Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Must have keyloggers.

Started by Starce* , Jul 13 2011 09:07 PM

  • Please log in to reply

#1
Starce*
Posted 13 July 2011 - 09:07 PM

Starce*

    New Member

  • Member
  • Pip
  • 8 posts
Recently ive been having problems with things like my WoW account being hacked, email accounts being compromised, and my apple account being constantly locked. The windows theme has also been changed to where it looks like it is in safe mode and when i try to change it back to aero it does nothing. Also, things like firefox and games are running abnormally slow. They never have been as slow as they are now which makes me think I also have some type of virus.

Edit - Pasting the OTL log in the post

OTL logfile created on: 7/13/2011 21:53:07 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 54.09% Memory free
6.14 Gb Paging File | 4.44 Gb Available in Paging File | 72.28% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 2.13 Gb Free Space | 0.72% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/12 23:57:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/07/05 10:56:05 | 001,708,544 | ---- | M] (Curse) -- C:\Users\Owner\AppData\Local\Apps\2.0\GKCBNBPB.GKE\OOP1C7KL.JT9\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe
PRC - [2011/07/04 17:12:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe
PRC - [2011/07/04 10:53:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/04/29 08:45:03 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/11 03:00:00 | 005,526,528 | ---- | M] (MPC-HC Team) -- C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
PRC - [2010/11/16 16:17:54 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Steam\Steam.exe
PRC - [2010/11/02 18:51:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/07/07 20:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2010/07/07 20:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2010/06/21 22:37:54 | 001,619,272 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/09 15:32:20 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lycosa\razertra.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/21 13:10:30 | 000,610,816 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2008/10/16 18:07:40 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Lycosa\razerhid.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/03/31 20:54:06 | 000,507,904 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe
PRC - [2008/01/29 21:19:32 | 000,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Winamp Remote\bin\Orb.exe
PRC - [2007/12/16 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/10 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (SafeList) ==========

MOD - [2011/07/12 23:57:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2011/07/04 10:53:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Start_Pending] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/29 08:45:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/16 09:55:09 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/06/21 22:37:54 | 001,619,272 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2010/03/05 18:17:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/02/09 22:35:09 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/09 22:23:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2009/08/30 14:17:30 | 003,407,412 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/06/18 19:10:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/04/02 13:27:26 | 000,090,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2008/09/10 10:22:32 | 000,229,648 | ---- | M] (Uniblue) [On_Demand | Stopped] -- C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe -- (Uniblue DiskRescue)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/16 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/08/02 16:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 10:53:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/04 10:53:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/07 22:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/07 22:15:22 | 001,227,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2010/07/07 22:15:10 | 001,184,344 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010/07/07 22:15:00 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/07/07 22:14:52 | 000,159,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/07/07 22:14:44 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/07/07 22:14:36 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/07/07 22:14:20 | 000,537,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/07/07 22:14:00 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/07/07 22:13:52 | 001,353,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2010/07/07 22:13:52 | 001,353,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010/07/07 22:13:42 | 000,073,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2010/07/07 22:13:42 | 000,073,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010/07/07 22:13:34 | 000,198,232 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2010/07/07 22:13:34 | 000,198,232 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2010/03/03 21:22:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/30 19:02:30 | 000,047,152 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\Windows\System32\drivers\pxrts.sys -- (pxrts)
DRV - [2009/11/30 19:02:30 | 000,030,280 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2009/11/30 19:02:29 | 000,024,496 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2009/08/04 18:44:12 | 000,139,296 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2009/08/04 18:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/03 14:54:52 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2009/02/03 14:54:48 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/05/22 14:21:46 | 000,016,896 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2008/04/17 12:57:48 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MovRVDrv32.sys -- (MovRVDrv32)
DRV - [2008/04/17 12:57:46 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2007/12/17 18:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/08/21 03:13:03 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/08/08 11:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007/01/15 16:35:18 | 001,032,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2006/10/18 13:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005/12/21 12:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Usbicp.sys -- (uisp)
DRV - [2005/08/02 16:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2004/08/10 09:57:54 | 000,017,536 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NtpaSp50.sys -- (NTPASp50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.myspace.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.7
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Owner\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 11:53:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 22:21:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2011/07/04 17:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2011/06/26 22:21:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Owner\Program Files\DNA [2009/11/11 16:14:23 | 000,000,000 | ---D | M]

[2009/03/16 15:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/02/05 18:54:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/07/11 23:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions
[2010/05/01 12:52:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/18 17:10:07 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/23 18:02:29 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010/08/05 17:59:46 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2011/07/11 23:37:55 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2009/10/17 10:11:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/04/21 09:22:53 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\[email protected]
[2010/08/05 17:41:04 | 000,000,000 | ---D | M] (RAMBack) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\[email protected]
[2011/06/16 22:39:47 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\[email protected]
[2010/02/23 18:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010/02/23 18:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/02/23 18:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010/02/23 18:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/10/18 15:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/29 23:03:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/17 19:04:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 15:58:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/16 20:42:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 6\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/18 16:10:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 6\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U7E8W4DI.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U7E8W4DI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U7E8W4DI.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U7E8W4DI.DEFAULT\EXTENSIONS\[email protected]
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/21 12:13:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [Steam] C:\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Desktop\Wallpapers-room_com___Aurora_Borealis_by_titusboy25_1680x1050.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\Desktop\Wallpapers-room_com___Aurora_Borealis_by_titusboy25_1680x1050.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 23:57:34 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/07/05 10:56:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2011/06/16 09:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2010/07/07 20:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2010/07/07 20:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[2008/05/07 18:13:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/13 21:52:32 | 009,099,144 | ---- | M] () -- C:\Users\Owner\Desktop\Cory Gunz - YMA feat Gudda Gudda, Short Dawg & Mack Maine [No DJ].mp3
[2011/07/13 21:47:05 | 004,267,648 | ---- | M] () -- C:\Users\Owner\Desktop\10. Sorry 4 The Wait.mp3
[2011/07/13 21:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4051726148-2668874063-1496388572-1000UA.job
[2011/07/13 21:38:22 | 000,606,418 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/13 21:38:22 | 000,106,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/13 21:33:23 | 000,380,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/13 21:33:23 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/13 21:33:22 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/13 21:33:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/13 21:32:12 | 000,322,828 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2011/07/13 21:31:24 | 000,055,380 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011/07/13 21:31:24 | 000,055,380 | ---- | M] () -- C:\Windows\System32\BMXState-{00000003-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011/07/13 21:31:24 | 000,000,820 | ---- | M] () -- C:\Windows\System32\DVCState-{00000003-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011/07/12 23:57:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/07/11 23:39:13 | 010,285,016 | ---- | M] () -- C:\Users\Owner\Desktop\Chevy Woods ft Wiz Khalifa - Crazy.mp3
[2011/07/05 23:45:01 | 102,751,832 | ---- | M] () -- C:\Users\Owner\Desktop\Gucci Mane - Writings On The Wall 2 (Hosted by DJ Holiday).zip
[2011/07/05 15:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4051726148-2668874063-1496388572-1000Core.job
[2011/07/05 10:56:11 | 000,000,312 | ---- | M] () -- C:\Users\Owner\Desktop\Curse Client.appref-ms
[2011/07/04 22:53:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/04 10:53:34 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/07/04 10:53:34 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/06/26 22:29:56 | 005,223,626 | ---- | M] () -- C:\Users\Owner\Desktop\Bow Wow - I'm Da Man feat. Chris Brown.mp3
[2011/06/26 22:21:42 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/17 23:18:44 | 000,001,664 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/16 09:58:50 | 002,076,256 | ---- | M] () -- C:\Users\Owner\Desktop\Drake - Marvin's Room (Prod By 40).mp3.part
[2011/06/16 09:55:07 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/13 21:52:15 | 009,099,144 | ---- | C] () -- C:\Users\Owner\Desktop\Cory Gunz - YMA feat Gudda Gudda, Short Dawg & Mack Maine [No DJ].mp3
[2011/07/13 21:46:59 | 004,267,648 | ---- | C] () -- C:\Users\Owner\Desktop\10. Sorry 4 The Wait.mp3
[2011/07/11 23:38:34 | 010,285,016 | ---- | C] () -- C:\Users\Owner\Desktop\Chevy Woods ft Wiz Khalifa - Crazy.mp3
[2011/07/05 23:39:22 | 102,751,832 | ---- | C] () -- C:\Users\Owner\Desktop\Gucci Mane - Writings On The Wall 2 (Hosted by DJ Holiday).zip
[2011/07/04 22:53:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 22:29:56 | 005,223,626 | ---- | C] () -- C:\Users\Owner\Desktop\Bow Wow - I'm Da Man feat. Chris Brown.mp3
[2011/06/17 23:18:44 | 000,001,664 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/16 09:58:44 | 002,076,256 | ---- | C] () -- C:\Users\Owner\Desktop\Drake - Marvin's Room (Prod By 40).mp3.part
[2011/06/16 09:55:07 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/01/19 22:51:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/16 13:20:18 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RSBot_Accounts.ini
[2011/01/15 13:47:46 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/10/30 14:25:06 | 000,045,056 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2010/08/23 17:08:46 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/08/23 17:08:41 | 001,228,854 | ---- | C] () -- C:\ProgramData\OrbError.bmp
[2010/08/21 11:31:17 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/07/07 21:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010/07/07 21:23:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/07/07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2010/07/07 20:14:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2010/07/07 20:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2010/06/12 06:32:35 | 002,419,568 | ---- | C] () -- C:\Windows\System32\pbsvc_apb.exe
[2010/05/13 18:21:42 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2010/03/04 01:12:03 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2010/02/21 13:10:49 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/02/21 13:10:49 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/02/21 13:10:49 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/02/11 21:19:35 | 000,000,248 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/09 22:18:07 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/02/09 22:18:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/02/09 22:17:11 | 000,384,428 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2010/02/09 22:17:11 | 000,051,787 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/02/09 14:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/02/04 17:15:53 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2010/02/04 17:15:53 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010/01/31 21:02:40 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/01/31 11:44:09 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/31 11:44:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/31 11:44:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/31 11:44:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/31 11:44:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/13 19:51:37 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/11/30 23:06:14 | 000,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2009/11/19 22:48:30 | 000,000,861 | ---- | C] () -- C:\Windows\CoD.INI
[2009/10/23 23:18:38 | 000,000,079 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RSBot Accounts.ini
[2009/08/30 11:34:08 | 000,007,311 | ---- | C] () -- C:\Program Files\5362f30584883d01175a57752e4d547dba04a54e_full[1].jpg
[2009/08/26 20:39:35 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/27 14:02:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2009/07/14 01:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/29 04:21:10 | 000,000,691 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\GetValue.vbs
[2009/06/29 04:21:10 | 000,000,035 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\SetValue.bat
[2009/06/28 03:08:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/28 03:08:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/29 03:17:38 | 000,000,254 | ---- | C] () -- C:\Windows\MP3trt.ini
[2009/05/28 03:43:55 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009/05/26 13:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/05/24 11:33:35 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/03/15 12:40:03 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/02/14 14:25:15 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/12/17 16:44:41 | 000,006,048 | ---- | C] () -- C:\Windows\System32\MCC16.dll
[2008/12/17 16:44:06 | 000,040,448 | ---- | C] () -- C:\Windows\System32\BJAXSecurityManager.dll
[2008/12/17 16:44:04 | 000,086,016 | ---- | C] () -- C:\Windows\System32\BJInstaller.dll
[2008/09/07 11:48:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/09/07 11:48:28 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/09/07 11:48:28 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/09/07 11:48:28 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/09/07 11:48:28 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/09/07 11:48:28 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/09/07 11:48:28 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/09/07 11:48:28 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/09/07 11:48:28 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/09/07 11:48:28 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/09/07 11:48:28 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/09/07 11:48:28 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/09/07 11:48:28 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/09/07 11:48:28 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/09/07 11:48:28 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/09/07 11:48:28 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/08/19 16:12:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/13 15:29:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/05/07 18:13:41 | 000,007,887 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2008/05/07 18:13:41 | 000,001,144 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2008/05/01 21:57:10 | 000,027,896 | ---- | C] () -- C:\Windows\scunin.dat
[2008/05/01 21:57:10 | 000,002,776 | ---- | C] () -- C:\Windows\WoWEmuHackSettings.ini
[2008/05/01 21:57:10 | 000,000,106 | ---- | C] () -- C:\Windows\wininit.ini
[2008/05/01 21:57:10 | 000,000,028 | ---- | C] () -- C:\Windows\ZC DVD Creator Platinum.INI
[2008/05/01 21:57:09 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/05/01 21:57:09 | 000,000,044 | ---- | C] () -- C:\Windows\EPSNX400.ini
[2008/04/25 16:23:24 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2008/04/22 15:35:42 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2008/04/18 17:29:56 | 000,000,063 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/04/15 15:21:28 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2008/02/15 17:23:42 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2008/01/09 18:35:01 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2007/12/26 17:55:56 | 000,138,056 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\PnkBstrK.sys
[2007/12/26 17:55:35 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2007/12/26 16:00:45 | 000,008,268 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2007/12/15 22:25:33 | 000,052,224 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/11 11:59:42 | 000,138,416 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2007/11/11 11:59:36 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2007/11/11 11:59:29 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2007/11/10 18:49:21 | 000,000,780 | ---- | C] () -- C:\Windows\eReg.dat
[2007/08/10 16:37:34 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/07/20 17:46:20 | 000,000,552 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d8caps.dat
[2007/06/20 23:54:19 | 000,056,145 | ---- | C] () -- C:\Windows\War3Unin.dat
[2007/06/18 09:17:04 | 000,000,097 | ---- | C] () -- C:\Windows\lexstat.ini
[2007/03/20 09:11:49 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2007/03/20 09:03:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,380,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,418 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,106,080 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/02 16:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/04/30 12:39:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2009/05/17 21:23:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Any Video Converter
[2010/03/03 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Astroburn Lite
[2008/06/19 23:47:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2008/03/16 18:06:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Beyond
[2010/02/14 16:14:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Bioshock
[2010/06/29 17:12:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Bioshock2
[2010/02/09 12:46:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitDefender
[2010/09/25 14:31:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2009/05/24 12:51:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools
[2009/05/24 12:51:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2009/12/19 18:54:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DMCache
[2009/12/08 22:48:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DNA
[2010/12/30 01:28:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Downloaded Installations
[2008/08/04 14:22:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Electronic Arts
[2010/05/13 18:22:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeBurner
[2011/06/14 23:35:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire
[2009/09/07 12:37:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2009/07/26 17:31:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GSC 2.00
[2009/05/16 22:40:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\id Software
[2010/03/08 00:07:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InterTrust
[2008/09/07 20:05:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/11/01 23:33:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2009/03/12 21:50:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Megaupload
[2008/11/07 22:38:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MobMapUpdater
[2009/02/15 13:18:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2010/06/06 03:27:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Need for Speed World
[2010/06/06 03:27:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Need for Speed World Online
[2010/01/23 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Octoshape
[2008/05/17 23:52:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2011/03/26 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PunkBuster
[2010/02/18 11:51:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Razer
[2011/01/25 16:39:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RIFT
[2011/04/16 09:57:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rovio
[2010/03/15 18:17:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\runic games
[2009/02/13 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\scar5
[2011/03/02 21:18:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smart FLV Converter Pro
[2009/04/01 15:33:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Subversion
[2010/09/06 14:47:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2009/05/28 03:46:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Systweak
[2010/03/04 01:07:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\The Creative Assembly
[2009/02/16 16:29:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thinstall
[2008/05/05 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Touchstone
[2010/01/23 21:57:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2009/07/27 14:01:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tunngle
[2010/01/23 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ubi.com
[2010/03/04 22:22:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ubisoft
[2010/03/09 20:19:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2011/03/07 22:25:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2008/05/07 18:14:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vso
[2010/09/02 16:41:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xilisoft
[2010/01/22 18:20:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ZombieDriver
[2011/07/13 21:31:12 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/05/28 16:47:19 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\Uniblue DiskRescue 2009.job
[2008/06/15 13:24:16 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpyEraser.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 507 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:EEFF768F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

Attached Files

  • Attached File  OTL.Txt   110.03KB   0 downloads

Edited by Starce*, 14 July 2011 - 10:06 AM.

  • 0

Advertisements

#2
emeraldnzl
Posted 22 July 2011 - 03:20 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Starce*,

Welcome to Geekstogo.

Firstly please tell me if you know about this program on your computer.

LogMeIn

LogMeIn is a legitimate program for remote access to your computer by someone helping from a support centre for example. However it can also be used for remote control of a machine by someone seeking access for other reasons.

Tell me when you return.

For now

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

:Commands
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
After that

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat. http://www.appremove...ed-applications
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you return please post
  • OTL fix log
  • ComboFix.txt
  • tell me about LogMeIn
  • 0

#3
Starce*
Posted 24 July 2011 - 10:26 PM

Starce*

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
LogMeIn was a program that I used to create a LAN connection between me and some friends of mine. We mainly used it to play a game called minecraft. That is all I ever used it for though.

When OTL ran the fix and restarted my computer a log never popped up. It didnt have any error or anything. The reason the log could have not popped up is because I have UAC enabled but, the combofix log popped up and is attached.

Attached Files


  • 0

#4
emeraldnzl
Posted 24 July 2011 - 11:51 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Starce*,

LogMeIn was a program that I used to create a LAN connection between me and some friends of mine. We mainly used it to play a game called minecraft. That is all I ever used it for though.


Fair enough. As long as you are aware of the risks. Because of the remote access you have on your machine you might like to consider some anti-keylogger measures.

If a keylogger is software based, a good free antikeylogger software is IHateKeyloggers. While I understand it can't block screencapture, when tested, it was found to block commercial keystroke logging software. It won't remove the keylogger software, but it will block the keystroke from being logged.

http://dewasoft.com/...-keyloggers.htm

KeyScrambler is very good as well although I don't know whether it works with the latest IE & Firefox browser versions.

http://www.qfxsoftwa...d/whats-new.htm

If you're afraid of keylogging passwords a password program like Password Corral or Password Vault could be an option for you.

When OTL ran the fix and restarted my computer a log never popped up.


A copy is saved at :\_OTL\Moved Files in most cases this will be C:\_OTL\Moved Files

Now

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

After that

Please run a free on line scan with BitDefender Online Scanner

Note: these instructions were compiled using Firefox. IE users may find slight differences... just follow the prompts.

  • Click the green Start Scanner button
  • Click the green Free Scan Now button
  • Accept the plug in installation
  • Restart your browser if requested
  • Click the green Free Scan Now button again
  • Accept the eula agreement
  • The scan should start. It will be relatively quick.
  • Click View Report (note: this is not the facebook one - just click on the words View Report)
  • Notepad will open with a log
  • Save to your desktop
  • Copy and paste the report back here

When you come back please post
  • OTL log if you can find it
  • MBAM log
  • Bitdefender scan results
  • and tell me how your machine is


Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
  • 0

#5
Starce*
Posted 25 July 2011 - 12:11 AM

Starce*

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Found the OTL log.

========== OTL ==========
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
C:\Program Files\Viewpoint\Common\ViewpointService.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\autoexec.bat moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 110293 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 56502 bytes

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07242011_224553

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7270

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

7/25/2011 01:02:58
mbam-log-2011-07-25 (01-02-58).txt

Scan type: Quick scan
Objects scanned: 295627
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


QuickScan Beta 32-bit v0.9.9.98
-------------------------------
Scan date: Mon Jul 25 01:05:19 2011
Machine ID: 6E57E557



No infection found.
-------------------



Processes
---------
AntiVir Desktop 2276 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
Creative Audio Product 2420 C:\Windows\System32\CTxfispi.exe
Creative Volume Panel 2220 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
CTXfiHlp Application 2268 C:\Windows\System32\Ctxfihlp.exe
Curse Client 5024 C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe
Firefox 5520 C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe
Firefox 4964 C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
iTunes 2388 C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 2364 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System 2020 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 424 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 2400 C:\Windows\System32\wbem\unsecapp.exe
NVIDIA Settings 2256 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
razerhid Application 2248 C:\Program Files\Razer\Lycosa\razerhid.exe
razertra Application 2896 C:\Program Files\Razer\Lycosa\razertra.exe
TortoiseSVN 1932 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
Updater 2356 C:\Program Files\Ask.com\Updater\Updater.exe
(verified) GrooveMonitor Utility 2332 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(verified) Microsoft® Windows® Operating System 1460 C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System 1980 C:\Windows\System32\dwm.exe


Network activity
----------------
Process firefox.exe (5520) connected on port 80 (HTTP) --> 74.125.157.101
Process firefox.exe (5520) connected on port 80 (HTTP) --> 74.125.157.155
Process firefox.exe (5520) connected on port 80 (HTTP) --> 184.84.210.56
Process firefox.exe (5520) connected on port 80 (HTTP) --> 74.125.157.101
Process firefox.exe (5520) connected on port 80 (HTTP) --> 69.171.229.14



Autoruns and critical files
---------------------------
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
Aquarium.scr C:\Windows\system32\Aquarium.scr
Creative Volume Panel C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
CTXfiHlp Application C:\Windows\System32\Ctxfihlp.exe
dvd43_tray.exe C:\Program Files\dvd43\dvd43_tray.exe
GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Hamachi2 Client C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
razerhid Application C:\Program Files\Razer\Lycosa\razerhid.exe
Updater C:\Program Files\Ask.com\Updater\Updater.exe
Windows® Internet Explorer c:\windows\system32\webcheck.dll
(verified) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


Browser plugins
---------------
AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
CTPID ActiveX Control Module C:\Windows\Downloaded Program Files\CTPIDPDE.ocx
DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
DNA Plug-in C:\Program Files\DNA\plugins\npbtdna.dll
DNA Plug-in C:\Users\Owner\Program Files\DNA\plugins\npbtdna.dll
Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
getPlusPlus for Adobe 16248 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
getPlusPlus for Adobe 16248 C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
IGN Download Manager Plug-in C:\Program Files\Download Manager\npfpdlm.dll
InterTrust Redemption Wizard C:\Program Files\Internet Explorer\plugins\NPDocBox.dll
Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java Deployment Toolkit 6.0.260.3 C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins\npdeployJava1.dll
Java™ Platform SE 6 U26 c:\program files\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U26 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Mega Manager IE Click Catcher c:\program files\megaupload\mega manager\megaiemn.dll
MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
Microsoft® CoReXT c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
NVIDIA 3D Vision C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
NVIDIA 3D VISION C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
QUAKE LIVE C:\ProgramData\id Software\QuakeLive\npquakezero.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
SDHelper.dll C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Toolbar c:\program files\ask.com\genericasktoolbar.dll
Toolbar Module C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\[email protected]\components\DTToolbarFF.dll
Toolbar Module C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\[email protected]\components\DTToolbarFF4.dll
Winamp Application Detector C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins\npwachk.dll
Winamp Application Detector C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\system32\ieframe.dll
(verified) DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\MSWSOCK.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Scan
----
MD5: 0275b6e956756cb03c5c8f2080e26150 C:\Program Files\7-Zip\7-zip.dll
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
MD5: 69169586efad19f53c2012ffd8fdcf45 C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MD5: a277716d0e98115121978c70b011325f c:\program files\ask.com\genericasktoolbar.dll
MD5: 8b718e2c3ae1ea0b90bfa793f7b558a7 C:\Program Files\Ask.com\Updater\Updater.exe
MD5: c983e62b6fb74457d173ba93f66f6068 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
MD5: f7263b4e58e0346178cad70eac7f35e6 c:\program files\avira\antivir desktop\ccgen.dll
MD5: f05a5753c308425749b37acd39a5f760 c:\program files\avira\antivir desktop\ccgenrc.dll
MD5: 4b3a4639dd281b709162a2120b3daefc c:\program files\avira\antivir desktop\ccguard.dll
MD5: c0245ed1f48397d41632cab0afa842ce c:\program files\avira\antivir desktop\cclic.dll
MD5: 98d551a16398529f181570a001843231 c:\program files\avira\antivir desktop\ccmsg.dll
MD5: bd655a8ecaf694c48684b89c745f52fa c:\program files\avira\antivir desktop\ccupdate.dll
MD5: a93a23d1d8922fe1e625d9884c275ff5 c:\program files\avira\antivir desktop\ccupdrc.dll
MD5: a0ef10de0d455e33adffc39948660899 c:\program files\avira\antivir desktop\ccupdw.dll
MD5: 0014339814c89abf148f49976146941c c:\program files\avira\antivir desktop\ccwgrd.dll
MD5: e679bfaca916613bdfbf0844de248ef0 c:\program files\avira\antivir desktop\ccwgrdrc.dll
MD5: d41a02871f992a2c47b84a95c2a78b40 c:\program files\avira\antivir desktop\ccwgrdw.dll
MD5: 47766f6b79a25af04ed3f6f2b02aa4cb C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
MD5: a285373eab723d7f3fcfdb70accb60a1 C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
MD5: 902c61f27c86b4a0c0bff31f154ddbeb C:\Program Files\Avira\AntiVir Desktop\shlext.dll
MD5: 2b81226910f765a9191eb9db93743237 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: c3104be7d2b689ebe47e2aac64c07530 c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
MD5: 203a74767eb81f96a5166b1933db46d0 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: d855b0e63ecafe9ebd086af6691e0016 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL
MD5: 749cf03badc40453f61fd7025e2ba2f5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: d30dd708f05fb85ef2c53727ed3573d2 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
MD5: 38711bb50d27b7145186f61ce31b3336 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
MD5: 9e515554a3ea7b70c975f61971c6977d C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 5c88054458e044f1deb77855f6137a25 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
MD5: 6bf01e200063d7274f3af06d226671f5 c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: 07f3d1d84627dba45433e7bf4d22d73f C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
MD5: 357e38cae32aa5bd847d8a4b2ccec8ef C:\Program Files\Creative\ShareDLL\CADI\ctcadi.dll
MD5: 3329e733706b889de2af3e01732b0efe C:\Program Files\Creative\ShareDLL\CADI\CTCadiEP.dll
MD5: c3b11fd0c7a6e88771376a34b359aa17 C:\Program Files\Creative\ShareDLL\CADI\CTRice.dll
MD5: 7247d52a7899c566759740ec010cf461 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\CTAudEp.dll
MD5: f24a3379567365b1cd4e9167adf4b763 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\CTAudSeu.dll
MD5: abaac2bda49e97f2682e777036e02db0 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\CTIniFu.dll
MD5: 7672b66e9bda3fd7b3b54857b4c305ac C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\CtrlSrcU.dll
MD5: d31b0e09ba644a8b7b797713ffaa80d5 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\CTThemeU.dll
MD5: 50b4230036b7453d232dfffa8b489f88 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl.sku
MD5: 626fae12ab3fcc7715b621b63ff6f3b6 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl2.sku
MD5: 912f4220a2af6e0f26a5f03df42ca33d C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\GDICtrl3.sku
MD5: f9d845272b6ebc7aef5584dd5c12debf C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\RtxCtrl.sku
MD5: 05e604011a923f30a3daab00528a78a8 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.crl
MD5: 2601be262dae17fb482080e303f68a1b C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
MD5: 6827ca29d7ad3595660271f3f05c79b5 C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
MD5: fb9ca6bf794d81f533b633f40d7e8ec1 C:\Program Files\DNA\plugins\npbtdna.dll
MD5: 7ce19c2753c0a7ac81b53d432a0d7e94 C:\Program Files\Download Manager\npfpdlm.dll
MD5: bf0c53ddcf44b80ebdfb51d6baa51216 C:\Program Files\dvd43\dvd43_tray.exe
MD5: 0cbe3e4166a08fc379eabf532b4efe18 C:\Program Files\Internet Explorer\plugins\NPDocBox.dll
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 07ccf3452ebe58a6ff6301ad83b84fe3 C:\Program Files\iTunes\iTunesHelper.dll
MD5: fde6da67628fb7b763336b6952cf6c3c C:\Program Files\iTunes\iTunesHelper.exe
MD5: c9beb1e91a45dbef28572ae35d6003b4 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 423282ddaa2265507ccf121427272de9 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 2dee3cbe9db65124c49a6366d0b042a3 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: e7d55e121ff1951cb86c7e0dc6a33877 c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: b529a7ae03571ef8da4795e8f615d036 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
MD5: 55f2927c9a5d7e2237a103dcbcd374a8 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: 49c4cb0a7ee5b886e65a50f62e60ad7c c:\program files\megaupload\mega manager\megaiemn.dll
MD5: 451b004c4ace3b84a75cb982627b5e0c C:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
MD5: 11da24e40264b9fcb14b8477e25ed09a C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
MD5: c3e42cbf8215171a524d123a54ae3233 c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
MD5: 8cde51018955c392f429fd2fe23917d7 C:\Program Files\Mozilla Firefox 4.0 Beta 6\components\browsercomps.dll
MD5: 7e52646afd2a2ec36f2fe18af3c3493b C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe
MD5: 5b7d4f3bf2d287f24c1a816b57f56cdd C:\Program Files\Mozilla Firefox 4.0 Beta 6\freebl3.dll
MD5: ee526d571a67e85993c092f87bb41f0f C:\Program Files\Mozilla Firefox 4.0 Beta 6\mozalloc.dll
MD5: c7448596a6b3d4cae52ec6eda5d9ba45 C:\Program Files\Mozilla Firefox 4.0 Beta 6\MOZCPP19.dll
MD5: 0b1f469a9ad06a17f809f4c2d8c92f78 C:\Program Files\Mozilla Firefox 4.0 Beta 6\MOZCRT19.dll
MD5: ff50b40b8ae6c0af599c7d4541860fff C:\Program Files\Mozilla Firefox 4.0 Beta 6\mozjs.dll
MD5: 5a55e5c705657ae7733d25d82ccf0559 C:\Program Files\Mozilla Firefox 4.0 Beta 6\mozsqlite3.dll
MD5: 44fb3ca91368beb7306924f5b8c501de C:\Program Files\Mozilla Firefox 4.0 Beta 6\nspr4.dll
MD5: 3834d50613e18be196e1a7784da554ea C:\Program Files\Mozilla Firefox 4.0 Beta 6\nss3.dll
MD5: bef75a3cc8a4ce24d9a18212c75caaeb C:\Program Files\Mozilla Firefox 4.0 Beta 6\nssckbi.dll
MD5: f9e0ba5ce651bbcf7f7e4209057bbd52 C:\Program Files\Mozilla Firefox 4.0 Beta 6\nssdbm3.dll
MD5: a44dcd14df2249af55ee9b0309173c93 C:\Program Files\Mozilla Firefox 4.0 Beta 6\nssutil3.dll
MD5: e7208b3353a467a2908842611432ac90 C:\Program Files\Mozilla Firefox 4.0 Beta 6\plc4.dll
MD5: 2041728e1dadc9d29848d772b674b197 C:\Program Files\Mozilla Firefox 4.0 Beta 6\plds4.dll
MD5: c0c3c7ba9fbe26be3316c7ae38a24b34 C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
MD5: 5eb6f21d95e728c61bcfc89f899d6bb0 C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins\npdeployJava1.dll
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins\nppdf32.dll
MD5: 10e08a7e583f013fa17a669a18fb5810 C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins\npwachk.dll
MD5: a96499e62ba516b2f43d548586407de1 C:\Program Files\Mozilla Firefox 4.0 Beta 6\smime3.dll
MD5: 832779b8dffc0721542f544f5f87c826 C:\Program Files\Mozilla Firefox 4.0 Beta 6\softokn3.dll
MD5: a76856e53fc2d13bf79ee0ecf61fb9dd C:\Program Files\Mozilla Firefox 4.0 Beta 6\ssl3.dll
MD5: 6680a5147e95ecae1c36368df4bc35f7 C:\Program Files\Mozilla Firefox 4.0 Beta 6\xpcom.dll
MD5: 4d94e2b02ccc79610091dea711a50ab6 C:\Program Files\Mozilla Firefox 4.0 Beta 6\xul.dll
MD5: 99f97c9fe748c37528c338a423577fcb C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
MD5: 1a3ab578d9f4f130885b0cc0ce66d162 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
MD5: c953747215143628d3724340faf73bd4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 22e022c1b47866f29ace50693ab656b0 C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: dcc17c274554e0a9263cb92d739927be C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
MD5: cff7b34d91fcc4b05e61a8ebf5987b12 C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
MD5: 7fea176d89ef2063128e6d906c9e1f11 C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
MD5: 8699acf27897736db978e5054172ce6a C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MD5: 97dfceeacdbc01883cc026a0e4472d12 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
MD5: 169760023f6f8bf377765b0e75242866 C:\Program Files\NVIDIA Corporation\3D Vision\nvStereoApiI.dll
MD5: 04db1e60fbfb9a77af16238a209c2cdd C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
MD5: 780db9b6d1066a23aac8e228a0d1bc2e C:\Program Files\NVIDIA Corporation\Display\NvUI.dll
MD5: 04f977f0d879f174e9540e462d13ea56 C:\Program Files\NVIDIA Corporation\NvUpdate\NvUpdt.dll
MD5: a4476ab9fc262c70bf0914fb0ecadb4d C:\Program Files\NVIDIA Corporation\NvUpdate\NVUPDTR.DLL
MD5: 01817271483bce7940cf98fcea347c3c C:\Program Files\OO Software\Defrag\oodsh.dll
MD5: c87223028e3eadf85a182f56b65e9e70 C:\Program Files\OO Software\Defrag\oodshrs.dll
MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: acab199c4d1ccf54872f7baec254e476 C:\Program Files\Razer\Lycosa\razerhid.exe
MD5: e0690aec61d9f8a97ad5a24dbf5eea2f C:\Program Files\Razer\Lycosa\razerlan.dll
MD5: ea3faf20c223c28c1b5fa8a7546a0387 C:\Program Files\Razer\Lycosa\razertra.exe
MD5: 590c4454a1d36f76da1f636fad139771 c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
MD5: 747ef11fc1b2202821dc46ac28dd4b76 C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
MD5: 3db03952b744d7eab9f8833893959349 C:\Program Files\TortoiseSVN\bin\libapr_tsvn.dll
MD5: f5e878ad95b04ae17dde9b144bf1284b C:\Program Files\TortoiseSVN\bin\libaprutil_tsvn.dll
MD5: 7d22bc2a26357503e146ed4fd8e1cefa C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
MD5: ef3c41a2b5c57edcb281758aaa897217 C:\Program Files\TortoiseSVN\bin\TortoiseSVN.dll
MD5: 64730a2c16ba9f46d8cc035efb45f221 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
MD5: 00c3a13f2d4535f9df0c52bd58be242f C:\Program Files\WinRAR\rarext.dll
MD5: 691461acbbd1de13ff0fbe8b3ece76d8 C:\Program Files\WinUHA\shellwinuha.dll
MD5: 42e5d5d08773a57a88f5f7df8e8752b1 C:\ProgramData\id Software\QuakeLive\npquakezero.dll
MD5: 9ebf9632335835219c19c0ce2ce5198b C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Curse.AddOns.dll
MD5: c0f4bbbcfc4094a3bfd848e60d9e9921 C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Curse.ClientService.Models.dll
MD5: 957a960e9d4c481d1c6b94c1fdb1086d C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Curse.CurseClient.Common.dll
MD5: 0124a09cf3732706540af1a10772a3ba C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Curse.CurseClient.Controls.dll
MD5: ad5218cb251df08304ddda91f832fd2c C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Curse.CurseClient.Enumerations.dll
MD5: d7b2bea680c7c730277c5e4c814bfc36 C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Curse.CurseClient.Localization.dll
MD5: 7577db9aab0d902a308399877a6bb792 C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Curse.CurseClient.Logitech.dll
MD5: 33c8b5eca91771007dfb559e1f01f172 C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Curse.CurseClient.WowStead.dll
MD5: b5f9dcb0cb6e69d590c1a3a1d48d05c9 C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Curse.dll
MD5: b2bd127363521667df459bcbe266a38b C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Curse.DownloadSecurity.Tokens.dll
MD5: da73371d9189e04e201a32e1214ea468 C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Curse.MurmurHash.dll
MD5: 02c4b5b0acc09a00bc820d141203dcaa C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe
MD5: fe7b5b89234cafbcfe69d602d0e98e5f C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\GammaJul.LgLcd.dll
MD5: 1bf4884806896a6ac307ed8f5ddd284f C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\GammaJul.LgLcd.Native32.dll
MD5: eeb19c02be0f30610e2594c13dd56801 C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\ICSharpCode.SharpZipLib.dll
MD5: adc15a45243191223f7b28fa3ca00b1b C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Interop.NetFwTypeLib.dll
MD5: 42422c5122a83e6d1773a1348c47fc7c C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Microsoft.Windows.Shell.dll
MD5: d0ddc4b9d744857b031ae92e0b2d2031 C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\WPF.Themes.dll
MD5: ca9e54d3ed8eb1d1994da1c6f970d45b C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Xceed.Wpf.Controls.dll
MD5: c84c0c5281acce1058e1d63c97e76404 C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\Xceed.Wpf.DataGrid.dll
MD5: 5c677eba3a7a05c0bc22288198c19383 C:\Users\Owner\AppData\Local\Apps\2.0\CC4A5HBY.21C\D1GLJ3PP.VHQ\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\zlib.net.dll
MD5: c9187c55cf2fef0444316e0816a6edb0 C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\[email protected]\components\DTToolbarFF.dll
MD5: 1ea8617d4c709c2f283a5e526082d746 C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\[email protected]\components\DTToolbarFF4.dll
MD5: 28b8df6c027e634cb3e8a53383ee97c6 C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 1a3ab578d9f4f130885b0cc0ce66d162 C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
MD5: 8ca06052cb0ed27701f345e9f87baf07 C:\Users\Owner\Program Files\DNA\plugins\npbtdna.dll
MD5: 5440ee9cd44616d60cde57ebdb286e95 C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MD5: 8607a3ae9c287a8e3cdf6e410a1426a7 C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MD5: 98ad6aacc81dc2c1de5c178fbe12db4a C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\798dad8e1b1dae489aa30b4341bcdba7\CustomMarshalers.ni.dll
MD5: 34bee9a90ab3cdd5ec620d82e12ed4ce C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\400fb050a170340b327ddee651492901\Microsoft.VisualBasic.ni.dll
MD5: 0c9fffc25f797f8c7c3f99bc12cfa411 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MD5: 9e01b986b9326e44ee002c71e477dcd3 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d8ed93f3a3123eb08cddadd84a56327e\PresentationCore.ni.dll
MD5: ea2199ac2802b9f008a88de8e22856b2 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\42febbc98987f1eb481bef951f33a15d\PresentationFramework.ni.dll
MD5: c4b18da9a8784fc1ed7e3e839bd8b837 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4eb152cf60d056dfab8df7c4a9a31638\PresentationFramework.Classic.ni.dll
MD5: 703bf321ce3b8f30c0fb25946e0dc5e5 C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\74b97d97f13651cca7c409813d97b66a\SMDiagnostics.ni.dll
MD5: 1a5e278dedf15c328aaeec5dcb18b808 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\af6f706cdcf02a312a9a339c20a8dbfb\System.Configuration.ni.dll
MD5: 37affcef95be06d1b189d930f2a9571f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\30df1b19618cda9f5715101b76e69981\System.Core.ni.dll
MD5: a474e2380ba1f0c5adb306cd626e15ba C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\4990fa158b64ad03c247911b66584081\System.Data.Entity.ni.dll
MD5: c1832cf84f45983fd4c314485cf3e069 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\cd5108d4a45bbd18b27d1bc77e40e4da\System.Data.ni.dll
MD5: 6c6e4499bfd38dca40a1f5c155df1d9b C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\1aa1d68cc8b4f116282d89b400b9156f\System.Deployment.ni.dll
MD5: 11ff68ddfe3e90de4401ec43d7acbbca C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\daf35d9703895998bae9efd6d23be282\System.Drawing.ni.dll
MD5: 08ca595ad1f7a889aac47e4b8bf10878 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3e1c184b683c96ec23c1cf22aec704d9\System.Runtime.Remoting.ni.dll
MD5: 5ad288aadb9ba0238505afe5c7b1573b C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f6f3a82612393c51aa29a5db21dde34c\System.Runtime.Serialization.ni.dll
MD5: c8c4c12e86f724edb788e0e405fcad92 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\2717ff065ef04e6ec85f332757542d35\System.Security.ni.dll
MD5: 87f0475633799481f6a2a242041312fc C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\15b2ea2c7fd6b469b5c51ce6a2b7e921\System.ServiceModel.ni.dll
MD5: 08489cfbc16f770f093befc76bff8d1f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\9e5583324c4659b40b4b440fb1a9e639\System.Web.ni.dll
MD5: 752c6a33b87bc81c8481906e6c6e79bf C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4d5fc62cbae71aae3cf1fa90446920ef\System.Windows.Forms.ni.dll
MD5: fdeebd2a0a0ba6000c904dc4fae674a5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\eb5ed48265c5035b75b76a847213c0bc\System.Xml.ni.dll
MD5: e43a888be303497084f56b52770390e1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f5fa811725cbc26754b26fb9cb2bda63\System.ni.dll
MD5: dc08174644f5d5da4b4c91661c5ada56 C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a6485a160959fbed092dc2ddbed3509e\UIAutomationProvider.ni.dll
MD5: 754cf826a4d563219112782ecf68f06f C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\96031e87be161842765531e37a996df6\UIAutomationTypes.ni.dll
MD5: 358d612fbb78f2305894ae76a075b07c C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\7aa97db6c6147a8dc4ba3a7416aff401\WindowsBase.ni.dll
MD5: cfb012a885e285fec68cbf403fb6a69e C:\Windows\CTXFIRES.DLL
MD5: 3d2fa23d55691c47e5ec7e74669a6b6a C:\Windows\Downloaded Program Files\CTPIDPDE.ocx
MD5: 056e6bfd6314bbb84d5dfb1ca529cd60 C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
MD5: 6717ae12e326dd1e39f6ee183a37dc0f C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: f3432e0c2d2c257d07d43fd57a0cde6a C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 1a11a757d613f8a815b8e30025522628 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: ac47b55b38d626b678897f195793ecab C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 0421441fbf668c7e72eeb658b04aa8c7 C:\Windows\SYSTEM32\APOMngr.DLL
MD5: 36b2d7fa0dff6e8e329477afa8e52acf C:\Windows\system32\Aquarium.scr
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 8c5a17843c447801fe857c66a623052f C:\Windows\system32\CmdLineExt.dll
MD5: 45f681a6de7ccd2e2cc3bae71fc1cb51 C:\Windows\SYSTEM32\CmdRtr.DLL
MD5: 4eb656dbae83c9c1ee59d969bbf3c187 C:\Windows\system32\CTAPO32.dll
MD5: 2eebaa2e7a4358485e2113e1756b3d99 C:\Windows\SYSTEM32\CTASIO.DLL
MD5: 1d930b4442b07952cb97eeb19cc4975f C:\Windows\SYSTEM32\CTDPROXY.DLL
MD5: 33b98c6a8d70e6f97cef11fd778e25c2 C:\Windows\system32\CTOPT352.dll
MD5: 36b1d7460c544d98e813b656dde5058e C:\Windows\SYSTEM32\ctosuser.dll
MD5: 3e5606cd2d8c92ab2390b2bd198813c9 C:\Windows\system32\cttele32.dll
MD5: ed9b55b4044df1c6a30ee7ede3148014 C:\Windows\System32\ctxfibtn.dll
MD5: ca2b63032d9cbbfd9dfb5fabd61c0e81 C:\Windows\System32\Ctxfihlp.exe
MD5: e88ac9862edc6e1a93b33bff86e8ccbf C:\Windows\System32\CTxfispi.exe
MD5: 3107f4666aca044bc27b6794f605ef59 C:\Windows\System32\ctxfispk.dll
MD5: 3dfeec45e5f22993216083fb777719d5 C:\Windows\system32\d2d1.dll
MD5: 8b02d2ecc7ef6e1f6af08459e3f741f6 C:\Windows\system32\d3d10.dll
MD5: 29e4ea31c6debe5efb384eefa4f1ef63 C:\Windows\system32\d3d10_1.dll
MD5: 556f1cbe9ba19e2ccd6f8d9af71af5c7 C:\Windows\system32\d3d10_1core.dll
MD5: 9c7094f537782a82b6a29b4a7172e180 C:\Windows\system32\d3d10core.dll
MD5: 33ebf5dcd45f878b3622ad82ab37af3a C:\Windows\system32\D3D10Warp.dll
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: 6843926aff733d46a04f9d4e1c1a6b14 C:\Windows\system32\DWrite.dll
MD5: aaae543c535ed596ecad2ab8761c2c6f C:\Windows\system32\dxgi.dll
MD5: 6daabb6fba03cbd631875a400b330804 C:\Windows\system32\easyUpdatusAPIU.dll
MD5: abaeaee763e287bdd39094c4165e1f3f C:\Windows\system32\fdproxy.dll
MD5: 9af36c3c48f82d95b5670d7c29923d8a C:\Windows\system32\ieframe.dll
MD5: 733c7f11b06892f9dc283d4bb34abd25 C:\Windows\system32\iertutil.dll
MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll
MD5: c92f538f531f26f2e240a8b21420692a C:\Windows\System32\jscript9.dll
MD5: 3a6a80c564e86f33a83e12715c674ca0 C:\Windows\system32\jsproxy.dll
MD5: 574b473facaa0e91702b86578440b525 C:\Windows\system32\kernel32.dll
MD5: 634ec15828d7f93c10721bd972c50456 C:\Windows\system32\Macromed\Flash\Flash10s.ocx
MD5: 21a67095edc11a528f5434d28bb0ef3c C:\Windows\system32\Macromed\Flash\NPSWF32.dll
MD5: ef24642d5fb52a1eef56de9e47cbb993 C:\Windows\System32\MFC42.dll
MD5: 1b593fbb763150bd225df266c69a9329 C:\Windows\system32\MFC42u.DLL
MD5: 3f63f95c998f7e1af409bc74e83d45e5 C:\Windows\system32\MSHTML.dll
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: ff41e1ac301f51e16f61ad7c0f45467c C:\Windows\System32\msshsq.dll
MD5: 2310a32bb0164552a311bfa02102a3d6 C:\Windows\system32\MSVCP60.dll
MD5: 708fb84003732e220c23cdf207f5a329 C:\Windows\system32\ntdll.dll
MD5: 64ffb7acb668a18ba45c645a28c8cd11 C:\Windows\system32\nvapi.dll
MD5: 125d7807ad8b86fccdedf1521b8b7351 C:\Windows\system32\nvd3dum.dll
MD5: dbb2dbed63b4ff6a53e79e1461eedb4f C:\Windows\system32\nvwgf2um.dll
MD5: 862363973dcbcc31dd161ef41a69153c C:\Windows\system32\ODBC32.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\system32\ole32.dll
MD5: de4cd76c254e143f40e62952788d3be7 C:\Windows\system32\OLEAUT32.dll
MD5: 227238abe6faf88eca47517fa04c3d8c C:\Windows\SYSTEM32\PIAPROXY.DLL
MD5: 2ab58991862153a248779174d4e4212b C:\Windows\system32\schannel.dll
MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\system32\SHDOCVW.dll
MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\system32\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\system32\SHLWAPI.dll
MD5: b5950df243837d8217f4e597919b224a C:\Windows\system32\stobject.dll
MD5: 3d50c4b10352367d5cb20ed1f50f8da2 C:\Windows\System32\taskeng.exe
MD5: 52e129522c1775dbb8cc252e7a0655c7 C:\Windows\system32\taskschd.dll
MD5: cde36a70a5280fc0696e6e4363c4c71d C:\Windows\system32\TaskSchdPS.dll
MD5: 6f825db2be90afb45821e13122c56f06 C:\Windows\system32\UDAAPO32.dll
MD5: 67bfde0ecc695b16884f59d18302888a C:\Windows\system32\UDACFX32.dll
MD5: df6de2f5afb9fa1cfa02081ef9b3e7e8 C:\Windows\system32\urlmon.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\system32\USP10.dll
MD5: ae1c51864af5c57420153f198d202324 C:\Windows\system32\uxtheme.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\system32\webcheck.dll
MD5: a1236375b74ea63c75657d564890c436 C:\Windows\system32\WININET.dll
MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\WINSPOOL.DRV
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.03 MB sent, 0.95 KB recvd
Scanned 488 files and modules - 30 seconds

==============================================================================

Windows still seems to be stuck in the Windows Classic Theme and when ever i try to switch it to aero it says please wait and then it is still in the Classic theme. Also, where they give the little samples where what the different themes look like aero is just a solid black box. Any ideas? Other than that it seems to be running pretty smoothly.

EDIT: I actually fixed the theme myself by doing SFC in the cmd prompt!

Edited by Starce*, 25 July 2011 - 12:47 AM.

  • 0

#6
emeraldnzl
Posted 25 July 2011 - 01:56 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Starce*,

EDIT: I actually fixed the theme myself by doing SFC in the cmd prompt!


Glad you found a solution.

If it happens again you might like to check out this link:

http://www.howtogeek...nable-it-again/

Now

We are almost there, just a couple more things to do and then we will likely go to cleaning away the tools we have been using.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Next

Download and run:

When you return please post
  • aswMBR log
  • 0

#7
Starce*
Posted 25 July 2011 - 11:32 PM

Starce*

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the log.

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-25 23:56:23
-----------------------------
23:56:23.920 OS Version: Windows 6.0.6002 Service Pack 2
23:56:23.920 Number of processors: 2 586 0xF06
23:56:23.920 ComputerName: USER-PC UserName: Owner
23:56:49.910 Initialize success
23:58:27.619 AVAST engine defs: 11072501
23:58:47.712 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
23:58:47.712 Disk 0 Vendor: Hitachi_ V54O Size: 305245MB BusType: 3
23:58:47.712 Disk 0 MBR read successfully
23:58:47.712 Disk 0 MBR scan
23:58:47.743 Disk 0 Windows VISTA default MBR code
23:58:47.743 Disk 0 scanning sectors +625137345
23:58:47.790 Disk 0 scanning C:\Windows\system32\drivers
23:59:02.158 Service scanning
23:59:03.078 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
23:59:03.687 Modules scanning
23:59:08.039 Disk 0 trace - called modules:
23:59:08.055 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86cf31f8]<<
23:59:08.055 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87ec3398]
23:59:08.569 3 CLASSPNP.SYS[83c828b3] -> nt!IofCallDriver -> [0x86d92510]
23:59:08.569 5 acpi.sys[807b96bc] -> nt!IofCallDriver -> \Device\0000006d[0x86d92030]
23:59:08.569 \Driver\nvstor32[0x86d93af8] -> IRP_MJ_CREATE -> 0x86cf31f8
23:59:10.270 AVAST engine scan C:\Windows
23:59:17.337 AVAST engine scan C:\Windows\system32
00:02:01.605 AVAST engine scan C:\Windows\system32\drivers
00:02:13.476 AVAST engine scan C:\Users\Owner
00:19:38.596 AVAST engine scan C:\ProgramData
00:29:01.159 Scan finished successfully
00:31:30.999 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
00:31:30.999 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

EDIT: Got a random blue screen while playing WoW and music. Here are some details about it.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000047
BCP2: 832C8E72
BCP3: 8039DA1C
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini072611-01.dmp
C:\Users\Owner\AppData\Local\temp\WER-72977-0.sysdata.xml
C:\Users\Owner\AppData\Local\temp\WER9BA2.tmp.version.txt

Edited by Starce*, 25 July 2011 - 11:50 PM.

  • 0

#8
emeraldnzl
Posted 26 July 2011 - 12:48 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Starce*,

aswMBR is showing an unknown item. It's likely nothing to worry about but just to be sure let's do this:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#9
Starce*
Posted 26 July 2011 - 11:12 PM

Starce*

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the log.

2011/07/27 00:07:15.0241 4836 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/27 00:07:15.0849 4836 ================================================================================
2011/07/27 00:07:15.0849 4836 SystemInfo:
2011/07/27 00:07:15.0849 4836
2011/07/27 00:07:15.0849 4836 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/27 00:07:15.0849 4836 Product type: Workstation
2011/07/27 00:07:15.0849 4836 ComputerName: USER-PC
2011/07/27 00:07:15.0849 4836 UserName: Owner
2011/07/27 00:07:15.0849 4836 Windows directory: C:\Windows
2011/07/27 00:07:15.0849 4836 System windows directory: C:\Windows
2011/07/27 00:07:15.0849 4836 Processor architecture: Intel x86
2011/07/27 00:07:15.0849 4836 Number of processors: 2
2011/07/27 00:07:15.0849 4836 Page size: 0x1000
2011/07/27 00:07:15.0849 4836 Boot type: Normal boot
2011/07/27 00:07:15.0849 4836 ================================================================================
2011/07/27 00:07:18.0096 4836 Initialize success
2011/07/27 00:07:25.0428 2908 ================================================================================
2011/07/27 00:07:25.0428 2908 Scan started
2011/07/27 00:07:25.0428 2908 Mode: Manual;
2011/07/27 00:07:25.0428 2908 ================================================================================
2011/07/27 00:07:30.0326 2908 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/27 00:07:31.0075 2908 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/27 00:07:31.0434 2908 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/27 00:07:31.0714 2908 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/27 00:07:31.0808 2908 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/27 00:07:32.0089 2908 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/27 00:07:32.0276 2908 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/07/27 00:07:32.0385 2908 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/27 00:07:32.0510 2908 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/07/27 00:07:32.0900 2908 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/07/27 00:07:33.0040 2908 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/07/27 00:07:33.0524 2908 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/27 00:07:33.0649 2908 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/27 00:07:34.0039 2908 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/27 00:07:34.0195 2908 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/27 00:07:34.0834 2908 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys
2011/07/27 00:07:35.0100 2908 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/27 00:07:35.0271 2908 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/27 00:07:35.0490 2908 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/27 00:07:35.0926 2908 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/27 00:07:36.0145 2908 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/27 00:07:36.0550 2908 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/27 00:07:36.0644 2908 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/27 00:07:36.0831 2908 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/27 00:07:36.0972 2908 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/27 00:07:37.0159 2908 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/27 00:07:37.0440 2908 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/27 00:07:37.0689 2908 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/27 00:07:37.0814 2908 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/27 00:07:38.0641 2908 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/27 00:07:38.0875 2908 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/27 00:07:39.0265 2908 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/27 00:07:39.0452 2908 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/27 00:07:39.0530 2908 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/07/27 00:07:39.0561 2908 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/27 00:07:39.0608 2908 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/27 00:07:39.0670 2908 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/27 00:07:39.0733 2908 CT20XUT (444117d74af76d4bc0b5fd3398fc0cf8) C:\Windows\system32\drivers\CT20XUT.SYS
2011/07/27 00:07:39.0748 2908 CT20XUT.SYS (444117d74af76d4bc0b5fd3398fc0cf8) C:\Windows\System32\drivers\CT20XUT.SYS
2011/07/27 00:07:39.0811 2908 ctac32k (3854ae2d02880ed877e9b4dfda15e0e1) C:\Windows\system32\drivers\ctac32k.sys
2011/07/27 00:07:39.0873 2908 ctaud2k (c365234b800a70afa95ded3c6bfeeaef) C:\Windows\system32\drivers\ctaud2k.sys
2011/07/27 00:07:40.0201 2908 CTEXFIFX (7cc5e7224125a29ec0ca45fb437c953e) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/07/27 00:07:40.0279 2908 CTEXFIFX.SYS (7cc5e7224125a29ec0ca45fb437c953e) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/07/27 00:07:40.0341 2908 CTHWIUT (2941bdb22acc6a1be9d6128a1afeae2d) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/07/27 00:07:40.0372 2908 CTHWIUT.SYS (2941bdb22acc6a1be9d6128a1afeae2d) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/07/27 00:07:40.0419 2908 ctprxy2k (ffa0e7da970749e0bf92822e82f94a1c) C:\Windows\system32\drivers\ctprxy2k.sys
2011/07/27 00:07:40.0482 2908 ctsfm2k (3487c97492dcfa3b1aa474f3d1024b94) C:\Windows\system32\drivers\ctsfm2k.sys
2011/07/27 00:07:40.0560 2908 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/27 00:07:40.0653 2908 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/27 00:07:40.0716 2908 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/27 00:07:40.0762 2908 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\Windows\system32\DRIVERS\dvd43llh.sys
2011/07/27 00:07:40.0809 2908 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/27 00:07:40.0840 2908 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/27 00:07:40.0950 2908 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/27 00:07:41.0028 2908 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/27 00:07:41.0074 2908 emupia (dd5bbc069d01082d0273e03053c34c38) C:\Windows\system32\drivers\emupia2k.sys
2011/07/27 00:07:41.0277 2908 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/27 00:07:41.0308 2908 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/27 00:07:41.0418 2908 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/27 00:07:41.0496 2908 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/27 00:07:41.0542 2908 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/27 00:07:41.0574 2908 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/27 00:07:41.0605 2908 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/27 00:07:41.0636 2908 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/27 00:07:41.0683 2908 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/27 00:07:41.0714 2908 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/27 00:07:42.0042 2908 ha20x22k (e9eed44cf043a23a1a74544c5fe9e927) C:\Windows\system32\drivers\ha20x22k.sys
2011/07/27 00:07:42.0463 2908 ha20x2k (b10ca02f917ddff5abc6c9408c691fc6) C:\Windows\system32\drivers\ha20x2k.sys
2011/07/27 00:07:42.0572 2908 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/07/27 00:07:42.0697 2908 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/07/27 00:07:43.0524 2908 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/27 00:07:44.0522 2908 HidBatt (f81597498b73caba59e2f0a26ba375ae) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/27 00:07:45.0146 2908 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/27 00:07:45.0364 2908 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/27 00:07:45.0458 2908 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/27 00:07:45.0583 2908 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/27 00:07:46.0472 2908 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/27 00:07:46.0566 2908 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/27 00:07:46.0675 2908 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/27 00:07:47.0517 2908 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/27 00:07:47.0595 2908 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/27 00:07:48.0188 2908 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/07/27 00:07:48.0516 2908 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/27 00:07:48.0578 2908 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/27 00:07:48.0640 2908 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/27 00:07:48.0672 2908 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/27 00:07:48.0921 2908 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/27 00:07:49.0015 2908 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/07/27 00:07:49.0592 2908 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/27 00:07:50.0232 2908 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/27 00:07:50.0419 2908 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/27 00:07:50.0466 2908 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/27 00:07:50.0606 2908 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/27 00:07:50.0871 2908 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/27 00:07:51.0043 2908 LachesisFltr (5e34cd48b7eb440bb77e93528cc9f0cc) C:\Windows\system32\drivers\Lachesis.sys
2011/07/27 00:07:51.0698 2908 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/27 00:07:51.0823 2908 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/27 00:07:51.0901 2908 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/27 00:07:51.0932 2908 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/27 00:07:51.0963 2908 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/27 00:07:52.0072 2908 LycoFltr (40b844cbe235b1a20557eec28c38f3da) C:\Windows\system32\Drivers\Lycosa.sys
2011/07/27 00:07:52.0556 2908 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/27 00:07:52.0759 2908 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/27 00:07:52.0930 2908 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/27 00:07:53.0570 2908 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/27 00:07:53.0664 2908 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/27 00:07:53.0788 2908 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/27 00:07:53.0866 2908 MovRVDrv32 (cb48c23769c56977ec3de6df0c6dbb8c) C:\Windows\system32\DRIVERS\MovRVDrv32.sys
2011/07/27 00:07:53.0898 2908 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/27 00:07:53.0944 2908 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/27 00:07:53.0991 2908 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/27 00:07:54.0584 2908 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/27 00:07:54.0678 2908 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/27 00:07:54.0802 2908 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/27 00:07:54.0927 2908 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/27 00:07:55.0208 2908 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/07/27 00:07:55.0504 2908 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/27 00:07:55.0598 2908 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/27 00:07:55.0941 2908 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/27 00:07:56.0082 2908 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/27 00:07:56.0175 2908 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/27 00:07:56.0378 2908 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/27 00:07:56.0472 2908 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/27 00:07:56.0628 2908 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/27 00:07:56.0737 2908 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/27 00:07:56.0784 2908 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/07/27 00:07:56.0815 2908 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/27 00:07:56.0986 2908 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/27 00:07:57.0657 2908 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/27 00:07:57.0735 2908 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/27 00:07:57.0798 2908 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/27 00:07:57.0844 2908 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/27 00:07:57.0876 2908 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/27 00:07:57.0922 2908 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/27 00:07:57.0938 2908 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/27 00:07:58.0063 2908 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/27 00:07:58.0219 2908 NPF (d21fee8db254ba762656878168ac1db6) C:\Windows\system32\drivers\npf.sys
2011/07/27 00:07:58.0250 2908 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/27 00:07:58.0297 2908 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/27 00:07:58.0344 2908 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/27 00:07:58.0406 2908 NTPASp50 (71cb7616cb36d43ea787c41ab55fe458) C:\Windows\system32\Drivers\NTPASp50.sys
2011/07/27 00:07:58.0453 2908 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/27 00:07:58.0515 2908 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/27 00:07:58.0593 2908 NVENETFD (c7859d19648d45ee888666c044ecab23) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/07/27 00:07:59.0841 2908 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/27 00:08:00.0450 2908 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/27 00:08:00.0559 2908 nvrd32 (6f922993c8aa8bf555b0a8428aab5731) C:\Windows\system32\DRIVERS\nvrd32.sys
2011/07/27 00:08:00.0621 2908 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/07/27 00:08:00.0808 2908 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/07/27 00:08:01.0666 2908 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/07/27 00:08:02.0805 2908 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/27 00:08:03.0398 2908 ossrv (54c4bcfd5336ea6ceafcb0d4b6978408) C:\Windows\system32\drivers\ctoss2k.sys
2011/07/27 00:08:03.0585 2908 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/07/27 00:08:03.0632 2908 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/27 00:08:03.0694 2908 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/27 00:08:03.0757 2908 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/27 00:08:03.0804 2908 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/27 00:08:03.0866 2908 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/27 00:08:03.0991 2908 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/07/27 00:08:04.0147 2908 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/27 00:08:04.0818 2908 Point32 (437827d69040c0c2565d47b024ed5372) C:\Windows\system32\DRIVERS\point32k.sys
2011/07/27 00:08:05.0504 2908 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/27 00:08:05.0660 2908 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/27 00:08:05.0925 2908 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/27 00:08:06.0019 2908 pxkbf (fb416d1d2d0b0f1897ceac5e8173132b) C:\Windows\system32\drivers\pxkbf.sys
2011/07/27 00:08:06.0830 2908 pxrts (b48727195833a11dcbd10815b503909f) C:\Windows\system32\drivers\pxrts.sys
2011/07/27 00:08:06.0924 2908 pxscan (292fc70b3e129819a4cf191395b31fcb) C:\Windows\system32\drivers\pxscan.sys
2011/07/27 00:08:07.0017 2908 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/27 00:08:07.0095 2908 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/27 00:08:07.0158 2908 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/27 00:08:07.0782 2908 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/27 00:08:08.0234 2908 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/27 00:08:08.0640 2908 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/27 00:08:08.0686 2908 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/27 00:08:08.0764 2908 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/27 00:08:08.0858 2908 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/27 00:08:08.0998 2908 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/07/27 00:08:09.0061 2908 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/27 00:08:09.0139 2908 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/27 00:08:09.0295 2908 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/27 00:08:09.0810 2908 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/27 00:08:10.0324 2908 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/27 00:08:10.0558 2908 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/27 00:08:10.0668 2908 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/07/27 00:08:10.0746 2908 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/27 00:08:10.0824 2908 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/07/27 00:08:10.0855 2908 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/27 00:08:11.0260 2908 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/27 00:08:11.0838 2908 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/27 00:08:12.0618 2908 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/07/27 00:08:12.0805 2908 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/27 00:08:12.0836 2908 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/27 00:08:12.0883 2908 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/27 00:08:12.0930 2908 SndTAudio (fa11bef5d56168a3f4017ad41b74602e) C:\Windows\system32\drivers\SndTAudio.sys
2011/07/27 00:08:12.0961 2908 SndTDriverV32 (c88ead1e773c444f6abba21d01a83408) C:\Windows\system32\drivers\SndTDriverV32.sys
2011/07/27 00:08:12.0992 2908 SndTVideo (2b5b846841eee00395d97b78d987c976) C:\Windows\system32\DRIVERS\SndTVideo.sys
2011/07/27 00:08:13.0039 2908 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/27 00:08:13.0335 2908 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/07/27 00:08:13.0335 2908 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/27 00:08:13.0413 2908 sptd - detected LockedFile.Multi.Generic (1)
2011/07/27 00:08:13.0928 2908 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/27 00:08:14.0833 2908 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/27 00:08:14.0942 2908 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/27 00:08:15.0535 2908 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/27 00:08:15.0925 2908 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/27 00:08:16.0190 2908 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/27 00:08:16.0237 2908 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/27 00:08:16.0580 2908 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/27 00:08:16.0939 2908 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/27 00:08:16.0986 2908 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/27 00:08:17.0188 2908 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/27 00:08:17.0906 2908 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/27 00:08:17.0953 2908 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/27 00:08:18.0000 2908 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/27 00:08:18.0031 2908 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/27 00:08:18.0577 2908 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/27 00:08:18.0951 2908 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/27 00:08:18.0998 2908 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/27 00:08:19.0107 2908 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/27 00:08:19.0248 2908 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/27 00:08:19.0357 2908 uisp (1c768107ac5bd510686c8f0e4da30c48) C:\Windows\system32\Drivers\usbicp.sys
2011/07/27 00:08:19.0388 2908 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/27 00:08:19.0450 2908 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/27 00:08:19.0497 2908 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/27 00:08:19.0528 2908 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/27 00:08:19.0638 2908 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/27 00:08:19.0918 2908 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/27 00:08:20.0059 2908 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/27 00:08:20.0168 2908 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/27 00:08:20.0246 2908 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/27 00:08:20.0277 2908 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/27 00:08:20.0371 2908 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/27 00:08:20.0605 2908 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/27 00:08:20.0714 2908 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/27 00:08:20.0948 2908 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/27 00:08:21.0088 2908 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/27 00:08:21.0166 2908 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/27 00:08:21.0385 2908 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/27 00:08:21.0978 2908 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/27 00:08:22.0087 2908 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/07/27 00:08:22.0134 2908 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/27 00:08:22.0196 2908 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/07/27 00:08:22.0321 2908 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/27 00:08:22.0524 2908 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/27 00:08:22.0789 2908 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/27 00:08:22.0976 2908 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/27 00:08:23.0116 2908 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/27 00:08:23.0163 2908 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 00:08:23.0194 2908 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 00:08:23.0257 2908 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/27 00:08:23.0350 2908 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/27 00:08:23.0647 2908 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/27 00:08:23.0818 2908 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/27 00:08:23.0912 2908 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/27 00:08:24.0021 2908 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/27 00:08:24.0271 2908 xnacc (69d5c58a3a03f86196db66ee95435652) C:\Windows\system32\DRIVERS\xnacc.sys
2011/07/27 00:08:24.0474 2908 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\Windows\system32\DRIVERS\xusb21.sys
2011/07/27 00:08:24.0536 2908 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/27 00:08:24.0645 2908 Boot (0x1200) (9b51026172c24ae8193b817a77836f05) \Device\Harddisk0\DR0\Partition0
2011/07/27 00:08:24.0786 2908 ================================================================================
2011/07/27 00:08:24.0786 2908 Scan finished
2011/07/27 00:08:24.0786 2908 ================================================================================
2011/07/27 00:08:24.0786 4400 Detected object count: 1
2011/07/27 00:08:24.0786 4400 Actual detected object count: 1
2011/07/27 00:09:04.0222 4400 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/27 00:09:21.0663 4436 ================================================================================
2011/07/27 00:09:21.0663 4436 Scan started
2011/07/27 00:09:21.0663 4436 Mode: Manual;
2011/07/27 00:09:21.0663 4436 ================================================================================
2011/07/27 00:09:22.0677 4436 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/27 00:09:24.0736 4436 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/27 00:09:25.0236 4436 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/27 00:09:25.0844 4436 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/27 00:09:26.0016 4436 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/27 00:09:26.0499 4436 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/27 00:09:26.0874 4436 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/07/27 00:09:27.0451 4436 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/27 00:09:27.0872 4436 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/07/27 00:09:27.0919 4436 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/07/27 00:09:28.0636 4436 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/07/27 00:09:28.0886 4436 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/27 00:09:29.0370 4436 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/07/27 00:09:30.0025 4436 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/27 00:09:30.0181 4436 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/27 00:09:30.0867 4436 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys
2011/07/27 00:09:30.0961 4436 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/27 00:09:31.0039 4436 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/27 00:09:31.0382 4436 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/27 00:09:31.0944 4436 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/27 00:09:32.0505 4436 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/27 00:09:33.0067 4436 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/27 00:09:33.0816 4436 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/27 00:09:33.0956 4436 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/27 00:09:34.0377 4436 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/27 00:09:35.0001 4436 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/27 00:09:35.0266 4436 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/27 00:09:35.0890 4436 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/27 00:09:35.0984 4436 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/27 00:09:36.0577 4436 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/27 00:09:37.0123 4436 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/27 00:09:37.0809 4436 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/27 00:09:38.0012 4436 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/27 00:09:38.0402 4436 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/07/27 00:09:39.0120 4436 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/27 00:09:39.0868 4436 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/27 00:09:40.0040 4436 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/27 00:09:40.0570 4436 CT20XUT (444117d74af76d4bc0b5fd3398fc0cf8) C:\Windows\system32\drivers\CT20XUT.SYS
2011/07/27 00:09:41.0007 4436 CT20XUT.SYS (444117d74af76d4bc0b5fd3398fc0cf8) C:\Windows\System32\drivers\CT20XUT.SYS
2011/07/27 00:09:41.0054 4436 ctac32k (3854ae2d02880ed877e9b4dfda15e0e1) C:\Windows\system32\drivers\ctac32k.sys
2011/07/27 00:09:41.0335 4436 ctaud2k (c365234b800a70afa95ded3c6bfeeaef) C:\Windows\system32\drivers\ctaud2k.sys
2011/07/27 00:09:42.0052 4436 CTEXFIFX (7cc5e7224125a29ec0ca45fb437c953e) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/07/27 00:09:43.0066 4436 CTEXFIFX.SYS (7cc5e7224125a29ec0ca45fb437c953e) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/07/27 00:09:43.0846 4436 CTHWIUT (2941bdb22acc6a1be9d6128a1afeae2d) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/07/27 00:09:44.0221 4436 CTHWIUT.SYS (2941bdb22acc6a1be9d6128a1afeae2d) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/07/27 00:09:44.0814 4436 ctprxy2k (ffa0e7da970749e0bf92822e82f94a1c) C:\Windows\system32\drivers\ctprxy2k.sys
2011/07/27 00:09:45.0282 4436 ctsfm2k (3487c97492dcfa3b1aa474f3d1024b94) C:\Windows\system32\drivers\ctsfm2k.sys
2011/07/27 00:09:45.0999 4436 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/27 00:09:46.0140 4436 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/27 00:09:46.0405 4436 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/27 00:09:47.0122 4436 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\Windows\system32\DRIVERS\dvd43llh.sys
2011/07/27 00:09:47.0996 4436 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/27 00:09:48.0292 4436 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/27 00:09:48.0870 4436 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/27 00:09:49.0353 4436 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/27 00:09:50.0164 4436 emupia (dd5bbc069d01082d0273e03053c34c38) C:\Windows\system32\drivers\emupia2k.sys
2011/07/27 00:09:50.0929 4436 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/27 00:09:51.0116 4436 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/27 00:09:51.0241 4436 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/27 00:09:51.0865 4436 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/27 00:09:52.0333 4436 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/27 00:09:52.0614 4436 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/27 00:09:53.0222 4436 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/27 00:09:53.0862 4436 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/27 00:09:54.0267 4436 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/27 00:09:54.0564 4436 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/27 00:09:55.0281 4436 ha20x22k (e9eed44cf043a23a1a74544c5fe9e927) C:\Windows\system32\drivers\ha20x22k.sys
2011/07/27 00:09:55.0999 4436 ha20x2k (b10ca02f917ddff5abc6c9408c691fc6) C:\Windows\system32\drivers\ha20x2k.sys
2011/07/27 00:09:56.0186 4436 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/07/27 00:09:56.0451 4436 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/07/27 00:09:57.0434 4436 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/27 00:09:58.0183 4436 HidBatt (f81597498b73caba59e2f0a26ba375ae) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/27 00:09:58.0448 4436 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/27 00:09:59.0010 4436 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/27 00:09:59.0337 4436 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/27 00:09:59.0790 4436 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/27 00:10:00.0351 4436 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/27 00:10:00.0975 4436 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/27 00:10:01.0194 4436 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/27 00:10:01.0240 4436 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/27 00:10:01.0287 4436 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/27 00:10:02.0317 4436 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/07/27 00:10:03.0019 4436 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/27 00:10:03.0440 4436 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/27 00:10:04.0392 4436 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/27 00:10:04.0891 4436 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/27 00:10:05.0406 4436 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/27 00:10:05.0842 4436 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/07/27 00:10:06.0108 4436 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/27 00:10:06.0264 4436 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/27 00:10:06.0357 4436 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/27 00:10:07.0090 4436 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/27 00:10:07.0527 4436 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/27 00:10:07.0933 4436 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/27 00:10:08.0448 4436 LachesisFltr (5e34cd48b7eb440bb77e93528cc9f0cc) C:\Windows\system32\drivers\Lachesis.sys
2011/07/27 00:10:08.0916 4436 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/27 00:10:09.0524 4436 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/27 00:10:09.0898 4436 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/27 00:10:10.0444 4436 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/27 00:10:10.0912 4436 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/27 00:10:11.0209 4436 LycoFltr (40b844cbe235b1a20557eec28c38f3da) C:\Windows\system32\Drivers\Lycosa.sys
2011/07/27 00:10:11.0334 4436 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/27 00:10:11.0443 4436 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/27 00:10:12.0160 4436 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/27 00:10:12.0488 4436 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/27 00:10:12.0894 4436 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/27 00:10:13.0518 4436 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/27 00:10:14.0204 4436 MovRVDrv32 (cb48c23769c56977ec3de6df0c6dbb8c) C:\Windows\system32\DRIVERS\MovRVDrv32.sys
2011/07/27 00:10:14.0563 4436 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/27 00:10:15.0171 4436 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/27 00:10:15.0546 4436 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/27 00:10:16.0138 4436 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/27 00:10:16.0326 4436 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/27 00:10:16.0638 4436 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/27 00:10:17.0386 4436 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/27 00:10:17.0574 4436 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/07/27 00:10:18.0057 4436 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/27 00:10:18.0681 4436 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/27 00:10:19.0258 4436 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/27 00:10:19.0680 4436 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/27 00:10:20.0054 4436 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/27 00:10:20.0631 4436 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/27 00:10:21.0084 4436 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/27 00:10:21.0255 4436 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/27 00:10:21.0333 4436 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/27 00:10:21.0364 4436 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/07/27 00:10:21.0630 4436 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/27 00:10:22.0238 4436 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/27 00:10:22.0846 4436 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/27 00:10:23.0564 4436 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/27 00:10:23.0704 4436 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/27 00:10:24.0172 4436 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/27 00:10:24.0672 4436 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/27 00:10:25.0374 4436 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/27 00:10:25.0842 4436 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/27 00:10:26.0325 4436 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/27 00:10:26.0512 4436 NPF (d21fee8db254ba762656878168ac1db6) C:\Windows\system32\drivers\npf.sys
2011/07/27 00:10:26.0700 4436 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/27 00:10:27.0043 4436 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/27 00:10:27.0714 4436 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/27 00:10:28.0462 4436 NTPASp50 (71cb7616cb36d43ea787c41ab55fe458) C:\Windows\system32\Drivers\NTPASp50.sys
2011/07/27 00:10:28.0837 4436 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/27 00:10:29.0430 4436 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/27 00:10:30.0241 4436 NVENETFD (c7859d19648d45ee888666c044ecab23) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/07/27 00:10:32.0331 4436 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/27 00:10:32.0784 4436 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/27 00:10:33.0049 4436 nvrd32 (6f922993c8aa8bf555b0a8428aab5731) C:\Windows\system32\DRIVERS\nvrd32.sys
2011/07/27 00:10:33.0782 4436 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/07/27 00:10:34.0546 4436 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/07/27 00:10:34.0843 4436 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/07/27 00:10:35.0794 4436 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/27 00:10:36.0138 4436 ossrv (54c4bcfd5336ea6ceafcb0d4b6978408) C:\Windows\system32\drivers\ctoss2k.sys
2011/07/27 00:10:36.0372 4436 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/07/27 00:10:36.0512 4436 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/27 00:10:36.0871 4436 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/27 00:10:37.0479 4436 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/27 00:10:37.0854 4436 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/27 00:10:38.0010 4436 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/27 00:10:38.0306 4436 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/07/27 00:10:38.0415 4436 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/27 00:10:38.0602 4436 Point32 (437827d69040c0c2565d47b024ed5372) C:\Windows\system32\DRIVERS\point32k.sys
2011/07/27 00:10:38.0696 4436 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/27 00:10:38.0727 4436 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/27 00:10:38.0868 4436 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/27 00:10:38.0992 4436 pxkbf (fb416d1d2d0b0f1897ceac5e8173132b) C:\Windows\system32\drivers\pxkbf.sys
2011/07/27 00:10:39.0055 4436 pxrts (b48727195833a11dcbd10815b503909f) C:\Windows\system32\drivers\pxrts.sys
2011/07/27 00:10:39.0086 4436 pxscan (292fc70b3e129819a4cf191395b31fcb) C:\Windows\system32\drivers\pxscan.sys
2011/07/27 00:10:39.0258 4436 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/27 00:10:39.0304 4436 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/27 00:10:39.0429 4436 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/27 00:10:39.0570 4436 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/27 00:10:39.0648 4436 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/27 00:10:39.0741 4436 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/27 00:10:39.0819 4436 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/27 00:10:39.0897 4436 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/27 00:10:39.0928 4436 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/27 00:10:40.0006 4436 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/07/27 00:10:40.0100 4436 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/27 00:10:40.0178 4436 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/27 00:10:40.0318 4436 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/27 00:10:40.0412 4436 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/27 00:10:40.0537 4436 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/27 00:10:40.0833 4436 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/27 00:10:41.0270 4436 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/07/27 00:10:41.0551 4436 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/27 00:10:41.0676 4436 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/07/27 00:10:41.0925 4436 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/27 00:10:42.0612 4436 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/27 00:10:43.0002 4436 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/27 00:10:43.0860 4436 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/07/27 00:10:44.0343 4436 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/27 00:10:44.0967 4436 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/27 00:10:45.0669 4436 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/27 00:10:46.0075 4436 SndTAudio (fa11bef5d56168a3f4017ad41b74602e) C:\Windows\system32\drivers\SndTAudio.sys
2011/07/27 00:10:46.0683 4436 SndTDriverV32 (c88ead1e773c444f6abba21d01a83408) C:\Windows\system32\drivers\SndTDriverV32.sys
2011/07/27 00:10:46.0933 4436 SndTVideo (2b5b846841eee00395d97b78d987c976) C:\Windows\system32\DRIVERS\SndTVideo.sys
2011/07/27 00:10:47.0370 4436 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/27 00:10:48.0462 4436 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/07/27 00:10:48.0462 4436 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/27 00:10:48.0477 4436 sptd - detected LockedFile.Multi.Generic (1)
2011/07/27 00:10:49.0086 4436 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/27 00:10:49.0975 4436 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/27 00:10:50.0786 4436 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/27 00:10:51.0004 4436 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/27 00:10:51.0426 4436 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/27 00:10:51.0894 4436 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/27 00:10:52.0018 4436 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/27 00:10:52.0845 4436 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/27 00:10:53.0454 4436 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/27 00:10:54.0530 4436 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/27 00:10:55.0154 4436 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/27 00:10:56.0043 4436 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/27 00:10:56.0324 4436 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/27 00:10:56.0776 4436 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/27 00:10:57.0088 4436 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/27 00:10:57.0915 4436 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/27 00:10:58.0321 4436 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/27 00:10:59.0132 4436 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/27 00:11:00.0006 4436 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/27 00:11:00.0364 4436 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/27 00:11:00.0988 4436 uisp (1c768107ac5bd510686c8f0e4da30c48) C:\Windows\system32\Drivers\usbicp.sys
2011/07/27 00:11:01.0191 4436 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/27 00:11:01.0378 4436 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/27 00:11:01.0862 4436 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/27 00:11:02.0112 4436 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/27 00:11:02.0330 4436 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/27 00:11:03.0141 4436 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/27 00:11:04.0015 4436 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/27 00:11:04.0311 4436 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/27 00:11:05.0076 4436 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/27 00:11:05.0247 4436 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/27 00:11:05.0497 4436 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/27 00:11:06.0308 4436 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/27 00:11:06.0542 4436 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/27 00:11:07.0010 4436 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/27 00:11:07.0275 4436 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/27 00:11:07.0899 4436 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/27 00:11:08.0305 4436 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/27 00:11:09.0007 4436 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/27 00:11:09.0366 4436 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/07/27 00:11:10.0239 4436 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/27 00:11:11.0050 4436 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/07/27 00:11:11.0394 4436 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/27 00:11:11.0612 4436 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/27 00:11:11.0908 4436 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/27 00:11:11.0986 4436 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/27 00:11:12.0064 4436 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/27 00:11:12.0252 4436 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 00:11:12.0267 4436 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 00:11:12.0361 4436 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/27 00:11:12.0532 4436 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/27 00:11:12.0720 4436 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/27 00:11:12.0876 4436 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/27 00:11:13.0047 4436 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/27 00:11:13.0156 4436 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/27 00:11:13.0359 4436 xnacc (69d5c58a3a03f86196db66ee95435652) C:\Windows\system32\DRIVERS\xnacc.sys
2011/07/27 00:11:13.0437 4436 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\Windows\system32\DRIVERS\xusb21.sys
2011/07/27 00:11:13.0484 4436 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/27 00:11:13.0531 4436 Boot (0x1200) (9b51026172c24ae8193b817a77836f05) \Device\Harddisk0\DR0\Partition0
2011/07/27 00:11:13.0546 4436 ================================================================================
2011/07/27 00:11:13.0546 4436 Scan finished
2011/07/27 00:11:13.0546 4436 ================================================================================
2011/07/27 00:11:13.0546 5340 Detected object count: 1
2011/07/27 00:11:13.0546 5340 Actual detected object count: 1
2011/07/27 00:11:30.0628 5340 LockedFile.Multi.Generic(sptd) - User select action: Skip
  • 0

#10
emeraldnzl
Posted 26 July 2011 - 11:40 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again Starce*,

I think your computer is clean. Nevertheless I believe it is at risk because of the gaming connections and remote access so I do recommend you install some anti hacking/password protection programs. Something along the lines I outlined earlier.

Now

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

The aswMBR folder/file can be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.
  • Download from here Java Runtime Environment (JDK) Update
  • Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

    Reboot your computer.
    You also need to uininstall older versions of Java.
  • Click Start > Control Panel > Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

For ease of use, you might consider the following free program:---------------------------------------------------------------------------------------------------------------------

To reduce the amount of fragmentation in your machines file system occasionally run a defragmenter utility. You can use your built in program (Start > Programs > Accessories > System Tools > Disk Defragmentor) or alternatively here is a program you can download and use: Puran Disc Defragmenter

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

  • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

An antivirus program is essential.

Here are a three good anti-virus programs to choose from (these are also free for personal use):I like Avira but some people find the pop up advertisements each time it updates a bit trying.

A firewall is essential to help prevent hackers from infiltrating your computer.

Here are three good firewalls free for personal use:

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!
  • 0

#11
Starce*
Posted 26 July 2011 - 11:58 PM

Starce*

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Before you go there is one other thing I'm concerned about. When i was disabling some programs from running on start up I saw something called the L2 rage patch. I have no idea what this thing is but it doesnt look good.
  • 0

#12
emeraldnzl
Posted 27 July 2011 - 02:02 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

When i was disabling some programs from running on start up I saw something called the L2 rage patch. I have no idea what this thing is but it doesnt look good.


My guess is that that is a patch for one of the games you have had or have.

It seems to relate to something called Lineage 11.

Not malware though as far as I can see.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP