray.exe]
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001_Classes\Applications\avgtray.exe]
"TaskbarGroupIcon"="C:\Program Files\AVG\AVG10\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001_Classes\Applications\avgui.exe]
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001_Classes\Applications\avgui.exe]
"TaskbarGroupIcon"="C:\Program Files\AVG\AVG10\avguires.dll,-128"
[HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Chris\Downloads\avg_remover_stf_x86_2011_1322.exe"="AVG Remover Utility"

-= EOF =-
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Gary R » October 30th, 2011, 2:35 pm

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Users\Chris\AppData\Roaming\AVG10
C:\Program Files\AVG

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\AVG Security Toolbar]
[-HKEY_CURRENT_USER\Software\Classes\Applications\avgtray.exe]
[-HKEY_CURRENT_USER\Software\Classes\Applications\avgtray.exe]
[-HKEY_CURRENT_USER\Software\Classes\Applications\avgui.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG10\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG10\log\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG10\Cfg\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG10\cfgall\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG10\Chjw\"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSSHIM]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX86]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIX]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6F2BB904-B011-49BA-9FCC-D9B076A725D6}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E00B87B6-1B74-441A-B6C4-529AD3385CBF}"=-
[-HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\AVG Security Toolbar]
[-HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Classes\Applications\avgtray.exe]
[-HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Classes\Applications\avgui.exe]
[-HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001_Classes\Applications\avgtray.exe]
[-HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001_Classes\Applications\avgui.exe]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note:OTL may re-boot your computer, if it does not, please re-boot your computer manually. A log will be produced upon re-boot.

How is your computer performing now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 30th, 2011, 4:21 pm

Is my computer free of malware? my mouse still moves on its own
Can I ask what you have done the last 2 times I typed into OTL< first all the copy and paste for U torent and the one above which I ran a fix, was there spyware what have I deleted?. thanks

========== FILES ==========
File\Folder C:\Users\Chris\AppData\Roaming\AVG10 not found.
File\Folder C:\Program Files\AVG not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\AVG Security Toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\Applications\avgtray.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\Applications\avgtray.exe\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\Applications\avgui.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG10\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG10\log\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG10\Cfg\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG10\cfgall\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG10\Chjw\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSSHIM\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX86\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIX\ scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F2BB904-B011-49BA-9FCC-D9B076A725D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F2BB904-B011-49BA-9FCC-D9B076A725D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E00B87B6-1B74-441A-B6C4-529AD3385CBF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E00B87B6-1B74-441A-B6C4-529AD3385CBF}\ not found.
Registry key HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\AVG Security Toolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Classes\Applications\avgtray.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Classes\Applications\avgui.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001_Classes\Applications\avgtray.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-3299710142-3868310564-1978959094-1001_Classes\Applications\avgui.exe\ not found.

OTL by OldTimer - Version 3.2.31.0 log created on 10302011_201758

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSFILTER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSSHIM\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX86\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIX\ scheduled to be deleted on reboot.
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Gary R » October 31st, 2011, 7:29 am

So far I have seen no signs of malware on your computer.

All we have done is remove a few orphans (remnants of incompletely removed software), which may be causing conflicts with your current programs.

AVG, which I presume was your previous anti-virus program had left a lot of registry orpahans, and these were removed to prevent any possible conflicts with Norton Internet Security (your current anti-virus).

From the nature of things, it seems your problems are not caused by an infection, but by either a software malfunction of some kind, or a hardware problem. Both are outside the scope of this forum, which was set up solely to resolve malware related issues.

I feel at this point, that you would be better served by referring your problem to one of the "General Computer Help" forums who specialise in dealing with the kind of problems you're experiencing. My expertise is in removing malware, and as far as I can determine your computer is not infected, there are others much better qualified for dealing with non-malware related issues.

Below are links to a number of general help forums where the standard of help is usually of a high standard ....

http://forums.whatthetech.com/index.php?showforum=119
http://www.bleepingcomputer.com/forums/forum72.html
http://www.techsupportforum.com/forums/f217/

If anyone asks if you've checked for malware please feel free to refer them to this topic.

Please understand it is not my intention to "fob you off" on someone else, but only to point you to where you're more likely to get your problems resolved/
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 31st, 2011, 3:20 pm

Gary R wrote:
Please understand it is not my intention to "fob you off" on someone else, but only to point you to where you're more likely to get your problems resolved/


I don't feel fobbed at all, I wish to thank you for your time and effort

Can I just ask what you did with the Utorrent removal on OTL? Can I delete all OTL etc now

cheers
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Gary R » October 31st, 2011, 5:28 pm

All items removed by OTL are retained so that they can be restored if necessary, they are only fully removed when OTL is removed.

The procedure for removing OTL is as follows. This will also remove GMER (except for the random named file on your desktop which must be deleted manually), and TDSSKiller. ....

  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

ERUNT can be removed using Start > Control Panel > Programs > Uninstall a program
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: real slow rootkit and AV scans

Unread postby Milk21 » October 31st, 2011, 6:11 pm

thanks dude :)
Milk21
Regular Member
 
Posts: 20
Joined: October 21st, 2011, 12:45 pm

Re: real slow rootkit and AV scans

Unread postby Gary R » October 31st, 2011, 6:17 pm

You're welcome. :)

Good luck getting your problem resolved.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware