Hi,
I would like to thank for your help and assistance in advance...
Whatever has infected our computers has manged to spread to every single computer we own- it seems that as soon as a drive is formatted and Windows reinstalled it returns. It seems to affect system files and thus does not get recognized by most AV applications. My partner and I are suspecting this might be one of the kernel rootkits/ backdoors- whatever it is! We have tried reformatting hard drives to zeros, clearing CMOS, updating BIOS, deleting and updating MBR, reinstalling different OS's (Linux, Win) and it does not appear to help- we suspect that the virus stores itself in the bad sector files of the drive. Our network activity is crazy as soon as it is connected, it appears the computers gain a life of their own- being able to open/close applications, websites, enable/disable apps...both I an my partner work within the IT sectors and neither of us has come across something this nasty that we have not been able to remove...we have tried all the tools that seem to be available- resorting now to trying to find out how to completely clean drives manually- overwriting the bad sectors, we are also suspecting it is the APT's affecting us...but since we have never had to dig this deep it has been very hard to learn so much at once- thus why resorting to the exports appears to be such a brilliant idea!

Sorry for the long intro- hope it does not scare anyone off and please help... :)

Below are the results of the DDS scan:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Cain at 23:02:05 on 2012-06-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1526.794 [GMT 10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mWinlogon: Userinit=userinit.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: Interfaces\{722AFB9E-660A-40D8-A243-6E5DB630BA11} : NameServer = 10.0.0.10
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cain\AppData\Roaming\Mozilla\Firefox\Profiles\lzp9ylmb.default\
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-12 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
.
=============== Created Last 30 ================
.
2012-06-12 12:31:16 -------- d-----w- C:\ProgramData\RegRun
2012-06-12 12:18:13 -------- d-----w- C:\Users\Cain\AppData\Local\ElevatedDiagnostics
2012-06-12 12:17:45 -------- d-----w- C:\Users\Cain\AppData\Local\Diagnostics
2012-06-12 12:16:22 37600 ----a-w- C:\Windows\System32\Partizan.exe
2012-06-12 12:15:59 -------- d-----w- C:\Program Files (x86)\Greatis
2012-06-12 12:14:15 2 --shatr- C:\Windows\winstart.bat
2012-06-12 12:13:23 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-06-10 03:17:15 -------- d-----w- C:\Windows\Panther
.
==================== Find3M ====================
.
.
============= FINISH: 23:02:26.53 ===============

Once again- thank you in advance...... Any help is greatly appreciated

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Safer-Networking (http://forums.spybot.info/forumdisplay.php?f=22) forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hi iohelp and welcome to Safer-Networking :)

My name is torreattack, and I will be helping you with your malware problems.

I'm a Security Team trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer (http://support.microsoft.com/kb/971759)
Backup your data - Vista (http://www.vista4beginners.com/How-to-backup-your-data)
Backup your data - windows 7 (http://windows.microsoft.com/en-us/windows7/Back-up-your-files)

Please observe these rules while we work:
Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.

If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.

I am currently reviewing your log and will return, as soon as possible, with additional instructions.

By the way, while waiting,
Have you back up your registry with Erunt?
note:You can find the instruction to perform the tasks here (http://forums.spybot.info/showpost.php?p=1150&postcount=2).


Thank you for your patience.
torreattack

Thank you for your reply- awaiting your further instructions.

Hi iohelp :

1. Please tell me, is this computer used for business or connected to a business network?
If no, please continue... otherwise <STOP> ... post back and let me know.
Note: Many of these type systems may have specific modifications made..which could be removed or damaged by the tools we use.
These altered systems may also hinder our tools, possibly reducing their effectiveness in removing the malware.



2. No Anti-virus Software Installed!
Looking over your log ... there is NO evidence of anti-virus software installed.. This puts you at serious risk.
Anti-virus software will help detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.

To protect your computer from infection...download a (free for personal use) anti-virus program from one these reliable vendors.
Microsoft Security Essentials ** (http://www.microsoft.com/security_essentials/) - New, from Microsoft, with email scanning, easy to install, easy to use.
** Your PC must run genuine Windows to install Microsoft Security Essentials.
Antivir PersonalEdition Classic (http://www.free-av.com/)- Superior detection, the "free" version has no email scan.
avast! Free Antivirus (http://www.avast.com/free-antivirus-download) - Excellent detection, the freeware version includes email scanning.
Note: remember to Uncheck any extra software downloads you may be offered (optional)


Installing a new AV product.
Download the new Anti-virus product to your computer.
Install the new AV product... following installation instructions.
Check for updates to the new AV product, if not done during install setup.
Run a full scan of your computer.
It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


3. Checklist
Please post:
Answer about Business Use computer
Antivirus scanning result
New DDS log
An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log. Please do not upload the logs as an attachment.

Thanks,
torreattack

Hi iohelp

3 Day Response Rule
It has been more than 2 days since my last post to you.

Do you still need help with this problem?
Do you need more time?
Are you having problems understanding or following my instructions?


thanks,
torreattack

Hi,
I still require your help.
I will post further logs when I get home from work.

Hi,
Just to let you know- it is not used for business use- it is a personal laptop. I haven't installed anti-virus software on the laptop - only because this issue is kernel based and normally does not get detected by AV software. However- I will install it when I get home and post the new logs for you.

Thank you for the help so far.
Iwona

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Cain at 20:07:32 on 2012-06-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1526.794 [GMT 10:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 211.31.138.11 211.29.132.12
TCP: Interfaces\{722AFB9E-660A-40D8-A243-6E5DB630BA11} : NameServer = 10.0.0.10
TCP: Interfaces\{722AFB9E-660A-40D8-A243-6E5DB630BA11} : DhcpNameServer = 208.67.222.222 208.67.220.220 211.31.138.11 211.29.132.12
BHO-X64: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
TB-X64: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cain\AppData\Roaming\Mozilla\Firefox\Profiles\lzp9ylmb.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_AU&apn_uid=a2abc1d7-7cfb-4199-9e35-12f9d645d978&apn_ptnrs=^ABZ&apn_sauid=28081A30-A1E8-470C-B581-2A2B039DCAA2&apn_dtid=^YYYYYY^YY^AU&&q=
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-25 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-25 110032]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-6-25 465360]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-12 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
.
=============== Created Last 30 ================
.
2012-06-25 07:01:15 -------- d-----w- C:\Users\Cain\AppData\Roaming\Avira
2012-06-25 02:27:46 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-06-25 02:27:21 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-06-25 02:27:21 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-06-25 02:27:20 -------- d-----w- C:\ProgramData\Avira
2012-06-25 02:27:20 -------- d-----w- C:\Program Files (x86)\Avira
2012-06-25 02:26:27 -------- d-sh--w- C:\Windows\Installer
2012-06-12 12:31:16 -------- d-----w- C:\ProgramData\RegRun
2012-06-12 12:18:13 -------- d-----w- C:\Users\Cain\AppData\Local\ElevatedDiagnostics
2012-06-12 12:17:45 -------- d-----w- C:\Users\Cain\AppData\Local\Diagnostics
2012-06-12 12:16:22 37600 ----a-w- C:\Windows\System32\Partizan.exe
2012-06-12 12:15:59 -------- d-----w- C:\Program Files (x86)\Greatis
2012-06-12 12:14:15 2 --shatr- C:\Windows\winstart.bat
2012-06-12 12:13:23 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-06-10 03:17:15 -------- d-----w- C:\Windows\Panther
.
==================== Find3M ====================
.
.
============= FINISH: 20:08:15.07 ===============

Hi iohelp :

Let's dig deeper.

1. RogueKiller
Please download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your programs.
Right click on RogueKiller.exe and select " Run as administrator " to run it.
If it does not run, please try a few times.
Wait for PreScan to finish, then click on Scan.
Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
Please copy and paste the contents of that log in your next reply.




2. TDSSKiller
Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
When the TDSSKiller finish loading, click on Change parameters.
Tick the Detect TDLFS file system and click ok.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT
note:If TDSSKiller still fail to run, try to rename it to other name like agdwm.exe and see whether it can run.




3. OTL
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) ... by Old Timer . Save it to your Desktop.
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.




4. Checklist
Please post:
RKreport[x].txt
TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
OTL.txt and Extra.txt
An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack

Hello,

Below are the requested reports- and thank you.

Rogue Killer:

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Cain [Admin rights]
Mode: Scan -- Date: 06/26/2012 18:10:44

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{722AFB9E-660A-40D8-A243-6E5DB630BA11} : NameServer (10.0.0.10) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{722AFB9E-660A-40D8-A243-6E5DB630BA11} : NameServer (10.0.0.10) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541616J9SA00 ATA Device +++++
--- User ---
[MBR] 9145fdef47f377753a4727f622c046cb
[BSP] f6ab15cb03965ce103355cb4cad85e6c : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

TDSS Killer report :

18:18:56.0308 1584 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
18:18:57.0884 1584 ============================================================
18:18:57.0884 1584 Current date / time: 2012/06/26 18:18:57.0884
18:18:57.0884 1584 SystemInfo:
18:18:57.0884 1584
18:18:57.0884 1584 OS Version: 6.1.7601 ServicePack: 1.0
18:18:57.0884 1584 Product type: Workstation
18:18:57.0884 1584 ComputerName: CAIN-PC
18:18:57.0884 1584 UserName: Cain
18:18:57.0884 1584 Windows directory: C:\Windows
18:18:57.0884 1584 System windows directory: C:\Windows
18:18:57.0884 1584 Running under WOW64
18:18:57.0884 1584 Processor architecture: Intel x64
18:18:57.0884 1584 Number of processors: 1
18:18:57.0884 1584 Page size: 0x1000
18:18:57.0899 1584 Boot type: Normal boot
18:18:57.0899 1584 ============================================================
18:18:59.0522 1584 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:18:59.0522 1584 ============================================================
18:18:59.0522 1584 \Device\Harddisk0\DR0:
18:18:59.0522 1584 MBR partitions:
18:18:59.0522 1584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:18:59.0522 1584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
18:18:59.0522 1584 ============================================================
18:18:59.0553 1584 C: <-> \Device\Harddisk0\DR0\Partition1
18:18:59.0553 1584 ============================================================
18:18:59.0553 1584 Initialize success
18:18:59.0553 1584 ============================================================
18:19:22.0282 1880 ============================================================
18:19:22.0282 1880 Scan started
18:19:22.0282 1880 Mode: Manual; TDLFS;
18:19:22.0282 1880 ============================================================
18:19:23.0000 1880 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:19:23.0015 1880 1394ohci - ok
18:19:23.0062 1880 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:19:23.0078 1880 ACPI - ok
18:19:23.0109 1880 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:19:23.0109 1880 AcpiPmi - ok
18:19:23.0171 1880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:19:23.0187 1880 adp94xx - ok
18:19:23.0249 1880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:19:23.0265 1880 adpahci - ok
18:19:23.0312 1880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:19:23.0312 1880 adpu320 - ok
18:19:23.0359 1880 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:19:23.0359 1880 AeLookupSvc - ok
18:19:23.0421 1880 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
18:19:23.0437 1880 AFD - ok
18:19:23.0530 1880 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
18:19:23.0561 1880 AgereSoftModem - ok
18:19:23.0608 1880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:19:23.0608 1880 agp440 - ok
18:19:23.0671 1880 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:19:23.0686 1880 ALG - ok
18:19:23.0717 1880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:19:23.0733 1880 aliide - ok
18:19:23.0749 1880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:19:23.0764 1880 amdide - ok
18:19:23.0795 1880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:19:23.0795 1880 AmdK8 - ok
18:19:23.0811 1880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:19:23.0827 1880 AmdPPM - ok
18:19:23.0873 1880 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
18:19:23.0889 1880 amdsata - ok
18:19:23.0905 1880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:19:23.0936 1880 amdsbs - ok
18:19:23.0967 1880 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
18:19:23.0967 1880 amdxata - ok
18:19:24.0201 1880 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:19:24.0217 1880 AntiVirSchedulerService - ok
18:19:24.0279 1880 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:19:24.0279 1880 AntiVirService - ok
18:19:24.0310 1880 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:19:24.0326 1880 AntiVirWebService - ok
18:19:24.0373 1880 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:19:24.0388 1880 AppID - ok
18:19:24.0435 1880 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:19:24.0435 1880 AppIDSvc - ok
18:19:24.0466 1880 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:19:24.0482 1880 Appinfo - ok
18:19:24.0716 1880 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:19:24.0731 1880 AppMgmt - ok
18:19:24.0794 1880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:19:24.0794 1880 arc - ok
18:19:24.0825 1880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:19:24.0825 1880 arcsas - ok
18:19:24.0872 1880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:19:24.0872 1880 AsyncMac - ok
18:19:24.0887 1880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:19:24.0887 1880 atapi - ok
18:19:25.0028 1880 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
18:19:25.0059 1880 athr - ok
18:19:25.0215 1880 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:19:25.0246 1880 AudioEndpointBuilder - ok
18:19:25.0246 1880 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:19:25.0262 1880 AudioSrv - ok
18:19:25.0340 1880 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
18:19:25.0340 1880 avgntflt - ok
18:19:25.0371 1880 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
18:19:25.0387 1880 avipbb - ok
18:19:25.0402 1880 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:19:25.0433 1880 avkmgr - ok
18:19:25.0480 1880 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:19:25.0480 1880 AxInstSV - ok
18:19:25.0558 1880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:19:25.0574 1880 b06bdrv - ok
18:19:25.0621 1880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:19:25.0636 1880 b57nd60a - ok
18:19:25.0699 1880 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:19:25.0699 1880 BDESVC - ok
18:19:25.0730 1880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:19:25.0730 1880 Beep - ok
18:19:25.0823 1880 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:19:25.0839 1880 BFE - ok
18:19:25.0901 1880 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:19:25.0933 1880 BITS - ok
18:19:26.0011 1880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:19:26.0011 1880 blbdrive - ok
18:19:26.0042 1880 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
18:19:26.0042 1880 bowser - ok
18:19:26.0089 1880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:19:26.0089 1880 BrFiltLo - ok
18:19:26.0104 1880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:19:26.0104 1880 BrFiltUp - ok
18:19:26.0151 1880 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:19:26.0151 1880 Browser - ok
18:19:26.0182 1880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:19:26.0198 1880 Brserid - ok
18:19:26.0213 1880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:19:26.0229 1880 BrSerWdm - ok
18:19:26.0229 1880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:19:26.0245 1880 BrUsbMdm - ok
18:19:26.0260 1880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:19:26.0260 1880 BrUsbSer - ok
18:19:26.0291 1880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:19:26.0291 1880 BTHMODEM - ok
18:19:26.0338 1880 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:19:26.0354 1880 bthserv - ok
18:19:26.0385 1880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:19:26.0385 1880 cdfs - ok
18:19:26.0432 1880 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:19:26.0432 1880 cdrom - ok
18:19:26.0494 1880 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:19:26.0494 1880 CertPropSvc - ok
18:19:26.0525 1880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:19:26.0525 1880 circlass - ok
18:19:26.0572 1880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:19:26.0588 1880 CLFS - ok
18:19:26.0635 1880 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:19:26.0650 1880 clr_optimization_v2.0.50727_32 - ok
18:19:26.0713 1880 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:19:26.0713 1880 clr_optimization_v2.0.50727_64 - ok
18:19:26.0759 1880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:19:26.0759 1880 CmBatt - ok
18:19:26.0791 1880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:19:26.0806 1880 cmdide - ok
18:19:26.0837 1880 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:19:26.0869 1880 CNG - ok
18:19:26.0900 1880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:19:26.0900 1880 Compbatt - ok
18:19:26.0931 1880 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:19:26.0931 1880 CompositeBus - ok
18:19:26.0962 1880 COMSysApp - ok
18:19:26.0978 1880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:19:26.0993 1880 crcdisk - ok
18:19:27.0056 1880 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:19:27.0071 1880 CryptSvc - ok
18:19:27.0118 1880 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:19:27.0149 1880 CSC - ok
18:19:27.0196 1880 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
18:19:27.0196 1880 CscService - ok
18:19:27.0274 1880 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:19:27.0290 1880 DcomLaunch - ok
18:19:27.0337 1880 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:19:27.0352 1880 defragsvc - ok
18:19:27.0430 1880 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:19:27.0430 1880 DfsC - ok
18:19:27.0493 1880 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:19:27.0493 1880 Dhcp - ok
18:19:27.0508 1880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:19:27.0508 1880 discache - ok
18:19:27.0539 1880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:19:27.0555 1880 Disk - ok
18:19:27.0586 1880 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
18:19:27.0602 1880 dmvsc - ok
18:19:27.0649 1880 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
18:19:27.0664 1880 Dnscache - ok
18:19:27.0695 1880 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:19:27.0695 1880 dot3svc - ok
18:19:27.0727 1880 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:19:27.0727 1880 DPS - ok
18:19:27.0773 1880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:19:27.0773 1880 drmkaud - ok
18:19:27.0867 1880 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:19:27.0883 1880 DXGKrnl - ok
18:19:27.0914 1880 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:19:27.0929 1880 EapHost - ok
18:19:28.0132 1880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:19:28.0195 1880 ebdrv - ok
18:19:28.0288 1880 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
18:19:28.0304 1880 EFS - ok
18:19:28.0397 1880 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:19:28.0413 1880 ehRecvr - ok
18:19:28.0429 1880 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:19:28.0444 1880 ehSched - ok
18:19:28.0538 1880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:19:28.0553 1880 elxstor - ok
18:19:28.0569 1880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:19:28.0569 1880 ErrDev - ok
18:19:28.0663 1880 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:19:28.0678 1880 EventSystem - ok
18:19:28.0709 1880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:19:28.0709 1880 exfat - ok
18:19:28.0756 1880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:19:28.0772 1880 fastfat - ok
18:19:28.0834 1880 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:19:28.0850 1880 Fax - ok
18:19:28.0897 1880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:19:28.0897 1880 fdc - ok
18:19:28.0943 1880 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:19:28.0943 1880 fdPHost - ok
18:19:28.0975 1880 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:19:28.0990 1880 FDResPub - ok
18:19:29.0021 1880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:19:29.0021 1880 FileInfo - ok
18:19:29.0037 1880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:19:29.0037 1880 Filetrace - ok
18:19:29.0053 1880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:19:29.0053 1880 flpydisk - ok
18:19:29.0115 1880 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:19:29.0115 1880 FltMgr - ok
18:19:29.0209 1880 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
18:19:29.0224 1880 FontCache - ok
18:19:29.0302 1880 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:19:29.0333 1880 FontCache3.0.0.0 - ok
18:19:29.0380 1880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:19:29.0380 1880 FsDepends - ok
18:19:29.0411 1880 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:19:29.0411 1880 Fs_Rec - ok
18:19:29.0458 1880 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:19:29.0458 1880 fvevol - ok
18:19:29.0489 1880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:19:29.0505 1880 gagp30kx - ok
18:19:29.0567 1880 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:19:29.0599 1880 gpsvc - ok
18:19:29.0630 1880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:19:29.0630 1880 hcw85cir - ok
18:19:29.0692 1880 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:19:29.0739 1880 HdAudAddService - ok
18:19:29.0786 1880 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:19:29.0786 1880 HDAudBus - ok
18:19:29.0817 1880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:19:29.0817 1880 HidBatt - ok
18:19:29.0833 1880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:19:29.0848 1880 HidBth - ok
18:19:29.0864 1880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:19:29.0864 1880 HidIr - ok
18:19:29.0911 1880 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:19:29.0911 1880 hidserv - ok
18:19:29.0957 1880 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:19:29.0957 1880 HidUsb - ok
18:19:30.0004 1880 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:19:30.0020 1880 hkmsvc - ok
18:19:30.0051 1880 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:19:30.0067 1880 HomeGroupListener - ok
18:19:30.0113 1880 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:19:30.0129 1880 HomeGroupProvider - ok
18:19:30.0160 1880 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:19:30.0160 1880 HpSAMD - ok
18:19:30.0238 1880 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:19:30.0254 1880 HTTP - ok
18:19:30.0269 1880 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:19:30.0269 1880 hwpolicy - ok
18:19:30.0301 1880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:19:30.0316 1880 i8042prt - ok
18:19:30.0379 1880 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
18:19:30.0394 1880 iaStorV - ok
18:19:30.0503 1880 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:19:30.0550 1880 idsvc - ok
18:19:30.0909 1880 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:19:31.0127 1880 igfx - ok
18:19:31.0237 1880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:19:31.0252 1880 iirsp - ok
18:19:31.0330 1880 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:19:31.0346 1880 IKEEXT - ok
18:19:31.0377 1880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:19:31.0393 1880 intelide - ok
18:19:31.0424 1880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:19:31.0424 1880 intelppm - ok
18:19:31.0439 1880 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:19:31.0455 1880 IPBusEnum - ok
18:19:31.0486 1880 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:19:31.0486 1880 IpFilterDriver - ok
18:19:31.0549 1880 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:19:31.0564 1880 iphlpsvc - ok
18:19:31.0580 1880 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:19:31.0595 1880 IPMIDRV - ok
18:19:31.0627 1880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:19:31.0642 1880 IPNAT - ok
18:19:31.0673 1880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:19:31.0673 1880 IRENUM - ok
18:19:31.0705 1880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:19:31.0705 1880 isapnp - ok
18:19:31.0751 1880 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:19:31.0767 1880 iScsiPrt - ok
18:19:31.0798 1880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:19:31.0814 1880 kbdclass - ok
18:19:31.0829 1880 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:19:31.0829 1880 kbdhid - ok
18:19:31.0861 1880 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:19:31.0861 1880 KeyIso - ok
18:19:31.0907 1880 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:19:31.0907 1880 KSecDD - ok
18:19:31.0939 1880 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:19:31.0954 1880 KSecPkg - ok
18:19:31.0970 1880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:19:31.0970 1880 ksthunk - ok
18:19:32.0017 1880 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:19:32.0032 1880 KtmRm - ok
18:19:32.0095 1880 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:19:32.0095 1880 LanmanServer - ok
18:19:32.0126 1880 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:19:32.0141 1880 LanmanWorkstation - ok
18:19:32.0173 1880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:19:32.0188 1880 lltdio - ok
18:19:32.0235 1880 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:19:32.0251 1880 lltdsvc - ok
18:19:32.0266 1880 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:19:32.0282 1880 lmhosts - ok
18:19:32.0329 1880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:19:32.0344 1880 LSI_FC - ok
18:19:32.0375 1880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:19:32.0391 1880 LSI_SAS - ok
18:19:32.0407 1880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:19:32.0407 1880 LSI_SAS2 - ok
18:19:32.0438 1880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:19:32.0453 1880 LSI_SCSI - ok
18:19:32.0469 1880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:19:32.0469 1880 luafv - ok
18:19:32.0516 1880 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:19:32.0516 1880 Mcx2Svc - ok
18:19:32.0531 1880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:19:32.0547 1880 megasas - ok
18:19:32.0578 1880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:19:32.0594 1880 MegaSR - ok
18:19:32.0656 1880 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:19:32.0656 1880 MMCSS - ok
18:19:32.0672 1880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:19:32.0672 1880 Modem - ok
18:19:32.0687 1880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:19:32.0687 1880 monitor - ok
18:19:32.0719 1880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:19:32.0734 1880 mouclass - ok
18:19:32.0750 1880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:19:32.0765 1880 mouhid - ok
18:19:32.0781 1880 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:19:32.0781 1880 mountmgr - ok
18:19:32.0890 1880 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:19:32.0906 1880 MozillaMaintenance - ok
18:19:32.0937 1880 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:19:32.0953 1880 mpio - ok
18:19:32.0968 1880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:19:32.0984 1880 mpsdrv - ok
18:19:33.0046 1880 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:19:33.0062 1880 MpsSvc - ok
18:19:33.0093 1880 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:19:33.0109 1880 MRxDAV - ok
18:19:33.0155 1880 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:19:33.0171 1880 mrxsmb - ok
18:19:33.0202 1880 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:19:33.0218 1880 mrxsmb10 - ok
18:19:33.0249 1880 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:19:33.0249 1880 mrxsmb20 - ok
18:19:33.0265 1880 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:19:33.0280 1880 msahci - ok
18:19:33.0296 1880 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:19:33.0311 1880 msdsm - ok
18:19:33.0358 1880 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:19:33.0374 1880 MSDTC - ok
18:19:33.0389 1880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:19:33.0405 1880 Msfs - ok
18:19:33.0421 1880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:19:33.0436 1880 mshidkmdf - ok
18:19:33.0452 1880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:19:33.0452 1880 msisadrv - ok
18:19:33.0499 1880 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:19:33.0514 1880 MSiSCSI - ok
18:19:33.0530 1880 msiserver - ok
18:19:33.0577 1880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:19:33.0577 1880 MSKSSRV - ok
18:19:33.0592 1880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:19:33.0592 1880 MSPCLOCK - ok
18:19:33.0608 1880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:19:33.0608 1880 MSPQM - ok
18:19:33.0655 1880 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:19:33.0670 1880 MsRPC - ok
18:19:33.0701 1880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:19:33.0701 1880 mssmbios - ok
18:19:33.0733 1880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:19:33.0733 1880 MSTEE - ok
18:19:33.0748 1880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:19:33.0764 1880 MTConfig - ok
18:19:33.0779 1880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:19:33.0779 1880 Mup - ok
18:19:33.0842 1880 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:19:33.0857 1880 napagent - ok
18:19:33.0920 1880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:19:33.0935 1880 NativeWifiP - ok
18:19:34.0013 1880 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:19:34.0045 1880 NDIS - ok
18:19:34.0091 1880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:19:34.0091 1880 NdisCap - ok
18:19:34.0138 1880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:19:34.0138 1880 NdisTapi - ok
18:19:34.0169 1880 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:19:34.0169 1880 Ndisuio - ok
18:19:34.0201 1880 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:19:34.0232 1880 NdisWan - ok
18:19:34.0247 1880 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:19:34.0247 1880 NDProxy - ok
18:19:34.0263 1880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:19:34.0279 1880 NetBIOS - ok
18:19:34.0325 1880 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:19:34.0325 1880 NetBT - ok
18:19:34.0357 1880 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:19:34.0357 1880 Netlogon - ok
18:19:34.0419 1880 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:19:34.0435 1880 Netman - ok
18:19:34.0466 1880 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:19:34.0481 1880 netprofm - ok
18:19:34.0575 1880 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:19:34.0575 1880 NetTcpPortSharing - ok
18:19:34.0606 1880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:19:34.0622 1880 nfrd960 - ok
18:19:34.0669 1880 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:19:34.0684 1880 NlaSvc - ok
18:19:34.0700 1880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:19:34.0700 1880 Npfs - ok
18:19:34.0747 1880 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:19:34.0762 1880 nsi - ok
18:19:34.0840 1880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:19:34.0840 1880 nsiproxy - ok
18:19:35.0027 1880 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
18:19:35.0090 1880 Ntfs - ok
18:19:35.0199 1880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:19:35.0199 1880 Null - ok
18:19:35.0246 1880 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
18:19:35.0261 1880 nvraid - ok
18:19:35.0293 1880 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
18:19:35.0293 1880 nvstor - ok
18:19:35.0324 1880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:19:35.0339 1880 nv_agp - ok
18:19:35.0371 1880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:19:35.0371 1880 ohci1394 - ok
18:19:35.0433 1880 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:19:35.0449 1880 p2pimsvc - ok
18:19:35.0495 1880 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:19:35.0511 1880 p2psvc - ok
18:19:35.0542 1880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:19:35.0558 1880 Parport - ok
18:19:35.0589 1880 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:19:35.0589 1880 partmgr - ok
18:19:35.0620 1880 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:19:35.0636 1880 PcaSvc - ok
18:19:35.0667 1880 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:19:35.0683 1880 pci - ok
18:19:35.0714 1880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:19:35.0714 1880 pciide - ok
18:19:35.0745 1880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:19:35.0761 1880 pcmcia - ok
18:19:35.0776 1880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:19:35.0792 1880 pcw - ok
18:19:35.0854 1880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:19:35.0885 1880 PEAUTH - ok
18:19:35.0979 1880 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:19:36.0010 1880 PeerDistSvc - ok
18:19:36.0104 1880 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:19:36.0104 1880 PerfHost - ok
18:19:36.0275 1880 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:19:36.0322 1880 pla - ok
18:19:36.0385 1880 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
18:19:36.0400 1880 PlugPlay - ok
18:19:36.0431 1880 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:19:36.0447 1880 PNRPAutoReg - ok
18:19:36.0494 1880 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:19:36.0494 1880 PNRPsvc - ok
18:19:36.0556 1880 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:19:36.0572 1880 PolicyAgent - ok
18:19:36.0634 1880 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:19:36.0634 1880 Power - ok
18:19:36.0728 1880 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:19:36.0743 1880 PptpMiniport - ok
18:19:36.0775 1880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:19:36.0775 1880 Processor - ok
18:19:36.0837 1880 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:19:36.0837 1880 ProfSvc - ok
18:19:36.0884 1880 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:19:36.0884 1880 ProtectedStorage - ok
18:19:36.0931 1880 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:19:36.0931 1880 Psched - ok
18:19:37.0055 1880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:19:37.0102 1880 ql2300 - ok
18:19:37.0243 1880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:19:37.0258 1880 ql40xx - ok
18:19:37.0305 1880 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:19:37.0321 1880 QWAVE - ok
18:19:37.0336 1880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:19:37.0352 1880 QWAVEdrv - ok
18:19:37.0367 1880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:19:37.0367 1880 RasAcd - ok
18:19:37.0414 1880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:19:37.0430 1880 RasAgileVpn - ok
18:19:37.0461 1880 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:19:37.0461 1880 RasAuto - ok
18:19:37.0492 1880 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:19:37.0508 1880 Rasl2tp - ok
18:19:37.0539 1880 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:19:37.0570 1880 RasMan - ok
18:19:37.0601 1880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:19:37.0601 1880 RasPppoe - ok
18:19:37.0617 1880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:19:37.0633 1880 RasSstp - ok
18:19:37.0679 1880 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:19:37.0695 1880 rdbss - ok
18:19:37.0711 1880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:19:37.0726 1880 rdpbus - ok
18:19:37.0757 1880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:19:37.0757 1880 RDPCDD - ok
18:19:37.0804 1880 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:19:37.0820 1880 RDPDR - ok
18:19:37.0851 1880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:19:37.0851 1880 RDPENCDD - ok
18:19:37.0867 1880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:19:37.0867 1880 RDPREFMP - ok
18:19:37.0913 1880 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:19:37.0913 1880 RdpVideoMiniport - ok
18:19:37.0945 1880 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:19:37.0960 1880 RDPWD - ok
18:19:38.0023 1880 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:19:38.0038 1880 rdyboost - ok
18:19:38.0085 1880 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:19:38.0101 1880 RemoteAccess - ok
18:19:38.0147 1880 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:19:38.0163 1880 RemoteRegistry - ok
18:19:38.0194 1880 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:19:38.0210 1880 RpcEptMapper - ok
18:19:38.0241 1880 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:19:38.0241 1880 RpcLocator - ok
18:19:38.0288 1880 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:19:38.0303 1880 RpcSs - ok
18:19:38.0350 1880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:19:38.0350 1880 rspndr - ok
18:19:38.0397 1880 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:19:38.0397 1880 s3cap - ok
18:19:38.0428 1880 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:19:38.0428 1880 SamSs - ok
18:19:38.0444 1880 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:19:38.0459 1880 sbp2port - ok
18:19:38.0506 1880 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:19:38.0522 1880 SCardSvr - ok
18:19:38.0537 1880 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:19:38.0537 1880 scfilter - ok
18:19:38.0615 1880 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:19:38.0647 1880 Schedule - ok
18:19:38.0693 1880 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:19:38.0693 1880 SCPolicySvc - ok
18:19:38.0725 1880 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:19:38.0740 1880 SDRSVC - ok
18:19:38.0834 1880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:19:38.0834 1880 secdrv - ok
18:19:38.0881 1880 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:19:38.0881 1880 seclogon - ok
18:19:38.0912 1880 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:19:38.0912 1880 SENS - ok
18:19:38.0943 1880 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:19:38.0943 1880 SensrSvc - ok
18:19:38.0959 1880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:19:38.0974 1880 Serenum - ok
18:19:39.0005 1880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:19:39.0021 1880 Serial - ok
18:19:39.0037 1880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:19:39.0037 1880 sermouse - ok
18:19:39.0099 1880 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:19:39.0099 1880 SessionEnv - ok
18:19:39.0130 1880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:19:39.0130 1880 sffdisk - ok
18:19:39.0146 1880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:19:39.0146 1880 sffp_mmc - ok
18:19:39.0161 1880 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:19:39.0161 1880 sffp_sd - ok
18:19:39.0177 1880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:19:39.0193 1880 sfloppy - ok
18:19:39.0239 1880 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:19:39.0255 1880 SharedAccess - ok
18:19:39.0317 1880 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:19:39.0333 1880 ShellHWDetection - ok
18:19:39.0349 1880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:19:39.0364 1880 SiSRaid2 - ok
18:19:39.0395 1880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:19:39.0411 1880 SiSRaid4 - ok
18:19:39.0442 1880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:19:39.0458 1880 Smb - ok
18:19:39.0489 1880 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:19:39.0505 1880 SNMPTRAP - ok
18:19:39.0520 1880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:19:39.0520 1880 spldr - ok
18:19:39.0583 1880 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:19:39.0598 1880 Spooler - ok
18:19:39.0817 1880 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:19:39.0863 1880 sppsvc - ok
18:19:39.0973 1880 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:19:39.0988 1880 sppuinotify - ok
18:19:40.0066 1880 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
18:19:40.0097 1880 srv - ok
18:19:40.0129 1880 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
18:19:40.0144 1880 srv2 - ok
18:19:40.0175 1880 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
18:19:40.0175 1880 srvnet - ok
18:19:40.0222 1880 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:19:40.0238 1880 SSDPSRV - ok
18:19:40.0269 1880 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:19:40.0269 1880 SstpSvc - ok
18:19:40.0285 1880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:19:40.0300 1880 stexstor - ok
18:19:40.0378 1880 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:19:40.0394 1880 stisvc - ok
18:19:40.0441 1880 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:19:40.0441 1880 storflt - ok
18:19:40.0472 1880 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:19:40.0472 1880 storvsc - ok
18:19:40.0503 1880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:19:40.0503 1880 swenum - ok
18:19:40.0565 1880 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:19:40.0597 1880 swprv - ok
18:19:40.0628 1880 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
18:19:40.0643 1880 Synth3dVsc - ok
18:19:40.0784 1880 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:19:40.0799 1880 SysMain - ok
18:19:40.0909 1880 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:19:40.0924 1880 TabletInputService - ok
18:19:40.0971 1880 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:19:40.0987 1880 TapiSrv - ok
18:19:41.0018 1880 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:19:41.0018 1880 TBS - ok
18:19:41.0189 1880 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
18:19:41.0221 1880 Tcpip - ok
18:19:41.0455 1880 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
18:19:41.0470 1880 TCPIP6 - ok
18:19:41.0533 1880 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:19:41.0533 1880 tcpipreg - ok
18:19:41.0564 1880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:19:41.0564 1880 TDPIPE - ok
18:19:41.0579 1880 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:19:41.0579 1880 TDTCP - ok
18:19:41.0626 1880 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:19:41.0626 1880 tdx - ok
18:19:41.0657 1880 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:19:41.0657 1880 TermDD - ok
18:19:41.0704 1880 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
18:19:41.0704 1880 terminpt - ok
18:19:41.0782 1880 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:19:41.0798 1880 TermService - ok
18:19:41.0813 1880 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:19:41.0829 1880 Themes - ok
18:19:41.0876 1880 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:19:41.0876 1880 THREADORDER - ok
18:19:41.0907 1880 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:19:41.0907 1880 TrkWks - ok
18:19:41.0969 1880 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:19:41.0985 1880 TrustedInstaller - ok
18:19:42.0016 1880 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:19:42.0016 1880 tssecsrv - ok
18:19:42.0032 1880 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:19:42.0032 1880 TsUsbFlt - ok
18:19:42.0063 1880 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:19:42.0063 1880 TsUsbGD - ok
18:19:42.0110 1880 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
18:19:42.0110 1880 tsusbhub - ok
18:19:42.0141 1880 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:19:42.0141 1880 tunnel - ok
18:19:42.0157 1880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:19:42.0172 1880 uagp35 - ok
18:19:42.0219 1880 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:19:42.0235 1880 udfs - ok
18:19:42.0281 1880 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:19:42.0281 1880 UI0Detect - ok
18:19:42.0297 1880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:19:42.0313 1880 uliagpkx - ok
18:19:42.0344 1880 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:19:42.0344 1880 umbus - ok
18:19:42.0375 1880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:19:42.0375 1880 UmPass - ok
18:19:42.0437 1880 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
18:19:42.0437 1880 UmRdpService - ok
18:19:42.0484 1880 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:19:42.0500 1880 upnphost - ok
18:19:42.0531 1880 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
18:19:42.0547 1880 usbccgp - ok
18:19:42.0562 1880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:19:42.0578 1880 usbcir - ok
18:19:42.0593 1880 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
18:19:42.0609 1880 usbehci - ok
18:19:42.0656 1880 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
18:19:42.0671 1880 usbhub - ok
18:19:42.0703 1880 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
18:19:42.0718 1880 usbohci - ok
18:19:42.0734 1880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
18:19:42.0734 1880 usbprint - ok
18:19:42.0765 1880 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:19:42.0781 1880 USBSTOR - ok
18:19:42.0796 1880 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:19:42.0796 1880 usbuhci - ok
18:19:42.0843 1880 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:19:42.0843 1880 UxSms - ok
18:19:42.0874 1880 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:19:42.0874 1880 VaultSvc - ok
18:19:42.0905 1880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:19:42.0905 1880 vdrvroot - ok
18:19:42.0968 1880 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:19:42.0983 1880 vds - ok
18:19:43.0015 1880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:19:43.0015 1880 vga - ok
18:19:43.0046 1880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:19:43.0046 1880 VgaSave - ok
18:19:43.0061 1880 VGPU - ok
18:19:43.0093 1880 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:19:43.0124 1880 vhdmp - ok
18:19:43.0124 1880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:19:43.0139 1880 viaide - ok
18:19:43.0186 1880 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:19:43.0202 1880 vmbus - ok
18:19:43.0217 1880 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:19:43.0233 1880 VMBusHID - ok
18:19:43.0249 1880 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:19:43.0264 1880 volmgr - ok
18:19:43.0311 1880 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:19:43.0311 1880 volmgrx - ok
18:19:43.0342 1880 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:19:43.0358 1880 volsnap - ok
18:19:43.0389 1880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:19:43.0389 1880 vsmraid - ok
18:19:43.0514 1880 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:19:43.0545 1880 VSS - ok
18:19:43.0670 1880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:19:43.0670 1880 vwifibus - ok
18:19:43.0717 1880 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:19:43.0732 1880 vwififlt - ok
18:19:43.0795 1880 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:19:43.0795 1880 W32Time - ok
18:19:43.0826 1880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:19:43.0826 1880 WacomPen - ok
18:19:43.0873 1880 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:19:43.0888 1880 WANARP - ok
18:19:43.0904 1880 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:19:43.0904 1880 Wanarpv6 - ok
18:19:44.0013 1880 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:19:44.0044 1880 wbengine - ok
18:19:44.0153 1880 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:19:44.0185 1880 WbioSrvc - ok
18:19:44.0216 1880 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:19:44.0231 1880 wcncsvc - ok
18:19:44.0247 1880 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:19:44.0263 1880 WcsPlugInService - ok
18:19:44.0309 1880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:19:44.0325 1880 Wd - ok
18:19:44.0387 1880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:19:44.0403 1880 Wdf01000 - ok
18:19:44.0434 1880 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:19:44.0450 1880 WdiServiceHost - ok
18:19:44.0450 1880 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:19:44.0465 1880 WdiSystemHost - ok
18:19:44.0497 1880 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:19:44.0497 1880 WebClient - ok
18:19:44.0543 1880 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:19:44.0559 1880 Wecsvc - ok
18:19:44.0575 1880 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:19:44.0590 1880 wercplsupport - ok
18:19:44.0637 1880 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:19:44.0653 1880 WerSvc - ok
18:19:44.0715 1880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:19:44.0715 1880 WfpLwf - ok
18:19:44.0746 1880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:19:44.0746 1880 WIMMount - ok
18:19:44.0777 1880 WinDefend - ok
18:19:44.0809 1880 WinHttpAutoProxySvc - ok
18:19:44.0871 1880 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:19:44.0887 1880 Winmgmt - ok
18:19:45.0245 1880 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:19:45.0323 1880 WinRM - ok
18:19:45.0511 1880 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:19:45.0542 1880 Wlansvc - ok
18:19:45.0604 1880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:19:45.0604 1880 WmiAcpi - ok
18:19:45.0698 1880 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:19:45.0713 1880 wmiApSrv - ok
18:19:45.0745 1880 WMPNetworkSvc - ok
18:19:45.0791 1880 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:19:45.0791 1880 WPCSvc - ok
18:19:45.0823 1880 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:19:45.0838 1880 WPDBusEnum - ok
18:19:45.0854 1880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:19:45.0854 1880 ws2ifsl - ok
18:19:45.0885 1880 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:19:45.0901 1880 wscsvc - ok
18:19:45.0916 1880 WSearch - ok
18:19:46.0072 1880 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:19:46.0119 1880 wuauserv - ok
18:19:46.0228 1880 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:19:46.0244 1880 WudfPf - ok
18:19:46.0275 1880 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:19:46.0291 1880 WUDFRd - ok
18:19:46.0322 1880 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:19:46.0337 1880 wudfsvc - ok
18:19:46.0369 1880 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:19:46.0384 1880 WwanSvc - ok
18:19:46.0431 1880 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:19:46.0681 1880 \Device\Harddisk0\DR0 - ok
18:19:46.0696 1880 Boot (0x1200) (469e797304f7b77dd869e764befe53e3) \Device\Harddisk0\DR0\Partition0
18:19:46.0696 1880 \Device\Harddisk0\DR0\Partition0 - ok
18:19:46.0727 1880 Boot (0x1200) (c80c30865a3643f3b8080703cf7a1c02) \Device\Harddisk0\DR0\Partition1
18:19:46.0743 1880 \Device\Harddisk0\DR0\Partition1 - ok
18:19:46.0743 1880 ============================================================
18:19:46.0743 1880 Scan finished
18:19:46.0743 1880 ============================================================
18:19:46.0759 2312 Detected object count: 0
18:19:46.0759 2312 Actual detected object count: 0

OTL scan:

OTL logfile created on: 6/26/2012 6:22:51 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Cain\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 55.73% Memory free
2.98 Gb Paging File | 2.11 Gb Available in Paging File | 70.76% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 126.80 Gb Free Space | 85.13% Space Free | Partition Type: NTFS
Drive D: | 145.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CAIN-PC | User Name: Cain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Cain\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC






IE - HKU\S-1-5-21-1907864757-3584112839-898014372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1907864757-3584112839-898014372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx
IE - HKU\S-1-5-21-1907864757-3584112839-898014372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1907864757-3584112839-898014372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 F3 8E D0 93 48 CD 01 [binary data]
IE - HKU\S-1-5-21-1907864757-3584112839-898014372-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1907864757-3584112839-898014372-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1907864757-3584112839-898014372-1000\..\SearchScopes\{012B4696-57B8-4C16-9915-5BD69971A95F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^AU&apn_uid=a2abc1d7-7cfb-4199-9e35-12f9d645d978&apn_sauid=28081A30-A1E8-470C-B581-2A2B039DCAA2
IE - HKU\S-1-5-21-1907864757-3584112839-898014372-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1907864757-3584112839-898014372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_AU&apn_uid=a2abc1d7-7cfb-4199-9e35-12f9d645d978&apn_ptnrs=^ABZ&apn_sauid=28081A30-A1E8-470C-B581-2A2B039DCAA2&apn_dtid=^YYYYYY^YY^AU&&q="
FF - user.js - File not found


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/12 22:36:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/12 22:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cain\AppData\Roaming\Mozilla\Extensions
[2012/06/25 12:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cain\AppData\Roaming\Mozilla\Firefox\Profiles\lzp9ylmb.default\extensions
[2012/06/25 19:57:46 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Cain\AppData\Roaming\Mozilla\Firefox\Profiles\lzp9ylmb.default\extensions\toolbar@ask.com
[2012/06/25 19:57:50 | 000,002,413 | ---- | M] () -- C:\Users\Cain\AppData\Roaming\Mozilla\Firefox\Profiles\lzp9ylmb.default\searchplugins\askcom.xml
[2012/06/12 22:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/02 01:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/02 01:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/02 01:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 211.31.138.11 211.29.132.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{722AFB9E-660A-40D8-A243-6E5DB630BA11}: DhcpNameServer = 208.67.222.222 208.67.220.220 211.31.138.11 211.29.132.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{722AFB9E-660A-40D8-A243-6E5DB630BA11}: NameServer = 10.0.0.10
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 18:21:38 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Cain\Desktop\OTL.exe
[2012/06/26 18:17:24 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cain\Desktop\tdsskiller.exe
[2012/06/26 18:10:24 | 000,000,000 | ---D | C] -- C:\Users\Cain\Desktop\RK_Quarantine
[2012/06/25 20:02:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Cain\Desktop\dds.scr
[2012/06/25 17:01:15 | 000,000,000 | ---D | C] -- C:\Users\Cain\AppData\Roaming\Avira
[2012/06/25 12:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/25 12:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/06/25 12:27:21 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/06/25 12:27:21 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/06/25 12:27:21 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/06/25 12:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/25 12:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/25 12:26:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/06/20 03:15:00 | 000,000,000 | ---D | C] -- C:\Users\Cain\Desktop\100MEDIA
[2012/06/12 22:36:32 | 000,000,000 | ---D | C] -- C:\Users\Cain\AppData\Roaming\Mozilla
[2012/06/12 22:36:32 | 000,000,000 | ---D | C] -- C:\Users\Cain\AppData\Local\Mozilla
[2012/06/12 22:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/12 22:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/12 22:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/12 22:34:37 | 000,132,072 | ---- | C] (PortableApps.com) -- C:\Users\Cain\Desktop\7-ZipPortable.exe
[2012/06/12 22:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/06/12 22:18:13 | 000,000,000 | ---D | C] -- C:\Users\Cain\AppData\Local\ElevatedDiagnostics
[2012/06/12 22:17:45 | 000,000,000 | ---D | C] -- C:\Users\Cain\AppData\Local\Diagnostics
[2012/06/12 22:16:22 | 000,037,600 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012/06/12 22:16:20 | 000,000,000 | -H-D | C] -- C:\Users\Cain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2012/06/12 22:16:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2012/06/12 22:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis
[2012/06/12 22:13:29 | 000,000,000 | ---D | C] -- C:\Users\Cain\Documents\RegRun2
[2012/06/12 22:13:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2012/06/12 22:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2012/06/10 13:17:15 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/06/10 12:26:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/06/10 12:23:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/06/10 12:23:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/06/10 08:05:13 | 000,000,000 | ---D | C] -- C:\Users\Cain\Desktop\New folder
[2012/06/09 19:47:09 | 000,000,000 | R--D | C] -- C:\Users\Cain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/09 19:47:09 | 000,000,000 | R--D | C] -- C:\Users\Cain\Searches
[2012/06/09 19:47:09 | 000,000,000 | R--D | C] -- C:\Users\Cain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/09 19:47:09 | 000,000,000 | -H-D | C] -- C:\Users\Cain\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/06/09 19:46:58 | 000,000,000 | ---D | C] -- C:\Users\Cain\AppData\Roaming\Identities
[2012/06/09 19:46:53 | 000,000,000 | R--D | C] -- C:\Users\Cain\Contacts
[2012/06/09 19:46:50 | 000,000,000 | ---D | C] -- C:\Users\Cain\AppData\Local\VirtualStore
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\AppData\Local\Temporary Internet Files
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\Templates
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\Start Menu
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\SendTo
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\Recent
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\PrintHood
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\NetHood
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\Documents\My Videos
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\Documents\My Pictures
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\Documents\My Music
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\My Documents
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\Local Settings
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\AppData\Local\History
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\Cookies
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\Application Data
[2012/06/09 19:46:26 | 000,000,000 | -HSD | C] -- C:\Users\Cain\AppData\Local\Application Data
[2012/06/09 19:46:24 | 000,000,000 | --SD | C] -- C:\Users\Cain\AppData\Roaming\Microsoft
[2012/06/09 19:46:24 | 000,000,000 | R--D | C] -- C:\Users\Cain\Videos
[2012/06/09 19:46:24 | 000,000,000 | R--D | C] -- C:\Users\Cain\Saved Games
[2012/06/09 19:46:24 | 000,000,000 | R--D | C] -- C:\Users\Cain\Pictures
[2012/06/09 19:46:24 | 000,000,000 | R--D | C] -- C:\Users\Cain\Music
[2012/06/09 19:46:24 | 000,000,000 | R--D | C] -- C:\Users\Cain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/09 19:46:24 | 000,000,000 | R--D | C] -- C:\Users\Cain\Links
[2012/06/09 19:46:24 | 000,000,000 | R--D | C] -- C:\Users\Cain\Favorites
[2012/06/09 19:46:24 | 000,000,000 | R--D | C] -- C:\Users\Cain\Downloads
[2012/06/09 19:46:24 | 000,000,000 | R--D | C] -- C:\Users\Cain\Documents
[2012/06/09 19:46:24 | 000,000,000 | R--D | C] -- C:\Users\Cain\Desktop
[2012/06/09 19:46:24 | 000,000,000 | R--D | C] -- C:\Users\Cain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/09 19:46:24 | 000,000,000 | -H-D | C] -- C:\Users\Cain\AppData
[2012/06/09 19:46:24 | 000,000,000 | ---D | C] -- C:\Users\Cain\AppData\Local\Temp
[2012/06/09 19:46:24 | 000,000,000 | ---D | C] -- C:\Users\Cain\AppData\Local\Microsoft
[2012/06/09 19:46:24 | 000,000,000 | ---D | C] -- C:\Users\Cain\AppData\Roaming\Media Center Programs
[2012/06/09 19:46:14 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/06/26 18:21:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Cain\Desktop\OTL.exe
[2012/06/26 18:17:44 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cain\Desktop\tdsskiller.exe
[2012/06/26 18:09:09 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/26 18:09:09 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/26 18:09:09 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/26 18:09:05 | 001,521,152 | ---- | M] () -- C:\Users\Cain\Desktop\RogueKiller.exe
[2012/06/26 18:04:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/26 18:04:18 | 1200,087,040 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 18:00:02 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 18:00:01 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 20:11:38 | 000,001,816 | ---- | M] () -- C:\Users\Cain\Desktop\Attach.zip
[2012/06/25 20:02:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Cain\Desktop\dds.scr
[2012/06/25 12:28:13 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/15 08:35:57 | 000,001,304 | ---- | M] () -- C:\Users\Cain\Desktop\Notepad.lnk
[2012/06/12 22:36:28 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/12 22:26:44 | 000,000,532 | -H-- | M] () -- C:\regrun.war
[2012/06/12 22:17:11 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/06/12 22:17:11 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2012/06/12 22:17:11 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/06/12 22:16:22 | 000,037,600 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012/06/12 22:06:27 | 000,001,437 | ---- | M] () -- C:\Users\Cain\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/10 12:31:05 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/10 12:27:12 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/06/10 12:27:12 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/06/10 09:35:11 | 001,647,252 | ---- | M] () -- C:\Users\Cain\Desktop\.Spotlight-V100.zip
[2012/06/10 07:58:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2012/06/26 18:09:04 | 001,521,152 | ---- | C] () -- C:\Users\Cain\Desktop\RogueKiller.exe
[2012/06/25 20:11:38 | 000,001,816 | ---- | C] () -- C:\Users\Cain\Desktop\Attach.zip
[2012/06/25 12:28:13 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/15 08:35:57 | 000,001,304 | ---- | C] () -- C:\Users\Cain\Desktop\Notepad.lnk
[2012/06/12 22:36:28 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/12 22:36:28 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/12 22:21:20 | 000,000,532 | -H-- | C] () -- C:\regrun.war
[2012/06/12 22:16:06 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2012/06/12 22:14:15 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/06/12 22:14:15 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2012/06/12 22:14:15 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/06/12 22:06:27 | 000,001,437 | ---- | C] () -- C:\Users\Cain\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/10 12:26:59 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/06/10 12:26:45 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/06/10 12:23:01 | 1200,087,040 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/10 09:34:29 | 001,647,252 | ---- | C] () -- C:\Users\Cain\Desktop\.Spotlight-V100.zip
[2012/06/10 07:58:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/06/09 19:47:18 | 000,001,409 | ---- | C] () -- C:\Users\Cain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/06/09 19:47:11 | 000,001,443 | ---- | C] () -- C:\Users\Cain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/09 19:46:24 | 000,000,290 | ---- | C] () -- C:\Users\Cain\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/09 19:46:24 | 000,000,272 | ---- | C] () -- C:\Users\Cain\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

< End of report >

Extras log:

OTL Extras logfile created on: 6/26/2012 6:22:51 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Cain\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 55.73% Memory free
2.98 Gb Paging File | 2.11 Gb Available in Paging File | 70.76% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 126.80 Gb Free Space | 85.13% Space Free | Partition Type: NTFS
Drive D: | 145.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CAIN-PC | User Name: Cain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1907864757-3584112839-898014372-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Avira AntiVir Desktop" = Avira Free Antivirus
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PokerStars" = PokerStars

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1907864757-3584112839-898014372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2012 5:46:11 AM | Computer Name = Cain-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/9/2012 7:08:40 PM | Computer Name = Cain-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/12/2012 8:06:36 AM | Computer Name = Cain-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/12/2012 8:29:36 AM | Computer Name = Cain-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 3:31:24 PM | Computer Name = Cain-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 6:35:16 PM | Computer Name = Cain-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 7:39:09 PM | Computer Name = Cain-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 11:15:35 PM | Computer Name = Cain-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/14/2012 11:33:11 PM | Computer Name = Cain-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/26/2012 4:06:05 AM | Computer Name = Cain-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/12/2012 8:21:27 AM | Computer Name = Cain-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\regguard.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 6/12/2012 8:28:01 AM | Computer Name = Cain-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Partizan

Error - 6/12/2012 8:28:14 AM | Computer Name = Cain-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\regguard.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 6/12/2012 8:28:59 AM | Computer Name = Cain-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\regguard.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 6/12/2012 8:29:07 AM | Computer Name = Cain-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\regguard.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 6/12/2012 8:36:21 AM | Computer Name = Cain-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.

Error - 6/14/2012 11:31:29 PM | Computer Name = Cain-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:30:44 PM on ?6/?15/?2012 was unexpected.

Error - 6/19/2012 2:09:18 PM | Computer Name = Cain-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.

Error - 6/21/2012 12:00:24 PM | Computer Name = Cain-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 6/26/2012 3:58:05 AM | Computer Name = Cain-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the AntiVirSchedulerService service.


< End of report >

Hi,

Thank you for your help so far. I haven't been doing much activity on this laptop- as I don't want to mess up any of the logs.
However what seems to be happening is that whatever build we compile on other computers appears to be infected with something we cannot find using normal virus scanners. After new build Windows based OS's have a lot of temp files- a lot of hidden files appear in the content.ie5 folders ($r folders and files- different names)- after initial reboot the computers always boot very slow- and a lot of temp files appear in scanners- but then the files cannot be found- and that is without running any other application but the scan utilities (tried many like gmer, combofix, d7 utilities and the list goes on...)...We have tried wiping the drives, rewriting mbr's, flashing bios and cmos and all that is happening seems to reoccur as soon as OS is reinstalled- I'm assuming small (kB in size files) hide in the nvram sectors of the PC's and travel in between different hardware pieces in order to survive...running wire shark and observing the traffic with all the foreign IP's trying to communicate and broadcast hello messages to other PC's on the network and than obtaining further such details just does not seem right- and that is without any apps running...I'm not sure what we are infected with but it has eaten away all the PC's we have...we don't appear to have a single clean computer that we feel safe on accessing anything...we are desperate- thus why we have come here for help...and I would really apprecaite if you could help with this one...

Thank you

Hi iohelp :

I saw you are playing POKER. I want to remind you about the Online Poker.
Online Poker sites are well known for placing all manner of Internet parasites on their visitors' computers and continue to do so. In a lot of cases, these Poker plugins are also getting installed without your asking for it. You can read Poker gamers targeted by a rootkit backdoor (http://www.dslreports.com/forum/r16107893-Poker-gamers-targeted-by-a-rootkit-backdoor) regarding the risk involved with visiting the Poker games web sites.

1. Please uninstall these applications:
Click start>> Control Panel >> Under Programs, click on Uninstall a program.
Locate the following program(s):

Ask Toolbar
PokerStars
Avira SearchFree Toolbar plus Web Protection Updater

Select the program above and click on Uninstall to uninstall it.NOTE: Take extra care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

=============================================================================================================================================

RESTART your computer now.

=============================================================================================================================================

2. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Copy the following text... do not include the quote box title "Quote'

:OTL
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
IE - HKU\S-1-5-21-1907864757-3584112839-898014372-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1907864757-3584112839-898014372-1000\..\SearchScopes\{012B4696-57B8-4C16-9915-5BD69971A95F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^AU&apn_uid=a2abc1d7-7cfb-4199-9e35-12f9d645d978&apn_sauid=28081A30-A1E8-470C-B581-2A2B039DCAA2
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_AU&apn_uid=a2abc1d7-7cfb-4199-9e35-12f9d645d978&apn_ptnrs=^ABZ&apn_sauid=28081A30-A1E8-470C-B581-2A2B039DCAA2&apn_dtid=^YYYYYY^YY^AU&&q="
[2012/06/25 19:57:46 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Cain\AppData\Roaming\Mozilla\Firefox\Profiles\lzp9ylmb.default\extensions\toolbar@ask.com
[2012/06/25 19:57:50 | 000,002,413 | ---- | M] () -- C:\Users\Cain\AppData\Roaming\Mozilla\Firefox\Profiles\lzp9ylmb.default\searchplugins\askcom.xml
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
[2012/06/25 12:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found

:Files
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[CreateRestorePoint]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.


3. aswMBR.exe
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your Desktop.
Right click aswMBR.exe & choose "Run as Administrator" to run it.
Click Yes to the prompt to download Avast! virus definitions.
(Please be patient whilst the virus definitions download)
With the AVscan set to Quick Scan, click the Scan button.
(Please be patient whilst your computer is scanned.)
After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
Click OK > Exit.
Note: Do not attempt to fix anything at this stage!
Two files will be created, aswMBR.txt & a file named MBR.dat.
MBR.dat is a backup of the MBR(master boot record), do not delete it..
I strongly suggest you keep a copy of this backup stored on an external device.
Copy & Paste the contents of aswMBR.txt into your next reply.


4. Gmer
Please download GMER Rootkit Scanner from Here (http://www2.gmer.net/download.php).
Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All << (don't miss this one)
See image below, Click the image to enlarge it
http://i266.photobucket.com/albums/ii277/sUBs_/th_Gmer_initScan.gif (http://i266.photobucket.com/albums/ii277/sUBs_/Gmer_initScan.gif)

Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in your next reply**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.


5. Please let's me know more information about your problem.
How many computers are there in the network? Is this computer showing the symptoms that you have described so far?
Is reformatting done while disconnected from the network? Do you have the same problem with a freshly formatted computer not yet connected to the network?
What are the files affected and what tools / AV you used to detect them?
Do you have any logs from these detections?
Any name of infection appear from those identification so far?
What are the IPs that you see?
Could get me screen shots of the messages / problems that you see?
Which Windows OS do you use for all the machines?



6. Checklist
Please post:
OTL fix log
aswMBR log
Gmer log
Answer about question 5
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack

Hi there,

First log from OTL:

All processes killed
========== OTL ==========
No active process named Program Files was found!
Registry value HKEY_USERS\S-1-5-21-1907864757-3584112839-898014372-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_USERS\S-1-5-21-1907864757-3584112839-898014372-1000\Software\Microsoft\Internet Explorer\SearchScopes\{012B4696-57B8-4C16-9915-5BD69971A95F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{012B4696-57B8-4C16-9915-5BD69971A95F}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_AU&apn_uid=a2abc1d7-7cfb-4199-9e35-12f9d645d978&apn_ptnrs=^ABZ&apn_sauid=28081A30-A1E8-470C-B581-2A2B039DCAA2&apn_dtid=^YYYYYY^YY^AU&&q=" removed from keyword.URL
Folder C:\Users\Cain\AppData\Roaming\Mozilla\Firefox\Profiles\lzp9ylmb.default\extensions\toolbar@ask.com\ not found.
C:\Users\Cain\AppData\Roaming\Mozilla\Firefox\Profiles\lzp9ylmb.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
Folder C:\Program Files (x86)\Ask.com\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Cain\Desktop\cmd.bat deleted successfully.
C:\Users\Cain\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cain
->Temp folder emptied: 1537125 bytes
->Temporary Internet Files folder emptied: 47354789 bytes
->FireFox cache emptied: 62032198 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4073514 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06282012_220213

Files\Folders moved on Reboot...
C:\Users\Cain\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Cain\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

results from aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-28 22:07:26
-----------------------------
22:07:26.947 OS Version: Windows x64 6.1.7601 Service Pack 1
22:07:26.947 Number of processors: 1 586 0x1601
22:07:26.947 ComputerName: CAIN-PC UserName: Cain
22:07:28.008 Initialize success
22:10:20.302 AVAST engine defs: 12062800
22:10:54.590 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
22:10:54.590 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC7DP Size: 152627MB BusType: 11
22:10:54.606 Disk 0 MBR read successfully
22:10:54.622 Disk 0 MBR scan
22:10:54.622 Disk 0 Windows 7 default MBR code
22:10:54.637 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:10:54.653 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
22:10:54.668 Disk 0 scanning C:\Windows\system32\drivers
22:11:07.975 Service scanning
22:11:35.525 Modules scanning
22:11:35.525 Disk 0 trace - called modules:
22:11:35.556 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:11:35.572 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002197410]
22:11:36.086 3 CLASSPNP.SYS[fffff8800195c43f] -> nt!IofCallDriver -> [0xfffffa8001d0b520]
22:11:36.086 5 ACPI.sys[fffff88000eee7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8001d13680]
22:11:37.319 AVAST engine scan C:\Windows
22:11:39.425 AVAST engine scan C:\Windows\system32
22:15:14.612 AVAST engine scan C:\Windows\system32\drivers
22:15:34.003 AVAST engine scan C:\Users\Cain
22:18:57.037 AVAST engine scan C:\ProgramData
22:19:01.873 Scan finished successfully
22:28:27.155 Disk 0 MBR has been saved successfully to "C:\Users\Cain\Desktop\MBR.dat"
22:28:27.171 The log file has been saved successfully to "C:\Users\Cain\Desktop\aswMBR.txt"

GMER is not allowing me to select anything between System and Libraries...downloaded a couple of times - tried from desktop and downloads folder - run as admin- to no avail.
Please check out the print screen here:
http://s11.postimage.org/nnn5h52cz/New_Bitmap_Image.png

Hi
Just wanted to let you know that I will post logs from other computers a bit later- gathering them now- and also I will further describe the problem then
Thank you

Hi iohelp:

Based on the information that you have provided, the logs we have now, and your network activities abnormal, I think it would be best if your problem could be taken care of by those experts who can deal with your network directly. I am not seeing anything from the logs. I think your problems can't be solved effectively online since the "malware" may be updated each time you connect to internet or your network.

Besides that, since your problem may fall into this category, I want your to read this article: http://forums.spybot.info/showpost.php?p=25712&postcount=5

It's not that I don't want to help, but there are too many issues that could arise with your problem that I, as a malware forum volunteer is not experienced in dealing with.

Thank you for your understanding.
torreattack