Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer running slow, possible -puma adware

Started by angelinhi , Feb 11 2012 02:32 PM

  • Please log in to reply

#1
angelinhi
Posted 11 February 2012 - 02:32 PM

angelinhi

    Member

  • Member
  • PipPip
  • 59 posts
My computer has been running slow and for a couple of days, I couldn't access gmail. I was being re-directed by one of the "puma" ad/malwares. It's not happening now but my internet still isn't running right. Can you please let me know if you find anything? Thank you in advance! Here are the OTL logs:

OTL logfile created on: 2/10/2012 7:08:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 34.84% Memory free
4.10 Gb Paging File | 2.88 Gb Available in Paging File | 70.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 43.16 Gb Free Space | 38.73% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 99.62 Gb Free Space | 89.39% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/10 16:55:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2012/02/01 18:49:25 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/01/03 03:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/06 17:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/12/06 17:21:24 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/12/06 17:21:08 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/09/13 01:48:58 | 000,664,192 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/11/30 15:00:00 | 000,608,584 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/09/24 13:19:08 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/04/10 20:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/08 05:22:17 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/08/01 07:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/07/29 14:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/29 14:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/07/24 13:54:18 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/07/24 13:54:10 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/07/18 14:04:36 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/07/02 08:35:52 | 000,850,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/06/19 14:52:48 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/02 06:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 08:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/01/16 16:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007/12/06 13:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/07/12 12:43:50 | 000,226,904 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/11 03:44:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 23:18:47 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/12 23:15:01 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 23:14:36 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 23:11:27 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 23:11:05 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2008/12/22 09:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/08/18 16:06:15 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008/08/18 16:06:14 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008/08/18 16:06:14 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008/07/29 14:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008/07/24 13:54:20 | 000,757,760 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/07/24 13:54:16 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008/04/28 06:49:18 | 000,002,560 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2007/01/08 16:25:30 | 000,034,352 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\richvideops.dll
MOD - [2003/06/07 10:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2012/01/03 03:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/06 17:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/12/06 17:21:24 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/12/06 17:21:08 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/10/18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/09/13 01:48:58 | 000,664,192 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe -- (GoogleIMEJaCacheService)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/09/24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2008/07/29 14:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/06/02 06:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 08:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/20 16:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 16:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/06 13:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/15 12:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 12:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 12:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 12:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 12:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 12:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 12:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 12:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 12:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/09/14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/01/11 17:51:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/10 18:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/07/18 14:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/06/10 15:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/02 06:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/30 16:17:54 | 000,093,968 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/19 16:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/02/29 12:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/18 19:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/20 16:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/16 16:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2006/11/02 18:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_4730z
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_4730z

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_4730z
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ButterScotch Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.theanimalrescuesite.com"
FF - prefs.js..extensions.enabledItems: {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://searchtronic....?i=61&tp=ab&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/02/10 19:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/02 23:27:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/08 10:37:48 | 000,000,000 | ---D | M]

[2009/03/30 10:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2009/03/30 10:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/02/08 10:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\4qaip1p4.default\extensions
[2011/11/17 23:09:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\4qaip1p4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/04/15 13:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\4qaip1p4.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}-trash
[2011/03/11 21:47:03 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\4qaip1p4.default\extensions\[email protected]
[2012/01/08 08:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4QAIP1P4.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2009/06/24 08:42:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/02/02 23:27:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 14:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/12 21:34:28 | 000,002,231 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\butterscotch_igeared.xml
[2011/11/11 19:14:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 11:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20111219210041.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON NX510 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Epson Stylus NX510(Network)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AccuWeatherDesktop.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.c...oad/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001BEA08-D210-47C8-8978-86F1F4299C4D}: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C966F92B-F884-40CE-8096-7E5FAFC26918}: DhcpNameServer = 192.168.200.1
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 11:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8269c758-9dbc-11de-95b7-001eecd540a1}\Shell - "" = AutoRun
O33 - MountPoints2\{8269c758-9dbc-11de-95b7-001eecd540a1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{bb93e533-3df4-11e0-b554-001eecd540a1}\Shell - "" = AutoRun
O33 - MountPoints2\{bb93e533-3df4-11e0-b554-001eecd540a1}\Shell\AutoRun\command - "" = G:\MI.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 19:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/02/10 15:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TERMINAL Studio
[2012/02/08 10:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/02/08 10:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/02/08 10:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/02/08 10:20:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/28 14:37:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2012 Pro Bowl Weekend
[2012/01/19 21:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2012/01/19 20:59:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SoftGrid Client
[2012/01/19 20:58:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2012/01/19 20:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/19 20:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012/01/19 20:53:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TP
[2012/01/11 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Pics to Order at Sam's
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008/08/18 16:18:26 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2012/02/10 19:04:43 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/10 19:04:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/02/10 19:04:20 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 19:04:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 19:04:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 19:04:06 | 2072,014,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/10 18:56:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/09 09:05:41 | 000,002,609 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/02/08 10:21:46 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/08 09:31:01 | 000,002,651 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/02/08 09:27:23 | 000,002,579 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2007.lnk
[2012/02/04 22:50:54 | 000,002,591 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Serif PhotoPlus SE.lnk
[2012/02/03 07:41:34 | 000,603,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/02 22:11:30 | 000,002,619 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2007.lnk
[2012/01/28 14:35:11 | 000,607,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/28 14:35:11 | 000,105,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/27 17:59:33 | 000,485,082 | ---- | M] () -- C:\Users\Owner\Documents\RPJ Monday Volleyball.pdf
[2012/01/26 18:16:07 | 000,273,716 | ---- | M] () -- C:\Users\Owner\Desktop\2012_Sign_Up_Waiver.jpg
[2012/01/26 17:44:10 | 001,391,641 | ---- | M] () -- C:\Users\Owner\Desktop\2012_Form.pdf
[2012/01/22 01:12:43 | 000,215,552 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/22 01:00:42 | 000,004,096 | -H-- | M] () -- C:\Users\Owner\AppData\Local\keyfile3.drm
[2012/01/20 19:44:51 | 000,000,026 | ---- | M] () -- C:\Windows\FXOPDMain.INI
[2012/01/20 19:44:34 | 000,000,026 | ---- | M] () -- C:\Windows\FXOPDPMSV.INI
[2012/01/15 17:38:22 | 003,996,476 | ---- | M] () -- C:\Users\Owner\Desktop\DSCF1696.JPG
[2012/01/15 17:06:24 | 004,265,042 | ---- | M] () -- C:\Users\Owner\Desktop\DSCF1693.JPG

========== Files Created - No Company Name ==========

[2012/02/08 10:21:46 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/08 10:21:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/31 19:24:03 | 000,273,716 | ---- | C] () -- C:\Users\Owner\Desktop\2012_Sign_Up_Waiver.jpg
[2012/01/31 19:23:51 | 001,391,641 | ---- | C] () -- C:\Users\Owner\Desktop\2012_Form.pdf
[2012/01/27 17:59:47 | 000,485,082 | ---- | C] () -- C:\Users\Owner\Documents\RPJ Monday Volleyball.pdf
[2012/01/21 01:10:02 | 003,996,476 | ---- | C] () -- C:\Users\Owner\Desktop\DSCF1696.JPG
[2012/01/21 01:08:45 | 004,275,789 | ---- | C] () -- C:\Users\Owner\Desktop\DSCF1444.JPG
[2012/01/21 00:59:09 | 004,265,042 | ---- | C] () -- C:\Users\Owner\Desktop\DSCF1693.JPG
[2011/10/30 01:44:53 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDMain.INI
[2011/10/30 01:43:25 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDPMSV.INI
[2011/10/05 21:57:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/10/05 21:57:13 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/10/05 21:56:59 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2010/08/28 14:04:45 | 000,000,077 | ---- | C] () -- C:\Windows\huffyuv.ini
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/08/14 23:53:36 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/14 20:20:22 | 000,004,096 | -H-- | C] () -- C:\Users\Owner\AppData\Local\keyfile3.drm
[2010/08/07 18:39:42 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/01/24 18:38:54 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/12/22 18:49:54 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2009/12/22 17:29:21 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/12/22 17:29:21 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/12/22 17:29:21 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/12/22 17:29:21 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/12/22 17:29:21 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/12/22 17:29:21 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/12/22 17:29:21 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/12/22 17:29:21 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/12/22 17:29:21 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/12/22 17:29:21 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/12/22 17:29:21 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/12/22 17:29:21 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/12/22 17:29:21 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/12/22 17:29:21 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/12/22 17:29:21 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/12/22 17:29:21 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/12/22 17:22:56 | 000,000,079 | ---- | C] () -- C:\Windows\EPNX510.ini
[2009/12/07 23:42:37 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/11/17 19:03:22 | 000,000,593 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/18 10:42:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/18 10:42:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/11 10:14:23 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/03/06 15:09:44 | 000,215,552 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/05 13:49:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/02/08 06:29:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/18 16:25:44 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/08/18 16:25:44 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/08/18 16:06:18 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/08/18 16:00:26 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/08/18 16:00:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/08/18 16:00:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/08/18 16:00:26 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/08/15 08:15:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/08/15 08:15:09 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2006/11/02 02:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 02:47:37 | 000,603,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 02:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:33:01 | 000,607,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 00:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 00:33:01 | 000,105,200 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 00:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 00:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/01 22:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/01 22:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 21:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 21:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 13:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 20:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 13:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 19:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/02/08 05:22:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acer
[2008/11/14 11:30:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acer GameZone Console
[2009/09/05 11:54:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Any Video Converter
[2010/09/27 11:08:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\aS Desktop
[2010/09/11 09:39:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Astroburn Lite
[2010/07/09 07:13:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Astroburn Pro
[2010/08/15 00:16:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\authorPOINT
[2010/07/31 18:47:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent
[2010/02/02 16:35:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2011/08/14 23:29:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2011/10/30 01:34:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Downloaded Installations
[2011/06/02 10:52:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
[2010/08/14 22:33:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EurekaLog
[2011/10/30 01:37:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FedEx
[2010/08/29 20:35:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GeoVid
[2011/09/12 21:35:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2010/08/23 17:34:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iSpring Solutions
[2009/02/08 05:22:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/09/08 19:57:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leawo
[2010/08/15 22:07:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Moyea
[2010/08/31 07:31:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2011/10/23 23:10:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Serif
[2009/05/03 11:37:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smith Micro
[2012/01/19 22:25:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2009/11/29 08:46:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\StreamTorrent
[2010/01/24 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2012/01/19 22:18:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2009/08/19 08:47:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2012/02/10 19:03:00 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\jet_plane.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\Eclipsed.mp3:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:F880DE59
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DAFD38AE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:0A8E2C33
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F65733F1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:4220A65C

< End of report >



OTL Extras logfile created on: 2/10/2012 7:08:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 34.84% Memory free
4.10 Gb Paging File | 2.88 Gb Available in Paging File | 70.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 43.16 Gb Free Space | 38.73% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 99.62 Gb Free Space | 89.39% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A0A6989-79E2-474D-9488-7E74C5899BDD}" = lport=445 | protocol=6 | dir=in | app=system |
"{42A57A19-2DFD-4007-892E-70DECCAA40E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{700B639D-9A81-4ED6-8AB2-A7A98A005013}" = lport=139 | protocol=6 | dir=in | app=system |
"{72992982-0D7E-4F90-A3A4-F85CD9938BD0}" = lport=137 | protocol=17 | dir=in | app=system |
"{7731F38F-89E6-4E8F-B91E-00DB9C9F5F57}" = rport=138 | protocol=17 | dir=out | app=system |
"{8465D927-A416-46FD-9B7E-2C2D2FE8FFE3}" = rport=139 | protocol=6 | dir=out | app=system |
"{86A7A430-E248-4BBB-9135-045067CFD59F}" = lport=138 | protocol=17 | dir=in | app=system |
"{92DC08B9-7566-44BE-BBF4-B8459DCA54A9}" = rport=137 | protocol=17 | dir=out | app=system |
"{92E392AD-A4D0-4903-AC5A-67E985042795}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B9CC2F4D-A9F7-42A4-B6B2-40C7344B9A0A}" = rport=445 | protocol=6 | dir=out | app=system |
"{CA43C62C-7943-4DBB-BB8F-487911EEF068}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09660FAD-536C-494D-ACBC-51DBB091DEEE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{24480BAF-E533-42B6-AE18-2590B80DE362}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{3B1ED892-4093-461E-AABC-68041B78F0C7}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3EAE10E2-B64F-4E2F-8F09-49F4B8EA7A86}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{47D6643D-63D9-4F5A-BDCF-7DB236C52AAA}" = protocol=6 | dir=in | app=c:\program files\fedex\fxopd\fxopdmain.exe |
"{49A66E1E-479D-4E61-8B58-DA4D84139436}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6D88527C-ABED-4785-A483-BF63AE6C9A68}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7CB686C8-45DE-4879-B9AC-370C001D1105}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7D0A405A-E0E1-494A-B6F3-7783805B39F2}" = protocol=17 | dir=in | app=c:\program files\fedex\fxopd\fxopdmain.exe |
"{846D20B2-1517-44A2-BA4F-E24F08E580CB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{84EF19A9-0523-404C-92D7-57550C341744}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{8646B962-A341-4713-9A43-BE038F5925B1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{86DFE56B-4860-4E7F-A107-01E17CC5DE38}" = protocol=1 | dir=in | [email protected],-28543 |
"{99DD92B3-D5A7-4D7F-B9B6-802F28EB85E8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{AC2926DC-A55C-41E5-B69D-F600119752F6}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{BC5BBF15-5F1D-4923-B1DD-9243026751FD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BF76E52F-7BD5-4290-A4FC-14D15A9AAA51}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C0392B46-7939-418D-A27C-F9C787FCE597}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{CA8D10B9-6477-4D28-976C-B828D16B4CEA}" = protocol=58 | dir=out | [email protected],-28546 |
"{CD9A0727-D80E-4773-ABF4-39AC1D96D026}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{E4A760A1-FEA1-4400-980F-9016C03E480B}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{E91CA141-668F-4031-8D98-4817D2B2090A}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{EB514056-5F01-4393-8C0B-2F57BEA7D072}" = protocol=1 | dir=out | [email protected],-28544 |
"{EB5E8E86-679E-440B-94C4-7E7F308F5A81}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{F28EE2DB-B950-40AA-8011-607566E2CC17}" = protocol=58 | dir=in | [email protected],-28545 |
"{F531E34F-E39D-402A-B865-E8E8A9F5DD28}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F948F09A-B8C2-413A-95C5-E625422C4E41}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{FED01425-9EF6-42F5-81AF-C3307948929F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{09339D07-D676-4F94-9D24-B2022C825C4A}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{146A7530-9A4A-4A44-B4AA-60FAD2BE7C01}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{15E5BE41-AFEF-473C-AFFF-C08FC5B103C4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{40021C80-01B4-4D90-A57F-62D18DA988FD}F:\my documents\zu-online\zuonline.exe" = protocol=6 | dir=in | app=f:\my documents\zu-online\zuonline.exe |
"TCP Query User{4A765522-D0DD-4DFD-9F93-2151CECD4323}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{55CF3746-9124-4282-AAE9-A7072F950706}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6FABDD0D-4B82-43EF-BC77-CE1FF198C0C9}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{7BAAD80D-76AB-4E59-BF58-A9A2A04DF4FA}F:\my documents\zu-online\bt_update.exe" = protocol=6 | dir=in | app=f:\my documents\zu-online\bt_update.exe |
"TCP Query User{911BC9B3-E9C7-4F33-B75F-CBBAF3A1AB77}F:\zu-online(2)\zuonline.exe" = protocol=6 | dir=in | app=f:\zu-online(2)\zuonline.exe |
"TCP Query User{CFAECD27-CDD7-4BEF-9544-C57A02C0FD21}D:\zu-online\bt_update.exe" = protocol=6 | dir=in | app=d:\zu-online\bt_update.exe |
"TCP Query User{D2D72EB1-AFDE-462F-A505-7B06FB6F19B0}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{E61BDC8E-94BF-4772-9225-77B64FA96AB7}F:\zu-online\zuonline.exe" = protocol=6 | dir=in | app=f:\zu-online\zuonline.exe |
"TCP Query User{E7AED573-7BA8-4BDE-8F08-9C25FDEC4C01}D:\zu-online\zuonline.exe" = protocol=6 | dir=in | app=d:\zu-online\zuonline.exe |
"UDP Query User{0111A1BE-A989-4368-96BC-41D3EFC82C37}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{568118F1-9F62-41AF-A88B-2AF357794FA9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{56C87BEA-6366-4E16-B348-A2E60B8906F7}D:\zu-online\bt_update.exe" = protocol=17 | dir=in | app=d:\zu-online\bt_update.exe |
"UDP Query User{5D2D3E10-3F0C-4E0D-88A7-F28B482397BD}F:\zu-online(2)\zuonline.exe" = protocol=17 | dir=in | app=f:\zu-online(2)\zuonline.exe |
"UDP Query User{77BC497D-8EB4-4DDE-8BCF-15E5C6129E22}F:\zu-online\zuonline.exe" = protocol=17 | dir=in | app=f:\zu-online\zuonline.exe |
"UDP Query User{7C3A4289-1380-4F4C-98B6-C35206BE9E5B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{87B35823-85E2-4C12-BB15-7B5C01589430}F:\my documents\zu-online\bt_update.exe" = protocol=17 | dir=in | app=f:\my documents\zu-online\bt_update.exe |
"UDP Query User{C9BF7DAC-5972-4CE2-9D1E-9436947F0D8B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CBEAD0B2-F530-4788-8688-8A735D581827}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{D8B745E1-4790-4EF2-A0C5-59EC9E1A7F46}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{DCAAD32A-A229-4FF6-97D8-AF7A351D321E}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{E533D773-9654-438F-85E0-23A2D9768553}F:\my documents\zu-online\zuonline.exe" = protocol=17 | dir=in | app=f:\my documents\zu-online\zuonline.exe |
"UDP Query User{F9B5926E-BCB9-45E2-B72C-2E693A3A2014}D:\zu-online\zuonline.exe" = protocol=17 | dir=in | app=d:\zu-online\zuonline.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{09234F0D-5971-4701-94EE-89CB6926E273}" = Serif PhotoPlus SE
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{2A9D6191-23DB-463E-BB1B-1642C9756B7C}" = Serif MoviePlus Starter Edition
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5B9AC19C-8519-43A1-9578-49CDA1366E66}" = FedEx Office Printer
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}" = The Rise of Atlantis
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113848220}" = Agatha Christie Peril at End House
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}" = Mythic Mahjong
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9ADCC18-3F99-43FC-809C-75E5C39FC8FE}" = Google 日本語入力
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.7
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"MSC" = McAfee SecurityCenter
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"StepMania" = StepMania (remove only)
"StreamTorrent 1.0" = StreamTorrent 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"ZipCentral_is1" = ZipCentral 4.01
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.452

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2011 10:39:46 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/10/2011 10:39:46 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/10/2011 10:39:46 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/10/2011 10:39:46 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/10/2011 10:39:47 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/10/2011 10:39:47 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/10/2011 10:39:47 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/10/2011 10:39:47 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/10/2011 10:39:47 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/10/2011 10:39:47 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 4/23/2009 5:31:31 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ ODiag Events ]
Error - 11/11/2010 8:55:15 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 81vb. Error code: N/A

[ OSession Events ]
Error - 7/31/2010 11:42:52 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 950
seconds with 240 seconds of active time. This session ended with a crash.

Error - 9/2/2010 5:56:27 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 2922
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 12/11/2010 1:13:20 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/25/2011 10:01:34 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6546.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 381
seconds with 240 seconds of active time. This session ended with a crash.

Error - 12/24/2011 5:31:58 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 122
seconds with 60 seconds of active time. This session ended with a crash.

Error - 1/26/2012 5:46:57 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6652.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 422
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/10/2012 10:47:11 PM | Computer Name = Owner-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_01401025&REV_00\4&1f1c355f&0&02E4)
disappeared from the system without first being prepared for removal.

Error - 2/10/2012 10:47:12 PM | Computer Name = Owner-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_01401025&REV_00\4&1f1c355f&0&03E4)
disappeared from the system without first being prepared for removal.

Error - 2/10/2012 10:47:12 PM | Computer Name = Owner-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_01401025&REV_00\4&1f1c355f&0&04E4)
disappeared from the system without first being prepared for removal.

Error - 2/11/2012 1:00:58 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 2/11/2012 1:04:14 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 2/11/2012 1:05:17 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description =

Error - 2/11/2012 1:09:00 AM | Computer Name = Owner-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_01401025&REV_00\4&1f1c355f&0&00E4)
disappeared from the system without first being prepared for removal.

Error - 2/11/2012 1:09:00 AM | Computer Name = Owner-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_01401025&REV_00\4&1f1c355f&0&02E4)
disappeared from the system without first being prepared for removal.

Error - 2/11/2012 1:09:00 AM | Computer Name = Owner-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_01401025&REV_00\4&1f1c355f&0&03E4)
disappeared from the system without first being prepared for removal.

Error - 2/11/2012 1:09:00 AM | Computer Name = Owner-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_01401025&REV_00\4&1f1c355f&0&04E4)
disappeared from the system without first being prepared for removal.


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 20 February 2012 - 06:31 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Uninstall
Java™ 6 Update 29
Java™ 6 Update 2 -get latest java from java.com
Adobe Flash Player 10 ActiveX -get latest flash from Adobe.com - Use IE
StreamTorrent 1.0 -P2P programs are dangerous

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://searchtronic.net/search?i=61&tp=ab&q="
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AccuWeatherDesktop.lnk = File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O33 - MountPoints2\{8269c758-9dbc-11de-95b7-001eecd540a1}\Shell - "" = AutoRun
O33 - MountPoints2\{8269c758-9dbc-11de-95b7-001eecd540a1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{bb93e533-3df4-11e0-b554-001eecd540a1}\Shell - "" = AutoRun
O33 - MountPoints2\{bb93e533-3df4-11e0-b554-001eecd540a1}\Shell\AutoRun\command - "" = G:\MI.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\jet_plane.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\Eclipsed.mp3:TOC.WMV
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:F880DE59
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DAFD38AE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:0A8E2C33
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F65733F1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:4220A65C

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config RoxLiveShare9 start= disabled /c
sc config wsearch start= disabled /c
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Copy and paste the log.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwareby...lwarebytes_free

SAVE the free version of Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator


uncheck trace disk IO calls
Click the "Scan" button to start scan (allow the Avast engine)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Ron
  • 0

#3
angelinhi
Posted 23 February 2012 - 03:28 AM

angelinhi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Here's the log:

========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "http://searchtronic....?i=61&tp=ab&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OE deleted successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AccuWeatherDesktop.lnk moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8269c758-9dbc-11de-95b7-001eecd540a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8269c758-9dbc-11de-95b7-001eecd540a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8269c758-9dbc-11de-95b7-001eecd540a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8269c758-9dbc-11de-95b7-001eecd540a1}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb93e533-3df4-11e0-b554-001eecd540a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb93e533-3df4-11e0-b554-001eecd540a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb93e533-3df4-11e0-b554-001eecd540a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb93e533-3df4-11e0-b554-001eecd540a1}\ not found.
File G:\MI.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe -a not found.
ADS C:\Users\Owner\Desktop\jet_plane.mp3:TOC.WMV deleted successfully.
ADS C:\Users\Owner\Desktop\Eclipsed.mp3:TOC.WMV deleted successfully.
ADS C:\ProgramData\Temp:F880DE59 deleted successfully.
ADS C:\ProgramData\Temp:DAFD38AE deleted successfully.
ADS C:\ProgramData\Temp:0A8E2C33 deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:F65733F1 deleted successfully.
ADS C:\ProgramData\Temp:BB24555F deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:4220A65C deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< sc config RoxLiveShare9 start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< sc config wsearch start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 487 bytes

User: Owner
->Flash cache emptied: 15853033 bytes

User: Public

Total Flash Files Cleaned = 15.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 7490096 bytes

User: Owner
->Java cache emptied: 1 bytes

User: Public

Total Java Files Cleaned = 7.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02222012_231212

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
angelinhi
Posted 23 February 2012 - 03:55 AM

angelinhi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.23.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Owner :: OWNER-PC [administrator]

2/22/2012 11:35:14 PM
mbam-log-2012-02-22 (23-35-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200962
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#5
angelinhi
Posted 23 February 2012 - 11:29 AM

angelinhi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I ran the combofix but there is no log - I left it to run and went to bed then this morning I had to reboot. :confused: I also ran tdss as instructed but again, there is no log anywhere.

I have to go to work but I'll do the rest later. Thank you much.
  • 0

#6
angelinhi
Posted 23 February 2012 - 11:50 PM

angelinhi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-23 18:43:02
-----------------------------
18:43:02.656 OS Version: Windows 6.0.6002 Service Pack 2
18:43:02.657 Number of processors: 2 586 0xF0D
18:43:02.659 ComputerName: OWNER-PC UserName: Owner
18:43:35.767 Initialize success
18:44:02.756 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:44:02.764 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 3
18:44:02.793 Disk 0 MBR read successfully
18:44:02.798 Disk 0 MBR scan
18:44:02.803 Disk 0 unknown MBR code
18:44:02.810 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63
18:44:02.831 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114116 MB offset 20981760
18:44:02.855 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 114113 MB offset 254691328
18:44:02.865 Disk 0 scanning sectors +488394752
18:44:02.982 Disk 0 scanning C:\Windows\system32\drivers
18:44:13.293 Service scanning
18:44:36.709 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:44:43.314 Modules scanning
18:45:00.368 Scan finished successfully
18:56:13.817 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
18:56:13.862 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

FIX button not enabled.


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 23/02/2012 7:45:06 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/02/2012 5:13:52 AM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_01401025&REV_00\4&1f1c355f&0&04E4) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 24/02/2012 5:13:52 AM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_01401025&REV_00\4&1f1c355f&0&03E4) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 24/02/2012 5:13:52 AM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_01401025&REV_00\4&1f1c355f&0&02E4) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 24/02/2012 5:13:52 AM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_01401025&REV_00\4&1f1c355f&0&00E4) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 24/02/2012 5:10:27 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The event description cannot be found.

Log: 'System' Date/Time: 24/02/2012 5:10:27 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The event description cannot be found.

Log: 'System' Date/Time: 24/02/2012 5:10:10 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/02/2012 5:08:02 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 23/02/2012 7:46:08 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/02/2012 5:09:36 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=C68}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: OWNER-PC Operating System: Windows Vista 32-bit Service Pack 2.0 Build 6002 OSD Command:

Log: 'Application' Date/Time: 24/02/2012 5:09:27 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=C68}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)


Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 84.05 0 K 24 K
procexp.exe 5660 9.11 18,772 K 27,856 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
dwm.exe 1620 4.56 46,468 K 33,560 K Desktop Window Manager Microsoft Corporation
System 4 0.76 0 K 1,304 K
Interrupts n/a 0.76 0 K 0 K Hardware Interrupts and DPCs
ApMsgFwd.exe 4220 0.76 824 K 376 K ApMsgFwd Alps Electric Co., Ltd.
plugin-container.exe 2280 < 0.01 19,384 K 10,896 K Plugin Container for Firefox Mozilla Corporation
csrss.exe 744 < 0.01 2,504 K 5,596 K Client Server Runtime Process Microsoft Corporation
svchost.exe 1180 < 0.01 74,784 K 68,668 K Host Process for Windows Services Microsoft Corporation
lsass.exe 788 < 0.01 4,096 K 3,508 K Local Security Authority Process Microsoft Corporation
explorer.exe 868 < 0.01 35,108 K 36,228 K Windows Explorer Microsoft Corporation
LManager.exe 2980 < 0.01 10,040 K 1,932 K Launch Manager Dritek System Inc.
csrss.exe 688 < 0.01 2,156 K 2,388 K Client Server Runtime Process Microsoft Corporation
lsm.exe 796 < 0.01 1,972 K 1,492 K Local Session Manager Service Microsoft Corporation
wmpnetwk.exe 4388 < 0.01 4,236 K 1,584 K Windows Media Player Network Sharing Service Microsoft Corporation
Apoint.exe 3928 < 0.01 2,608 K 992 K Alps Pointing-device Driver Alps Electric Co., Ltd.
CLMLSvc.exe 2716 < 0.01 7,684 K 2,580 K CyberLink MediaLibray Service CyberLink
ePower_DMC.exe 2744 < 0.01 20,500 K 3,744 K Acer ePower Management - DMC Acer Inc.
EEventManager.exe 3736 < 0.01 4,852 K 2,252 K EEventManager Application SEIKO EPSON CORPORATION
services.exe 776 < 0.01 2,880 K 2,252 K Services and Controller app Microsoft Corporation
eEBSvc.exe 508 < 0.01 3,176 K 612 K eEBAPI Core Process module SEIKO EPSON CORPORATION
BkupTray.exe 3856 < 0.01 1,212 K 552 K NTI Backup Now 5 Tray Module
SchedulerSvc.exe 2392 < 0.01 3,740 K 1,224 K
SearchIndexer.exe 2816 < 0.01 40,020 K 8,868 K Microsoft Windows Search Indexer Microsoft Corporation
spoolsv.exe 1748 < 0.01 9,676 K 4,536 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1048 < 0.01 4,012 K 3,240 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1416 < 0.01 8,812 K 4,400 K Host Process for Windows Services Microsoft Corporation
mcshield.exe 2932 < 0.01 214,628 K 69,816 K McAfee On-Access Scanner service McAfee, Inc.
McSvHost.exe 3188 < 0.01 33,360 K 16,928 K McAfee Service Host McAfee, Inc.
taskeng.exe 1824 < 0.01 9,800 K 3,624 K Task Scheduler Engine Microsoft Corporation
ETService.exe 668 < 0.01 20,912 K 2,672 K Acer Empowering Technology Framework Service
sftlist.exe 3092 < 0.01 5,656 K 1,160 K Microsoft Application Virtualization Client Service Microsoft Corporation
svchost.exe 1196 < 0.01 73,528 K 17,832 K Host Process for Windows Services Microsoft Corporation
ZuneLauncher.exe 3024 1,612 K 1,532 K Zune Auto-Launcher Microsoft Corporation
WZQKPICK.EXE 4228 2,000 K 1,744 K WinZip Executable WinZip Computing, S.L.
wmpnscfg.exe 3048 1,792 K 2,356 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 2408 3,292 K 3,064 K WMI Provider Host Microsoft Corporation
winlogon.exe 900 2,036 K 1,988 K Windows Logon Application Microsoft Corporation
wininit.exe 732 1,236 K 332 K Windows Start-Up Application Microsoft Corporation
unsecapp.exe 4516 2,588 K 1,696 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
taskeng.exe 2088 1,948 K 1,824 K Task Scheduler Engine Microsoft Corporation
svchost.exe 1776 10,840 K 5,196 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1584 15,896 K 7,240 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1116 15,120 K 6,468 K Host Process for Windows Services Microsoft Corporation
svchost.exe 988 3,360 K 2,756 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2424 1,744 K 552 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2724 4,460 K 776 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2772 648 K 404 K Host Process for Windows Services Microsoft Corporation
svchost.exe 5068 2,180 K 604 K Host Process for Windows Services Microsoft Corporation
smss.exe 620 292 K 164 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1344 6,140 K 1,480 K Microsoft Software Licensing Service Microsoft Corporation
sftvsa.exe 2692 1,380 K 384 K Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation
RtkBtMnt.exe 3872 2,484 K 384 K Realtek HD Audio Data Rerouter Realtek Semiconductor Corp.
RtHDVCpl.exe 3800 9,232 K 2,244 K HD Audio Control Panel Realtek Semiconductor
RichVideo.exe 2452 1,196 K 552 K RichVideo Module
PMVService.exe 1012 3,836 K 1,024 K Acer Arcade Deluxe PlayMovie Resident Program Acer Corp.
MobilityService.exe 2236 11,304 K 732 K app
mfevtps.exe 2212 7,536 K 5,992 K McAfee Process Validation Service McAfee, Inc.
mfefire.exe 3052 3,520 K 1,588 K McAfee Core Firewall Service McAfee, Inc.
mcagent.exe 2624 21,200 K 2,200 K McAfee Security Center McAfee, Inc.
LSSrvc.exe 2164 1,032 K 268 K Hewlett-Packard Company
ISUSPM.exe 4180 1,756 K 3,048 K Macrovision Software Manager Macrovision Corporation
igfxsrvc.exe 3180 2,548 K 2,560 K igfxsrvc Module Intel Corporation
igfxsrvc.exe 4128 1,592 K 1,068 K igfxsrvc Module Intel Corporation
igfxpers.exe 1804 1,688 K 2,160 K persistence Module Intel Corporation
igfxext.exe 2836 1,076 K 1,016 K igfxext Module Intel Corporation
hkcmd.exe 4084 2,232 K 1,640 K hkcmd Module Intel Corporation
GrooveMonitor.exe 3948 3,012 K 2,608 K GrooveMonitor Utility Microsoft Corporation
GoogleIMEJaCacheService.exe 2132 1,252 K 54,396 K Google 日本語入力 キャッシュサービス Google Inc.
GoogleCrashHandler.exe 3656 1,032 K 244 K Google Crash Handler Google Inc.
firefox.exe 3588 143,588 K 117,052 K Firefox Mozilla Corporation
ehtray.exe 3908 1,612 K 1,472 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 4264 1,524 K 2,476 K Media Center Media Status Aggregator Service Microsoft Corporation
eDSService.exe 364 1,344 K 444 K Acer eDataSecurity Management Service Egis Incorporated
eDSLoader.exe 3832 11,556 K 3,576 K Acer eDataSecurity Management Loader Egis Incorporated
CVHSVC.EXE 3812 5,888 K 1,604 K Microsoft Office Client Virtualization Service Microsoft Corporation
conime.exe 4288 1,692 K 1,360 K Console IME Microsoft Corporation
CLHNService.exe 1044 984 K 392 K CLHNService Module
BackupSvc.exe 2304 4,296 K 784 K NTI Backup Now 5 BackupSvc Application NewTech InfoSystems, Inc.
audiodg.exe 1304 15,952 K 13,344 K Windows Audio Device Graph Isolation Microsoft Corporation
armsvc.exe 1524 2,096 K 336 K Adobe Acrobat Update Service Adobe Systems Incorporated
ArcadeDeluxeAgent.exe 2940 3,924 K 2,040 K Acer Arcade Deluxe Resident Program CyberLink Corp.
ApntEx.exe 4432 1,600 K 1,780 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
agrsmsvc.exe 1516 736 K 236 K Agere Soft Modem Call Progress Service Agere Systems
Agentsvc.exe 2040 1,436 K 608 K NTI Backup Now 5 Agent service. NewTech Infosystems, Inc.
  • 0

#7
RKinner
Posted 24 February 2012 - 01:18 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Did you look in C:\Combofix.txt?

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

notepad  \combofix.txt

notepad  \tdsskiller.txt

There is also a Report button at the top right of the tdsskiller window. You can probably force a log that way.

Do you know what 'JMB38X xD Host Controller' is? Probably a camera card reader. Your event logs show it being removed without preparation. Any idea why it would be doing that? Did you unplug anything between the time you cleared the alarms and the time you ran VEW?

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v
  • 0

#8
angelinhi
Posted 24 February 2012 - 02:13 AM

angelinhi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I looked inside the ComboFix folder instead of down the main list...here's the log:

ComboFix 12-02-22.01 - Owner 02/23/2012 0:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1977.1107 [GMT -10:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AudioDecoderFilterGraph.txt
c:\users\Owner\AppData\Roaming\EurekaLog
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
c:\windows\system32\service
c:\windows\system32\service\02082009_TIS17_SfFniAU.log
c:\windows\system32\service\06042009_TIS17_SfFniAU.log
c:\windows\system32\service\06082009_TIS17_SfFniAU.log
c:\windows\system32\service\06112009_TIS17_SfFniAU.log
c:\windows\system32\service\07082010_TIS17_SfFniAU.log
c:\windows\system32\service\08042009_TIS17_SfFniAU.log
c:\windows\system32\service\09022011_TIS17_SfFniAU.log
c:\windows\system32\service\09032009_TIS17_SfFniAU.log
c:\windows\system32\service\12052009_TIS17_SfFniAU.log
c:\windows\system32\service\12052010_TIS17_SfFniAU.log
c:\windows\system32\service\12092009_TIS17_SfFniAU.log
c:\windows\system32\service\17092009_TIS17_SfFniAU.log
c:\windows\system32\service\21032009_TIS17_SfFniAU.log
c:\windows\system32\service\21092009_TIS17_SfFniAU.log
c:\windows\system32\service\24032011_TIS17_SfFniAU.log
c:\windows\system32\service\29042009_TIS17_SfFniAU.log
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
.
.
2012-02-23 11:03 . 2012-02-23 16:54 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-02-23 09:32 . 2012-02-23 09:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-02-23 09:32 . 2012-02-23 09:32 -------- d-----w- c:\programdata\Malwarebytes
2012-02-23 09:32 . 2012-02-23 09:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-23 09:32 . 2011-12-11 01:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 09:12 . 2012-02-23 09:12 -------- d-----w- C:\_OTL
2012-02-15 05:28 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 05:28 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 05:28 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-11 01:54 . 2012-02-11 01:54 -------- d-----w- c:\programdata\TERMINAL Studio
2012-02-08 20:39 . 2012-02-08 20:40 -------- d-----w- c:\program files\QuickTime
2012-02-08 20:39 . 2012-02-08 20:39 -------- d-----w- c:\programdata\Apple Computer
2012-02-01 12:14 . 2012-02-01 12:14 1449016 ----a-w- c:\windows\system32\GIMEJa.ime
2012-01-25 17:46 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 17:46 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-25 17:46 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-25 17:46 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-25 17:46 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-25 17:46 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 19:06 . 2010-06-03 04:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-16 06:40 . 2011-05-19 19:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-07 03:25 . 2011-04-08 02:41 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-18 04:38 . 2011-10-06 05:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-15 00:01 . 2011-04-08 03:35 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ------w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-20 6244896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-22 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-19 167936]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1318816]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-25 421888]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-11-30 608584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 19:42]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 19:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=vp32&d=1108&m=aspire_4730z
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.200.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4qaip1p4.default\
FF - prefs.js: browser.startup.homepage - www.theanimalrescuesite.com
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-StepMania - f:\stepmania\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-23 06:54
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2492)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\mfevtps.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\windows\system32\conime.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-02-23 07:01:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-23 17:01
.
Pre-Run: 43,939,799,040 bytes free
Post-Run: 43,544,657,920 bytes free
.
- - End Of File - - 26AC32C4AD28C32820CEE20A3DD1F3DC


I tried the 2 things you recommended. The command prompt brought up nothing and this is the only thing that came up:
21:35:41.0360 4200 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
21:35:43.0395 4200 ============================================================
21:35:43.0395 4200 Current date / time: 2012/02/23 21:35:43.0395
21:35:43.0395 4200 SystemInfo:
21:35:43.0395 4200
21:35:43.0395 4200 OS Version: 6.0.6002 ServicePack: 2.0
21:35:43.0395 4200 Product type: Workstation
21:35:43.0395 4200 ComputerName: OWNER-PC
21:35:43.0396 4200 UserName: Owner
21:35:43.0396 4200 Windows directory: C:\Windows
21:35:43.0396 4200 System windows directory: C:\Windows
21:35:43.0396 4200 Processor architecture: Intel x86
21:35:43.0396 4200 Number of processors: 2
21:35:43.0396 4200 Page size: 0x1000
21:35:43.0396 4200 Boot type: Normal boot
21:35:43.0396 4200 ============================================================
21:35:45.0220 4200 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:35:45.0224 4200 \Device\Harddisk0\DR0:
21:35:45.0225 4200 MBR used
21:35:45.0225 4200 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0xDEE2000
21:35:45.0225 4200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2E4800, BlocksNum 0xDEE0800
21:35:45.0345 4200 Initialize success
21:35:45.0345 4200 ============================================================

I don't know what JMB38X xD Host Controller is, I didn't do anything in between.


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 4730Z
Logical Drives Mask: 0x0001003c

Kernel Drivers (total 166):
0x8263E000 \SystemRoot\system32\ntkrnlpa.exe
0x8260B000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80673000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80681000 \SystemRoot\System32\Drivers\spxm.sys
0x80774000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8077D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807A3000 \SystemRoot\system32\drivers\acpi.sys
0x807E9000 \SystemRoot\system32\drivers\msisadrv.sys
0x805BE000 \SystemRoot\system32\drivers\pci.sys
0x807F1000 \SystemRoot\System32\drivers\partmgr.sys
0x805E5000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x805E8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x87E08000 \SystemRoot\system32\drivers\volmgr.sys
0x87E17000 \SystemRoot\System32\drivers\volmgrx.sys
0x87E61000 \SystemRoot\System32\drivers\mountmgr.sys
0x87E71000 \SystemRoot\System32\Drivers\UBHelper.sys
0x87E79000 \SystemRoot\system32\drivers\atapi.sys
0x87E81000 \SystemRoot\system32\drivers\ataport.SYS
0x87E9F000 \SystemRoot\system32\drivers\msahci.sys
0x87EA9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x87EB7000 \SystemRoot\system32\drivers\fltmgr.sys
0x87EE9000 \SystemRoot\system32\drivers\fileinfo.sys
0x87EF9000 \SystemRoot\system32\drivers\mfehidk.sys
0x87F68000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x87F71000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8800D000 \SystemRoot\system32\drivers\ndis.sys
0x88118000 \SystemRoot\system32\drivers\msrpc.sys
0x88143000 \SystemRoot\system32\drivers\NETIO.SYS
0x88208000 \SystemRoot\System32\drivers\tcpip.sys
0x882F2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88402000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88512000 \SystemRoot\system32\drivers\volsnap.sys
0x8854B000 \SystemRoot\System32\Drivers\spldr.sys
0x88553000 \SystemRoot\System32\Drivers\mup.sys
0x88562000 \SystemRoot\System32\drivers\ecache.sys
0x88589000 \SystemRoot\system32\drivers\disk.sys
0x8859A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885BB000 \SystemRoot\system32\drivers\crcdisk.sys
0x885E6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x885F1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8830D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C20D000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8CB2A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CBCA000 \SystemRoot\System32\drivers\watchdog.sys
0x8CBD6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8831C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CBE1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8835A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BE0D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8BEF1000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8BF2A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8BF2E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8BF41000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8BF4B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BF56000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8BF83000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BF8E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BFA6000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8BFAE000 \SystemRoot\System32\Drivers\ako5utcp.SYS
0x8BFE7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8817E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x881AD000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BFF0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x883E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D023000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D032000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D046000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D05B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D06B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D06D000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D097000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D0A1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D0AE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D0E3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D208000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D414000 \SystemRoot\system32\drivers\portcls.sys
0x8D441000 \SystemRoot\system32\drivers\drmk.sys
0x8D466000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8D58C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D58E000 \SystemRoot\system32\drivers\modem.sys
0x8D59B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D5A4000 \SystemRoot\System32\Drivers\Null.SYS
0x8D5AB000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D5B2000 \SystemRoot\System32\drivers\vga.sys
0x8D5BE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D5DF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D5E7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D5EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D0F4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D102000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D10B000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8D132000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D148000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D15C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D18E000 \SystemRoot\system32\drivers\afd.sys
0x8D1D6000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8D1DF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CBF0000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x881EE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x87FE3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D606000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D642000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0x8D646000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D650000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D667000 \SystemRoot\system32\drivers\mfeavfk.sys
0x8D692000 \SystemRoot\system32\drivers\mfefirek.sys
0x8D6E3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D6EC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D6FC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D703000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D70B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D718000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D723000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x96670000 \SystemRoot\System32\win32k.sys
0x8D72D000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D737000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96890000 \SystemRoot\System32\TSDDD.dll
0x968B0000 \SystemRoot\System32\cdd.dll
0x968C0000 \SystemRoot\System32\ATMFD.DLL
0x8D746000 \SystemRoot\system32\drivers\luafv.sys
0x8D761000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x8D76A000 \SystemRoot\system32\drivers\WudfPf.sys
0xA940F000 \SystemRoot\system32\drivers\spsys.sys
0xA94BF000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA94D1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA94E1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA950B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9515000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA9528000 \SystemRoot\system32\drivers\HTTP.sys
0xA9595000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA95B2000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA95CB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8D784000 \SystemRoot\system32\drivers\mrxdav.sys
0xA95E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8D7A5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8D7DE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA9A05000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9A2D000 \SystemRoot\System32\DRIVERS\srv.sys
0xA9A7C000 \??\C:\Windows\system32\drivers\int15.sys
0xA9A83000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xA9AA1000 \SystemRoot\system32\drivers\peauth.sys
0xA9B7F000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xA9B88000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xA9B9A000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE00E000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0xAE0A2000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0xAE0D8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE0E4000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0xAE130000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0xAE139000 \SystemRoot\system32\drivers\mfeapfk.sys
0xAE155000 \SystemRoot\system32\drivers\mfebopk.sys
0xAE162000 \SystemRoot\system32\drivers\cfwids.sys
0xAE16F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAE185000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0xAE18F000 \??\C:\Windows\system32\Drivers\PROCEXP152.SYS
0x77CD0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 87):
0 System Idle Process
4 System
620 C:\Windows\System32\smss.exe
688 csrss.exe
732 C:\Windows\System32\wininit.exe
744 csrss.exe
776 C:\Windows\System32\services.exe
788 C:\Windows\System32\lsass.exe
796 C:\Windows\System32\lsm.exe
900 C:\Windows\System32\winlogon.exe
988 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\audiodg.exe
1344 C:\Windows\System32\SLsvc.exe
1416 C:\Windows\System32\svchost.exe
1584 C:\Windows\System32\svchost.exe
1748 C:\Windows\System32\spoolsv.exe
1776 C:\Windows\System32\svchost.exe
508 C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
1524 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1620 C:\Windows\System32\dwm.exe
1824 C:\Windows\System32\taskeng.exe
1516 C:\Windows\System32\agrsmsvc.exe
2040 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1044 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
868 C:\Windows\explorer.exe
364 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
668 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2088 C:\Windows\System32\taskeng.exe
2132 C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
2164 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2212 C:\Windows\System32\mfevtps.exe
2236 C:\ACER\Mobility Center\MobilityService.exe
2304 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2392 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2424 C:\Windows\System32\svchost.exe
2452 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2692 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
2724 C:\Windows\System32\svchost.exe
2772 C:\Windows\System32\svchost.exe
2816 C:\Windows\System32\SearchIndexer.exe
2932 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
3052 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
3092 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
3188 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
3656 C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
3800 C:\Windows\RtHDVCpl.exe
3812 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3832 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
3856 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
3928 C:\Program Files\Apoint2K\Apoint.exe
2408 WmiPrvSE.exe
3180 C:\Windows\System32\igfxsrvc.exe
2980 C:\Program Files\Launch Manager\LManager.exe
2744 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
2940 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
2716 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
1012 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
3736 C:\Program Files\Epson Software\Event Manager\EEventManager.exe
3948 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3024 C:\Program Files\Zune\ZuneLauncher.exe
4084 C:\Windows\System32\hkcmd.exe
1804 C:\Windows\System32\igfxpers.exe
3908 C:\Windows\ehome\ehtray.exe
2836 C:\Windows\System32\igfxext.exe
3048 C:\Program Files\Windows Media Player\wmpnscfg.exe
3872 C:\Users\Owner\AppData\Local\temp\RtkBtMnt.exe
4128 C:\Windows\System32\igfxsrvc.exe
4180 C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
4220 C:\Program Files\Apoint2K\ApMsgFwd.exe
4228 C:\Program Files\WinZip\WZQKPICK.EXE
4264 C:\Windows\ehome\ehmsas.exe
4388 C:\Program Files\Windows Media Player\wmpnetwk.exe
4432 C:\Program Files\Apoint2K\ApntEx.exe
4516 C:\Windows\System32\wbem\unsecapp.exe
5068 C:\Windows\System32\svchost.exe
4288 C:\Windows\System32\conime.exe
5060 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
4492 C:\Program Files\Mozilla Firefox\firefox.exe
5912 C:\Program Files\Mozilla Firefox\plugin-container.exe
4040 C:\Program Files\McAfee.com\Agent\mcagent.exe
5656 C:\Windows\System32\SearchProtocolHost.exe
3476 C:\Windows\System32\SearchFilterHost.exe
5008 C:\Users\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5c900000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Acer MBR code detected
SHA1: 12ADB8D1AD8327A4A2FA5865BC87234485F25003


Done!

Posted Image

Attached Files


  • 0

#9
RKinner
Posted 24 February 2012 - 02:38 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It looks like TDSSKiller started but never finished. Delete your old copy of TDSSKiller, pause McAfee and download a new copy and run it, See if you have better luck this time.

It looks like your PC is running a bit hot. Uninstall Speccy and download and install Speedfan:

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help. Check all ventws to make sure they are not blocked with dust.

How is it running now?
  • 0

#10
RKinner
Posted 24 February 2012 - 02:46 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I've got to go to bed now. Almost 1 am here.

If it is still acting up then try:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#11
angelinhi
Posted 24 February 2012 - 03:03 AM

angelinhi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Thank you for all your help! I gotta head to bed too so I'll continue this tmw and post then.
  • 0

#12
angelinhi
Posted 24 February 2012 - 11:28 PM

angelinhi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
TY so much again for all of your help. Here's the TDSS log. I didn't do the last 2 things you recommended yet b/c I don't have time yet to sit & do it (gotta work again, augh). My computer seems to be running OK at this point so maybe it's all good. Please let me know if this log indicates otherwise. Oh - can I remove/delete the items you told me to download and run?


19:17:37.0163 4796 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
19:17:38.0817 4796 ============================================================
19:17:38.0817 4796 Current date / time: 2012/02/24 19:17:38.0817
19:17:38.0817 4796 SystemInfo:
19:17:38.0817 4796
19:17:38.0817 4796 OS Version: 6.0.6002 ServicePack: 2.0
19:17:38.0817 4796 Product type: Workstation
19:17:38.0818 4796 ComputerName: OWNER-PC
19:17:38.0818 4796 UserName: Owner
19:17:38.0818 4796 Windows directory: C:\Windows
19:17:38.0818 4796 System windows directory: C:\Windows
19:17:38.0818 4796 Processor architecture: Intel x86
19:17:38.0818 4796 Number of processors: 2
19:17:38.0818 4796 Page size: 0x1000
19:17:38.0818 4796 Boot type: Normal boot
19:17:38.0818 4796 ============================================================
19:17:40.0287 4796 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:17:40.0293 4796 \Device\Harddisk0\DR0:
19:17:40.0295 4796 MBR used
19:17:40.0295 4796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0xDEE2000
19:17:40.0295 4796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2E4800, BlocksNum 0xDEE0800
19:17:40.0393 4796 Initialize success
19:17:40.0393 4796 ============================================================
19:17:44.0638 4664 ============================================================
19:17:44.0638 4664 Scan started
19:17:44.0638 4664 Mode: Manual;
19:17:44.0639 4664 ============================================================
19:17:46.0308 4664 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:17:46.0318 4664 ACPI - ok
19:17:46.0459 4664 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:17:46.0472 4664 adp94xx - ok
19:17:46.0532 4664 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:17:46.0542 4664 adpahci - ok
19:17:46.0632 4664 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:17:46.0637 4664 adpu160m - ok
19:17:46.0689 4664 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:17:46.0695 4664 adpu320 - ok
19:17:46.0999 4664 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:17:47.0056 4664 AFD - ok
19:17:47.0233 4664 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
19:17:47.0273 4664 AgereSoftModem - ok
19:17:47.0379 4664 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:17:47.0382 4664 agp440 - ok
19:17:47.0454 4664 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:17:47.0458 4664 aic78xx - ok
19:17:47.0570 4664 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:17:47.0572 4664 aliide - ok
19:17:47.0613 4664 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:17:47.0617 4664 amdagp - ok
19:17:47.0712 4664 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:17:47.0714 4664 amdide - ok
19:17:47.0759 4664 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:17:47.0762 4664 AmdK7 - ok
19:17:47.0912 4664 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:17:47.0915 4664 AmdK8 - ok
19:17:47.0981 4664 ApfiltrService (0ed1a5b7a8ae5939a92ea1ec39e16d21) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:17:47.0988 4664 ApfiltrService - ok
19:17:48.0114 4664 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:17:48.0118 4664 arc - ok
19:17:48.0176 4664 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:17:48.0180 4664 arcsas - ok
19:17:48.0285 4664 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:17:48.0288 4664 AsyncMac - ok
19:17:48.0339 4664 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:17:48.0340 4664 atapi - ok
19:17:48.0498 4664 athr (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
19:17:48.0529 4664 athr - ok
19:17:48.0716 4664 BCM43XX (e22abcaa7b6ff580feb0d49545dc4263) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:17:48.0751 4664 BCM43XX - ok
19:17:48.0932 4664 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:17:48.0934 4664 Beep - ok
19:17:49.0001 4664 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:17:49.0004 4664 blbdrive - ok
19:17:49.0101 4664 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:17:49.0105 4664 bowser - ok
19:17:49.0182 4664 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:17:49.0184 4664 BrFiltLo - ok
19:17:49.0260 4664 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:17:49.0263 4664 BrFiltUp - ok
19:17:49.0350 4664 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:17:49.0354 4664 Brserid - ok
19:17:49.0402 4664 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:17:49.0406 4664 BrSerWdm - ok
19:17:49.0493 4664 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:17:49.0496 4664 BrUsbMdm - ok
19:17:49.0563 4664 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:17:49.0566 4664 BrUsbSer - ok
19:17:49.0669 4664 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:17:49.0672 4664 BTHMODEM - ok
19:17:49.0831 4664 catchme - ok
19:17:49.0967 4664 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:17:49.0971 4664 cdfs - ok
19:17:50.0071 4664 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:17:50.0075 4664 cdrom - ok
19:17:50.0211 4664 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
19:17:50.0214 4664 cfwids - ok
19:17:50.0306 4664 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:17:50.0309 4664 circlass - ok
19:17:50.0372 4664 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:17:50.0381 4664 CLFS - ok
19:17:50.0548 4664 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:17:50.0551 4664 CmBatt - ok
19:17:50.0590 4664 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:17:50.0593 4664 cmdide - ok
19:17:50.0620 4664 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:17:50.0623 4664 Compbatt - ok
19:17:50.0734 4664 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:17:50.0737 4664 crcdisk - ok
19:17:50.0787 4664 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:17:50.0791 4664 Crusoe - ok
19:17:50.0980 4664 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:17:50.0984 4664 DfsC - ok
19:17:51.0121 4664 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:17:51.0125 4664 disk - ok
19:17:51.0169 4664 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
19:17:51.0171 4664 DKbFltr - ok
19:17:51.0240 4664 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
19:17:51.0243 4664 DritekPortIO - ok
19:17:51.0395 4664 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:17:51.0397 4664 drmkaud - ok
19:17:51.0480 4664 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:17:51.0503 4664 DXGKrnl - ok
19:17:51.0605 4664 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:17:51.0611 4664 E1G60 - ok
19:17:51.0687 4664 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:17:51.0694 4664 Ecache - ok
19:17:51.0838 4664 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:17:51.0857 4664 elxstor - ok
19:17:51.0920 4664 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:17:51.0923 4664 ErrDev - ok
19:17:52.0073 4664 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:17:52.0079 4664 exfat - ok
19:17:52.0155 4664 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:17:52.0162 4664 fastfat - ok
19:17:52.0240 4664 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:17:52.0243 4664 fdc - ok
19:17:52.0314 4664 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:17:52.0317 4664 FileInfo - ok
19:17:52.0342 4664 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:17:52.0345 4664 Filetrace - ok
19:17:52.0443 4664 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:17:52.0446 4664 flpydisk - ok
19:17:52.0584 4664 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:17:52.0591 4664 FltMgr - ok
19:17:52.0690 4664 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:17:52.0692 4664 Fs_Rec - ok
19:17:52.0751 4664 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:17:52.0755 4664 gagp30kx - ok
19:17:52.0826 4664 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
19:17:52.0829 4664 giveio - ok
19:17:53.0030 4664 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:17:53.0041 4664 HdAudAddService - ok
19:17:53.0191 4664 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:17:53.0210 4664 HDAudBus - ok
19:17:53.0320 4664 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:17:53.0324 4664 HidBth - ok
19:17:53.0373 4664 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:17:53.0377 4664 HidIr - ok
19:17:53.0526 4664 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:17:53.0529 4664 HidUsb - ok
19:17:53.0575 4664 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:17:53.0579 4664 HpCISSs - ok
19:17:53.0701 4664 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:17:53.0715 4664 HTTP - ok
19:17:53.0815 4664 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:17:53.0818 4664 i2omp - ok
19:17:53.0948 4664 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:17:53.0951 4664 i8042prt - ok
19:17:54.0063 4664 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:17:54.0073 4664 iaStorV - ok
19:17:54.0512 4664 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:17:54.0799 4664 igfx - ok
19:17:54.0915 4664 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:17:54.0918 4664 iirsp - ok
19:17:55.0004 4664 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
19:17:55.0007 4664 int15 - ok
19:17:55.0165 4664 IntcAzAudAddService (cf2219a2fed4f8f2e0817a2bf1658799) C:\Windows\system32\drivers\RTKVHDA.sys
19:17:55.0271 4664 IntcAzAudAddService - ok
19:17:55.0389 4664 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:17:55.0391 4664 intelide - ok
19:17:55.0452 4664 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:17:55.0455 4664 intelppm - ok
19:17:55.0599 4664 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:17:55.0602 4664 IpFilterDriver - ok
19:17:55.0646 4664 IpInIp - ok
19:17:55.0693 4664 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:17:55.0696 4664 IPMIDRV - ok
19:17:55.0729 4664 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:17:55.0734 4664 IPNAT - ok
19:17:55.0832 4664 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:17:55.0837 4664 IRENUM - ok
19:17:55.0945 4664 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:17:55.0949 4664 isapnp - ok
19:17:56.0047 4664 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:17:56.0054 4664 iScsiPrt - ok
19:17:56.0169 4664 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:17:56.0173 4664 iteatapi - ok
19:17:56.0232 4664 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:17:56.0235 4664 iteraid - ok
19:17:56.0343 4664 JMCR (fa4a5b32cae6074205b26971191efee4) C:\Windows\system32\DRIVERS\jmcr.sys
19:17:56.0347 4664 JMCR - ok
19:17:56.0415 4664 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:17:56.0418 4664 kbdclass - ok
19:17:56.0529 4664 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
19:17:56.0532 4664 kbdhid - ok
19:17:56.0621 4664 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:17:56.0634 4664 KSecDD - ok
19:17:56.0766 4664 kwkxusb - ok
19:17:56.0835 4664 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:17:56.0839 4664 lltdio - ok
19:17:56.0916 4664 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:17:56.0922 4664 LSI_FC - ok
19:17:57.0022 4664 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:17:57.0026 4664 LSI_SAS - ok
19:17:57.0091 4664 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:17:57.0096 4664 LSI_SCSI - ok
19:17:57.0192 4664 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:17:57.0196 4664 luafv - ok
19:17:57.0400 4664 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:17:57.0404 4664 megasas - ok
19:17:57.0479 4664 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:17:57.0492 4664 MegaSR - ok
19:17:57.0614 4664 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
19:17:57.0619 4664 mfeapfk - ok
19:17:57.0660 4664 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
19:17:57.0667 4664 mfeavfk - ok
19:17:57.0755 4664 mfeavfk01 - ok
19:17:57.0798 4664 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
19:17:57.0802 4664 mfebopk - ok
19:17:57.0858 4664 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
19:17:57.0872 4664 mfefirek - ok
19:17:58.0004 4664 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
19:17:58.0020 4664 mfehidk - ok
19:17:58.0149 4664 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
19:17:58.0153 4664 mfenlfk - ok
19:17:58.0197 4664 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
19:17:58.0203 4664 mferkdet - ok
19:17:58.0348 4664 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
19:17:58.0354 4664 mfewfpk - ok
19:17:58.0510 4664 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:17:58.0513 4664 Modem - ok
19:17:58.0565 4664 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:17:58.0568 4664 monitor - ok
19:17:58.0599 4664 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:17:58.0602 4664 mouclass - ok
19:17:58.0697 4664 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:17:58.0699 4664 mouhid - ok
19:17:58.0735 4664 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:17:58.0738 4664 MountMgr - ok
19:17:58.0846 4664 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:17:58.0857 4664 mpio - ok
19:17:58.0901 4664 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:17:58.0905 4664 mpsdrv - ok
19:17:58.0944 4664 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:17:58.0953 4664 Mraid35x - ok
19:17:59.0063 4664 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:17:59.0068 4664 MRxDAV - ok
19:17:59.0139 4664 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:17:59.0144 4664 mrxsmb - ok
19:17:59.0274 4664 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:17:59.0283 4664 mrxsmb10 - ok
19:17:59.0374 4664 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:17:59.0378 4664 mrxsmb20 - ok
19:17:59.0501 4664 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
19:17:59.0504 4664 msahci - ok
19:17:59.0542 4664 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:17:59.0548 4664 msdsm - ok
19:17:59.0669 4664 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:17:59.0672 4664 Msfs - ok
19:17:59.0717 4664 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:17:59.0720 4664 msisadrv - ok
19:17:59.0839 4664 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:17:59.0842 4664 MSKSSRV - ok
19:17:59.0931 4664 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:17:59.0934 4664 MSPCLOCK - ok
19:18:00.0038 4664 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:18:00.0040 4664 MSPQM - ok
19:18:00.0099 4664 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:18:00.0107 4664 MsRPC - ok
19:18:00.0211 4664 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:18:00.0214 4664 mssmbios - ok
19:18:00.0280 4664 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:18:00.0282 4664 MSTEE - ok
19:18:00.0328 4664 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:18:00.0331 4664 Mup - ok
19:18:00.0471 4664 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:18:00.0477 4664 NativeWifiP - ok
19:18:00.0569 4664 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:18:00.0587 4664 NDIS - ok
19:18:00.0681 4664 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:18:00.0684 4664 NdisTapi - ok
19:18:00.0723 4664 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:18:00.0726 4664 Ndisuio - ok
19:18:00.0766 4664 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:18:00.0771 4664 NdisWan - ok
19:18:00.0917 4664 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:18:00.0920 4664 NDProxy - ok
19:18:00.0948 4664 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:18:00.0954 4664 NetBIOS - ok
19:18:01.0015 4664 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:18:01.0022 4664 netbt - ok
19:18:01.0152 4664 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:18:01.0156 4664 nfrd960 - ok
19:18:01.0211 4664 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:18:01.0214 4664 Npfs - ok
19:18:01.0336 4664 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:18:01.0339 4664 nsiproxy - ok
19:18:01.0429 4664 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:18:01.0466 4664 Ntfs - ok
19:18:01.0582 4664 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
19:18:01.0586 4664 NTIDrvr - ok
19:18:01.0677 4664 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
19:18:01.0683 4664 NTIPPKernel - ok
19:18:01.0820 4664 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:18:01.0823 4664 ntrigdigi - ok
19:18:01.0904 4664 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:18:01.0907 4664 Null - ok
19:18:01.0944 4664 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:18:01.0949 4664 nvraid - ok
19:18:02.0047 4664 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:18:02.0050 4664 nvstor - ok
19:18:02.0096 4664 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:18:02.0102 4664 nv_agp - ok
19:18:02.0122 4664 NwlnkFlt - ok
19:18:02.0144 4664 NwlnkFwd - ok
19:18:02.0261 4664 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:18:02.0265 4664 ohci1394 - ok
19:18:02.0458 4664 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:18:02.0463 4664 Parport - ok
19:18:02.0532 4664 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:18:02.0536 4664 partmgr - ok
19:18:02.0630 4664 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:18:02.0632 4664 Parvdm - ok
19:18:02.0684 4664 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:18:02.0692 4664 pci - ok
19:18:02.0725 4664 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:18:02.0728 4664 pciide - ok
19:18:02.0839 4664 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:18:02.0851 4664 pcmcia - ok
19:18:02.0959 4664 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:18:02.0991 4664 PEAUTH - ok
19:18:03.0186 4664 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:18:03.0191 4664 PptpMiniport - ok
19:18:03.0251 4664 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:18:03.0254 4664 Processor - ok
19:18:03.0390 4664 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:18:03.0393 4664 PSched - ok
19:18:03.0440 4664 PSDFilter (628321c8dd76ad369b362b202e655a68) C:\Windows\system32\DRIVERS\psdfilter.sys
19:18:03.0443 4664 PSDFilter - ok
19:18:03.0536 4664 PSDNServ (79d7117e62709c7690cf3dd55acead37) C:\Windows\system32\DRIVERS\PSDNServ.sys
19:18:03.0540 4664 PSDNServ - ok
19:18:03.0596 4664 psdvdisk (cae5e82827990cf4bd4a49576bde3a43) C:\Windows\system32\DRIVERS\PSDVdisk.sys
19:18:03.0600 4664 psdvdisk - ok
19:18:03.0750 4664 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:18:03.0787 4664 ql2300 - ok
19:18:03.0967 4664 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:18:03.0973 4664 ql40xx - ok
19:18:04.0014 4664 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:18:04.0019 4664 QWAVEdrv - ok
19:18:04.0058 4664 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:18:04.0061 4664 RasAcd - ok
19:18:04.0149 4664 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:18:04.0153 4664 Rasl2tp - ok
19:18:04.0256 4664 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:18:04.0260 4664 RasPppoe - ok
19:18:04.0350 4664 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:18:04.0355 4664 RasSstp - ok
19:18:04.0428 4664 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:18:04.0437 4664 rdbss - ok
19:18:04.0500 4664 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:18:04.0502 4664 RDPCDD - ok
19:18:04.0599 4664 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:18:04.0608 4664 rdpdr - ok
19:18:04.0690 4664 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:18:04.0693 4664 RDPENCDD - ok
19:18:04.0777 4664 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:18:04.0784 4664 RDPWD - ok
19:18:04.0933 4664 RimUsb - ok
19:18:04.0990 4664 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
19:18:04.0999 4664 RimVSerPort - ok
19:18:05.0088 4664 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
19:18:05.0094 4664 ROOTMODEM - ok
19:18:05.0189 4664 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:18:05.0194 4664 rspndr - ok
19:18:05.0295 4664 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:18:05.0301 4664 RTL8169 - ok
19:18:05.0371 4664 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:18:05.0375 4664 sbp2port - ok
19:18:05.0487 4664 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
19:18:05.0499 4664 sdbus - ok
19:18:05.0554 4664 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:18:05.0558 4664 secdrv - ok
19:18:05.0613 4664 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:18:05.0616 4664 Serenum - ok
19:18:05.0649 4664 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:18:05.0655 4664 Serial - ok
19:18:05.0739 4664 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:18:05.0745 4664 sermouse - ok
19:18:05.0893 4664 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:18:05.0895 4664 sffdisk - ok
19:18:05.0977 4664 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:18:05.0980 4664 sffp_mmc - ok
19:18:06.0049 4664 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:18:06.0053 4664 sffp_sd - ok
19:18:06.0136 4664 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:18:06.0139 4664 sfloppy - ok
19:18:06.0206 4664 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:18:06.0226 4664 Sftfs - ok
19:18:06.0377 4664 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:18:06.0385 4664 Sftplay - ok
19:18:06.0447 4664 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:18:06.0450 4664 Sftredir - ok
19:18:06.0528 4664 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:18:06.0531 4664 Sftvol - ok
19:18:06.0595 4664 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:18:06.0599 4664 sisagp - ok
19:18:06.0653 4664 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:18:06.0656 4664 SiSRaid2 - ok
19:18:06.0746 4664 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:18:06.0751 4664 SiSRaid4 - ok
19:18:06.0825 4664 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:18:06.0829 4664 Smb - ok
19:18:06.0964 4664 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
19:18:06.0970 4664 speedfan - ok
19:18:07.0060 4664 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:18:07.0063 4664 spldr - ok
19:18:07.0203 4664 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
19:18:07.0203 4664 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
19:18:07.0218 4664 sptd ( LockedFile.Multi.Generic ) - warning
19:18:07.0218 4664 sptd - detected LockedFile.Multi.Generic (1)
19:18:07.0357 4664 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:18:07.0368 4664 srv - ok
19:18:07.0511 4664 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:18:07.0519 4664 srv2 - ok
19:18:07.0590 4664 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:18:07.0595 4664 srvnet - ok
19:18:07.0710 4664 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:18:07.0713 4664 swenum - ok
19:18:07.0765 4664 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:18:07.0768 4664 Symc8xx - ok
19:18:07.0799 4664 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:18:07.0802 4664 Sym_hi - ok
19:18:07.0969 4664 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:18:07.0972 4664 Sym_u3 - ok
19:18:08.0109 4664 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:18:08.0140 4664 Tcpip - ok
19:18:08.0320 4664 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:18:08.0337 4664 Tcpip6 - ok
19:18:08.0484 4664 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:18:08.0487 4664 tcpipreg - ok
19:18:08.0540 4664 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:18:08.0548 4664 TDPIPE - ok
19:18:08.0660 4664 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:18:08.0663 4664 TDTCP - ok
19:18:08.0709 4664 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:18:08.0713 4664 tdx - ok
19:18:08.0812 4664 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:18:08.0816 4664 TermDD - ok
19:18:08.0922 4664 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:18:08.0925 4664 tssecsrv - ok
19:18:09.0025 4664 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:18:09.0028 4664 tunmp - ok
19:18:09.0063 4664 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:18:09.0066 4664 tunnel - ok
19:18:09.0110 4664 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:18:09.0114 4664 uagp35 - ok
19:18:09.0205 4664 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
19:18:09.0208 4664 UBHelper - ok
19:18:09.0317 4664 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:18:09.0326 4664 udfs - ok
19:18:09.0431 4664 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:18:09.0435 4664 uliagpkx - ok
19:18:09.0510 4664 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:18:09.0520 4664 uliahci - ok
19:18:09.0621 4664 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:18:09.0626 4664 UlSata - ok
19:18:09.0672 4664 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:18:09.0678 4664 ulsata2 - ok
19:18:09.0709 4664 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:18:09.0713 4664 umbus - ok
19:18:09.0829 4664 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:18:09.0834 4664 usbccgp - ok
19:18:09.0908 4664 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:18:09.0912 4664 usbcir - ok
19:18:10.0037 4664 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:18:10.0040 4664 usbehci - ok
19:18:10.0174 4664 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:18:10.0181 4664 usbhub - ok
19:18:10.0304 4664 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:18:10.0308 4664 usbohci - ok
19:18:10.0383 4664 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:18:10.0387 4664 usbprint - ok
19:18:10.0503 4664 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:18:10.0507 4664 usbscan - ok
19:18:10.0611 4664 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:18:10.0616 4664 USBSTOR - ok
19:18:10.0701 4664 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:18:10.0704 4664 usbuhci - ok
19:18:10.0841 4664 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:18:10.0855 4664 usbvideo - ok
19:18:10.0928 4664 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:18:10.0932 4664 vga - ok
19:18:11.0035 4664 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:18:11.0038 4664 VgaSave - ok
19:18:11.0081 4664 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:18:11.0085 4664 viaagp - ok
19:18:11.0130 4664 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:18:11.0133 4664 ViaC7 - ok
19:18:11.0232 4664 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:18:11.0235 4664 viaide - ok
19:18:11.0315 4664 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:18:11.0319 4664 volmgr - ok
19:18:11.0435 4664 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:18:11.0447 4664 volmgrx - ok
19:18:11.0511 4664 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:18:11.0522 4664 volsnap - ok
19:18:11.0609 4664 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:18:11.0615 4664 vsmraid - ok
19:18:11.0686 4664 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:18:11.0689 4664 WacomPen - ok
19:18:11.0741 4664 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:18:11.0745 4664 Wanarp - ok
19:18:11.0754 4664 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:18:11.0765 4664 Wanarpv6 - ok
19:18:11.0907 4664 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:18:11.0910 4664 Wd - ok
19:18:11.0983 4664 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
19:18:11.0986 4664 WDC_SAM - ok
19:18:12.0087 4664 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:18:12.0110 4664 Wdf01000 - ok
19:18:12.0395 4664 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
19:18:12.0399 4664 WinUSB - ok
19:18:12.0541 4664 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:18:12.0545 4664 WmiAcpi - ok
19:18:12.0706 4664 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:18:12.0710 4664 WpdUsb - ok
19:18:12.0896 4664 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:18:12.0899 4664 ws2ifsl - ok
19:18:12.0973 4664 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:18:12.0976 4664 WSDPrintDevice - ok
19:18:13.0121 4664 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
19:18:13.0133 4664 WudfPf - ok
19:18:13.0249 4664 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:18:13.0256 4664 WUDFRd - ok
19:18:13.0393 4664 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
19:18:13.0396 4664 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
19:18:13.0420 4664 MBR (0x1B8) (ef9cdc51b437d322d54016b68f003416) \Device\Harddisk0\DR0
19:18:18.0440 4664 \Device\Harddisk0\DR0 - ok
19:18:18.0459 4664 Boot (0x1200) (6a38443983083e85389d569ba4cbb9a8) \Device\Harddisk0\DR0\Partition0
19:18:18.0462 4664 \Device\Harddisk0\DR0\Partition0 - ok
19:18:18.0482 4664 Boot (0x1200) (207ef27b195e98348d261442766d1250) \Device\Harddisk0\DR0\Partition1
19:18:18.0485 4664 \Device\Harddisk0\DR0\Partition1 - ok
19:18:18.0486 4664 ============================================================
19:18:18.0486 4664 Scan finished
19:18:18.0486 4664 ============================================================
19:18:18.0516 4840 Detected object count: 1
19:18:18.0516 4840 Actual detected object count: 1
19:18:36.0008 4840 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:18:36.0008 4840 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:20:26.0281 5532 ============================================================
19:20:26.0281 5532 Scan started
19:20:26.0281 5532 Mode: Manual; SigCheck; TDLFS;
19:20:26.0281 5532 ============================================================
19:20:26.0614 5532 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:20:26.0902 5532 ACPI - ok
19:20:27.0020 5532 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:20:27.0097 5532 adp94xx - ok
19:20:27.0214 5532 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:20:27.0252 5532 adpahci - ok
19:20:27.0281 5532 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:20:27.0315 5532 adpu160m - ok
19:20:27.0349 5532 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:20:27.0382 5532 adpu320 - ok
19:20:27.0515 5532 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:20:27.0640 5532 AFD - ok
19:20:27.0806 5532 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
19:20:27.0990 5532 AgereSoftModem - ok
19:20:28.0106 5532 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:20:28.0135 5532 agp440 - ok
19:20:28.0182 5532 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:20:28.0213 5532 aic78xx - ok
19:20:28.0319 5532 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:20:28.0347 5532 aliide - ok
19:20:28.0385 5532 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:20:28.0414 5532 amdagp - ok
19:20:28.0506 5532 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:20:28.0534 5532 amdide - ok
19:20:28.0586 5532 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:20:28.0757 5532 AmdK7 - ok
19:20:28.0928 5532 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:20:29.0011 5532 AmdK8 - ok
19:20:29.0074 5532 ApfiltrService (0ed1a5b7a8ae5939a92ea1ec39e16d21) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:20:29.0153 5532 ApfiltrService - ok
19:20:29.0253 5532 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:20:29.0284 5532 arc - ok
19:20:29.0358 5532 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:20:29.0388 5532 arcsas - ok
19:20:29.0468 5532 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:20:29.0561 5532 AsyncMac - ok
19:20:29.0677 5532 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:20:29.0709 5532 atapi - ok
19:20:29.0781 5532 athr (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
19:20:29.0918 5532 athr - ok
19:20:30.0122 5532 BCM43XX (e22abcaa7b6ff580feb0d49545dc4263) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:20:30.0195 5532 BCM43XX - ok
19:20:30.0315 5532 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:20:30.0405 5532 Beep - ok
19:20:30.0473 5532 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:20:30.0536 5532 blbdrive - ok
19:20:30.0617 5532 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:20:30.0740 5532 bowser - ok
19:20:30.0853 5532 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:20:31.0032 5532 BrFiltLo - ok
19:20:31.0154 5532 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:20:31.0224 5532 BrFiltUp - ok
19:20:31.0278 5532 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:20:31.0525 5532 Brserid - ok
19:20:31.0652 5532 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:20:31.0778 5532 BrSerWdm - ok
19:20:31.0976 5532 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:20:32.0102 5532 BrUsbMdm - ok
19:20:32.0135 5532 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:20:32.0268 5532 BrUsbSer - ok
19:20:32.0363 5532 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:20:32.0494 5532 BTHMODEM - ok
19:20:32.0614 5532 catchme - ok
19:20:32.0739 5532 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:20:32.0823 5532 cdfs - ok
19:20:32.0910 5532 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:20:32.0975 5532 cdrom - ok
19:20:33.0094 5532 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
19:20:33.0120 5532 cfwids - ok
19:20:33.0156 5532 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:20:33.0239 5532 circlass - ok
19:20:33.0344 5532 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:20:33.0383 5532 CLFS - ok
19:20:33.0465 5532 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:20:33.0540 5532 CmBatt - ok
19:20:33.0651 5532 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:20:33.0678 5532 cmdide - ok
19:20:33.0714 5532 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:20:33.0741 5532 Compbatt - ok
19:20:33.0763 5532 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:20:33.0792 5532 crcdisk - ok
19:20:33.0815 5532 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:20:33.0896 5532 Crusoe - ok
19:20:34.0030 5532 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:20:34.0116 5532 DfsC - ok
19:20:34.0226 5532 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:20:34.0259 5532 disk - ok
19:20:34.0318 5532 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
19:20:34.0343 5532 DKbFltr - ok
19:20:34.0412 5532 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
19:20:34.0437 5532 DritekPortIO - ok
19:20:34.0533 5532 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:20:34.0600 5532 drmkaud - ok
19:20:34.0664 5532 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:20:34.0789 5532 DXGKrnl - ok
19:20:34.0955 5532 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:20:35.0041 5532 E1G60 - ok
19:20:35.0103 5532 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:20:35.0136 5532 Ecache - ok
19:20:35.0254 5532 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:20:35.0294 5532 elxstor - ok
19:20:35.0370 5532 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:20:35.0450 5532 ErrDev - ok
19:20:35.0567 5532 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:20:35.0657 5532 exfat - ok
19:20:35.0793 5532 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:20:35.0870 5532 fastfat - ok
19:20:35.0989 5532 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:20:36.0071 5532 fdc - ok
19:20:36.0119 5532 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:20:36.0148 5532 FileInfo - ok
19:20:36.0181 5532 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:20:36.0248 5532 Filetrace - ok
19:20:36.0337 5532 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:20:36.0432 5532 flpydisk - ok
19:20:36.0523 5532 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:20:36.0559 5532 FltMgr - ok
19:20:36.0651 5532 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:20:36.0723 5532 Fs_Rec - ok
19:20:36.0778 5532 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:20:36.0808 5532 gagp30kx - ok
19:20:36.0920 5532 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
19:20:36.0947 5532 giveio ( UnsignedFile.Multi.Generic ) - warning
19:20:36.0947 5532 giveio - detected UnsignedFile.Multi.Generic (1)
19:20:37.0068 5532 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:20:37.0211 5532 HdAudAddService - ok
19:20:37.0318 5532 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:20:37.0411 5532 HDAudBus - ok
19:20:37.0525 5532 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:20:37.0663 5532 HidBth - ok
19:20:37.0790 5532 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:20:37.0937 5532 HidIr - ok
19:20:38.0054 5532 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:20:38.0131 5532 HidUsb - ok
19:20:38.0258 5532 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:20:38.0286 5532 HpCISSs - ok
19:20:38.0354 5532 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:20:38.0499 5532 HTTP - ok
19:20:38.0609 5532 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:20:38.0638 5532 i2omp - ok
19:20:38.0698 5532 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:20:38.0763 5532 i8042prt - ok
19:20:38.0923 5532 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:20:38.0957 5532 iaStorV - ok
19:20:39.0336 5532 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:20:39.0807 5532 igfx - ok
19:20:39.0932 5532 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:20:39.0960 5532 iirsp - ok
19:20:40.0032 5532 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
19:20:40.0056 5532 int15 - ok
19:20:40.0149 5532 IntcAzAudAddService (cf2219a2fed4f8f2e0817a2bf1658799) C:\Windows\system32\drivers\RTKVHDA.sys
19:20:40.0274 5532 IntcAzAudAddService - ok
19:20:40.0396 5532 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:20:40.0426 5532 intelide - ok
19:20:40.0468 5532 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:20:40.0550 5532 intelppm - ok
19:20:40.0660 5532 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:20:40.0750 5532 IpFilterDriver - ok
19:20:40.0786 5532 IpInIp - ok
19:20:40.0832 5532 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:20:40.0956 5532 IPMIDRV - ok
19:20:41.0056 5532 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:20:41.0124 5532 IPNAT - ok
19:20:41.0182 5532 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:20:41.0257 5532 IRENUM - ok
19:20:41.0361 5532 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:20:41.0389 5532 isapnp - ok
19:20:41.0441 5532 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:20:41.0476 5532 iScsiPrt - ok
19:20:41.0564 5532 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:20:41.0592 5532 iteatapi - ok
19:20:41.0648 5532 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:20:41.0678 5532 iteraid - ok
19:20:41.0770 5532 JMCR (fa4a5b32cae6074205b26971191efee4) C:\Windows\system32\DRIVERS\jmcr.sys
19:20:41.0846 5532 JMCR - ok
19:20:41.0987 5532 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:20:42.0016 5532 kbdclass - ok
19:20:42.0057 5532 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
19:20:42.0135 5532 kbdhid - ok
19:20:42.0282 5532 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:20:42.0348 5532 KSecDD - ok
19:20:42.0460 5532 kwkxusb - ok
19:20:42.0529 5532 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:20:42.0594 5532 lltdio - ok
19:20:42.0644 5532 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:20:42.0680 5532 LSI_FC - ok
19:20:42.0782 5532 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:20:42.0812 5532 LSI_SAS - ok
19:20:42.0852 5532 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:20:42.0889 5532 LSI_SCSI - ok
19:20:42.0986 5532 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:20:43.0073 5532 luafv - ok
19:20:43.0238 5532 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:20:43.0268 5532 megasas - ok
19:20:43.0329 5532 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:20:43.0375 5532 MegaSR - ok
19:20:43.0475 5532 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
19:20:43.0502 5532 mfeapfk - ok
19:20:43.0543 5532 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
19:20:43.0574 5532 mfeavfk - ok
19:20:43.0663 5532 mfeavfk01 - ok
19:20:43.0714 5532 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
19:20:43.0740 5532 mfebopk - ok
19:20:43.0777 5532 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
19:20:43.0816 5532 mfefirek - ok
19:20:43.0987 5532 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
19:20:44.0063 5532 mfehidk - ok
19:20:44.0155 5532 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
19:20:44.0182 5532 mfenlfk - ok
19:20:44.0269 5532 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
19:20:44.0297 5532 mferkdet - ok
19:20:44.0365 5532 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
19:20:44.0393 5532 mfewfpk - ok
19:20:44.0493 5532 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:20:44.0577 5532 Modem - ok
19:20:44.0615 5532 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:20:44.0698 5532 monitor - ok
19:20:44.0782 5532 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:20:44.0811 5532 mouclass - ok
19:20:44.0846 5532 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:20:44.0963 5532 mouhid - ok
19:20:45.0051 5532 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:20:45.0080 5532 MountMgr - ok
19:20:45.0128 5532 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:20:45.0160 5532 mpio - ok
19:20:45.0195 5532 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:20:45.0268 5532 mpsdrv - ok
19:20:45.0360 5532 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:20:45.0388 5532 Mraid35x - ok
19:20:45.0469 5532 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:20:45.0575 5532 MRxDAV - ok
19:20:45.0689 5532 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:20:45.0773 5532 mrxsmb - ok
19:20:45.0979 5532 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:20:46.0035 5532 mrxsmb10 - ok
19:20:46.0157 5532 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:20:46.0216 5532 mrxsmb20 - ok
19:20:46.0273 5532 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
19:20:46.0303 5532 msahci - ok
19:20:46.0403 5532 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:20:46.0435 5532 msdsm - ok
19:20:46.0485 5532 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:20:46.0562 5532 Msfs - ok
19:20:46.0656 5532 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:20:46.0685 5532 msisadrv - ok
19:20:46.0744 5532 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:20:46.0823 5532 MSKSSRV - ok
19:20:46.0925 5532 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:20:47.0039 5532 MSPCLOCK - ok
19:20:47.0086 5532 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:20:47.0167 5532 MSPQM - ok
19:20:47.0282 5532 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:20:47.0318 5532 MsRPC - ok
19:20:47.0349 5532 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:20:47.0377 5532 mssmbios - ok
19:20:47.0418 5532 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:20:47.0499 5532 MSTEE - ok
19:20:47.0611 5532 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:20:47.0641 5532 Mup - ok
19:20:47.0698 5532 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:20:47.0760 5532 NativeWifiP - ok
19:20:47.0873 5532 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:20:47.0931 5532 NDIS - ok
19:20:48.0053 5532 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:20:48.0120 5532 NdisTapi - ok
19:20:48.0250 5532 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:20:48.0312 5532 Ndisuio - ok
19:20:48.0371 5532 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:20:48.0444 5532 NdisWan - ok
19:20:48.0533 5532 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:20:48.0599 5532 NDProxy - ok
19:20:48.0720 5532 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:20:48.0799 5532 NetBIOS - ok
19:20:48.0853 5532 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:20:48.0910 5532 netbt - ok
19:20:49.0035 5532 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:20:49.0062 5532 nfrd960 - ok
19:20:49.0113 5532 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:20:49.0184 5532 Npfs - ok
19:20:49.0285 5532 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:20:49.0380 5532 nsiproxy - ok
19:20:49.0489 5532 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:20:49.0572 5532 Ntfs - ok
19:20:49.0687 5532 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
19:20:49.0717 5532 NTIDrvr - ok
19:20:49.0793 5532 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
19:20:49.0831 5532 NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning
19:20:49.0831 5532 NTIPPKernel - detected UnsignedFile.Multi.Generic (1)
19:20:49.0959 5532 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:20:50.0085 5532 ntrigdigi - ok
19:20:50.0198 5532 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:20:50.0279 5532 Null - ok
19:20:50.0405 5532 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:20:50.0435 5532 nvraid - ok
19:20:50.0486 5532 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:20:50.0514 5532 nvstor - ok
19:20:50.0612 5532 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:20:50.0643 5532 nv_agp - ok
19:20:50.0673 5532 NwlnkFlt - ok
19:20:50.0694 5532 NwlnkFwd - ok
19:20:50.0744 5532 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:20:50.0849 5532 ohci1394 - ok
19:20:50.0996 5532 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:20:51.0114 5532 Parport - ok
19:20:51.0259 5532 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:20:51.0290 5532 partmgr - ok
19:20:51.0335 5532 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:20:51.0457 5532 Parvdm - ok
19:20:51.0580 5532 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:20:51.0632 5532 pci - ok
19:20:51.0741 5532 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:20:51.0769 5532 pciide - ok
19:20:51.0822 5532 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:20:51.0855 5532 pcmcia - ok
19:20:51.0976 5532 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:20:52.0119 5532 PEAUTH - ok
19:20:52.0336 5532 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:20:52.0418 5532 PptpMiniport - ok
19:20:52.0545 5532 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:20:52.0607 5532 Processor - ok
19:20:52.0673 5532 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:20:52.0749 5532 PSched - ok
19:20:52.0834 5532 PSDFilter (628321c8dd76ad369b362b202e655a68) C:\Windows\system32\DRIVERS\psdfilter.sys
19:20:52.0861 5532 PSDFilter - ok
19:20:52.0901 5532 PSDNServ (79d7117e62709c7690cf3dd55acead37) C:\Windows\system32\DRIVERS\PSDNServ.sys
19:20:52.0925 5532 PSDNServ - ok
19:20:52.0957 5532 psdvdisk (cae5e82827990cf4bd4a49576bde3a43) C:\Windows\system32\DRIVERS\PSDVdisk.sys
19:20:52.0983 5532 psdvdisk - ok
19:20:53.0120 5532 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:20:53.0208 5532 ql2300 - ok
19:20:53.0339 5532 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:20:53.0368 5532 ql40xx - ok
19:20:53.0408 5532 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:20:53.0487 5532 QWAVEdrv - ok
19:20:53.0586 5532 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:20:53.0668 5532 RasAcd - ok
19:20:53.0754 5532 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:20:53.0818 5532 Rasl2tp - ok
19:20:53.0917 5532 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:20:53.0996 5532 RasPppoe - ok
19:20:54.0133 5532 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:20:54.0191 5532 RasSstp - ok
19:20:54.0334 5532 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:20:54.0389 5532 rdbss - ok
19:20:54.0505 5532 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:20:54.0584 5532 RDPCDD - ok
19:20:54.0648 5532 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:20:54.0717 5532 rdpdr - ok
19:20:54.0806 5532 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:20:54.0894 5532 RDPENCDD - ok
19:20:54.0959 5532 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:20:55.0030 5532 RDPWD - ok
19:20:55.0127 5532 RimUsb - ok
19:20:55.0195 5532 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
19:20:55.0245 5532 RimVSerPort - ok
19:20:55.0337 5532 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
19:20:55.0418 5532 ROOTMODEM - ok
19:20:55.0517 5532 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:20:55.0581 5532 rspndr - ok
19:20:55.0655 5532 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:20:55.0747 5532 RTL8169 - ok
19:20:55.0854 5532 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:20:55.0891 5532 sbp2port - ok
19:20:55.0959 5532 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
19:20:56.0042 5532 sdbus - ok
19:20:56.0143 5532 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:20:56.0270 5532 secdrv - ok
19:20:56.0318 5532 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:20:56.0437 5532 Serenum - ok
19:20:56.0543 5532 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:20:56.0672 5532 Serial - ok
19:20:56.0711 5532 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:20:56.0788 5532 sermouse - ok
19:20:56.0920 5532 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:20:56.0970 5532 sffdisk - ok
19:20:57.0016 5532 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:20:57.0094 5532 sffp_mmc - ok
19:20:57.0210 5532 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:20:57.0298 5532 sffp_sd - ok
19:20:57.0330 5532 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:20:57.0450 5532 sfloppy - ok
19:20:57.0577 5532 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:20:57.0640 5532 Sftfs - ok
19:20:57.0783 5532 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:20:57.0816 5532 Sftplay - ok
19:20:57.0874 5532 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:20:57.0900 5532 Sftredir - ok
19:20:57.0977 5532 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:20:58.0006 5532 Sftvol - ok
19:20:58.0067 5532 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:20:58.0096 5532 sisagp - ok
19:20:58.0146 5532 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:20:58.0175 5532 SiSRaid2 - ok
19:20:58.0273 5532 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:20:58.0303 5532 SiSRaid4 - ok
19:20:58.0374 5532 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:20:58.0440 5532 Smb - ok
19:20:58.0532 5532 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
19:20:58.0566 5532 speedfan - ok
19:20:58.0654 5532 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:20:58.0683 5532 spldr - ok
19:20:58.0773 5532 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
19:20:58.0773 5532 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
19:20:58.0781 5532 sptd ( LockedFile.Multi.Generic ) - warning
19:20:58.0781 5532 sptd - detected LockedFile.Multi.Generic (1)
19:20:58.0918 5532 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:20:59.0023 5532 srv - ok
19:20:59.0154 5532 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:20:59.0233 5532 srv2 - ok
19:20:59.0378 5532 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:20:59.0415 5532 srvnet - ok
19:20:59.0470 5532 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:20:59.0498 5532 swenum - ok
19:20:59.0603 5532 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:20:59.0632 5532 Symc8xx - ok
19:20:59.0670 5532 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:20:59.0698 5532 Sym_hi - ok
19:20:59.0729 5532 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:20:59.0758 5532 Sym_u3 - ok
19:20:59.0957 5532 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:21:00.0038 5532 Tcpip - ok
19:21:00.0224 5532 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:21:00.0299 5532 Tcpip6 - ok
19:21:00.0422 5532 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:21:00.0530 5532 tcpipreg - ok
19:21:00.0657 5532 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:21:00.0732 5532 TDPIPE - ok
19:21:00.0776 5532 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:21:00.0841 5532 TDTCP - ok
19:21:00.0936 5532 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:21:01.0010 5532 tdx - ok
19:21:01.0151 5532 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:21:01.0182 5532 TermDD - ok
19:21:01.0260 5532 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:21:01.0339 5532 tssecsrv - ok
19:21:01.0441 5532 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:21:01.0533 5532 tunmp - ok
19:21:01.0638 5532 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:21:01.0698 5532 tunnel - ok
19:21:01.0759 5532 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:21:01.0795 5532 uagp35 - ok
19:21:01.0877 5532 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
19:21:01.0908 5532 UBHelper - ok
19:21:01.0971 5532 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:21:02.0031 5532 udfs - ok
19:21:02.0136 5532 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:21:02.0171 5532 uliagpkx - ok
19:21:02.0237 5532 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:21:02.0276 5532 uliahci - ok
19:21:02.0327 5532 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:21:02.0365 5532 UlSata - ok
19:21:02.0455 5532 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:21:02.0487 5532 ulsata2 - ok
19:21:02.0529 5532 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:21:02.0605 5532 umbus - ok
19:21:02.0657 5532 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:21:02.0728 5532 usbccgp - ok
19:21:02.0824 5532 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:21:02.0949 5532 usbcir - ok
19:21:03.0019 5532 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:21:03.0096 5532 usbehci - ok
19:21:03.0201 5532 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:21:03.0256 5532 usbhub - ok
19:21:03.0320 5532 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:21:03.0426 5532 usbohci - ok
19:21:03.0598 5532 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:21:03.0660 5532 usbprint - ok
19:21:03.0719 5532 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:21:03.0784 5532 usbscan - ok
19:21:03.0894 5532 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:21:03.0958 5532 USBSTOR - ok
19:21:04.0028 5532 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:21:04.0100 5532 usbuhci - ok
19:21:04.0201 5532 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:21:04.0288 5532 usbvideo - ok
19:21:04.0366 5532 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:21:04.0457 5532 vga - ok
19:21:04.0540 5532 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:21:04.0618 5532 VgaSave - ok
19:21:04.0675 5532 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:21:04.0704 5532 viaagp - ok
19:21:04.0801 5532 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:21:04.0872 5532 ViaC7 - ok
19:21:04.0926 5532 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:21:04.0954 5532 viaide - ok
19:21:04.0987 5532 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:21:05.0016 5532 volmgr - ok
19:21:05.0129 5532 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:21:05.0169 5532 volmgrx - ok
19:21:05.0237 5532 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:21:05.0278 5532 volsnap - ok
19:21:05.0370 5532 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:21:05.0401 5532 vsmraid - ok
19:21:05.0469 5532 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:21:05.0588 5532 WacomPen - ok
19:21:05.0680 5532 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:21:05.0739 5532 Wanarp - ok
19:21:05.0747 5532 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:21:05.0801 5532 Wanarpv6 - ok
19:21:05.0868 5532 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:21:05.0897 5532 Wd - ok
19:21:05.0999 5532 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
19:21:06.0066 5532 WDC_SAM - ok
19:21:06.0148 5532 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:21:06.0200 5532 Wdf01000 - ok
19:21:06.0400 5532 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
19:21:06.0453 5532 WinUSB - ok
19:21:06.0524 5532 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:21:06.0592 5532 WmiAcpi - ok
19:21:06.0744 5532 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:21:06.0803 5532 WpdUsb - ok
19:21:06.0923 5532 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:21:07.0002 5532 ws2ifsl - ok
19:21:07.0067 5532 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:21:07.0120 5532 WSDPrintDevice - ok
19:21:07.0248 5532 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
19:21:07.0369 5532 WudfPf - ok
19:21:07.0488 5532 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:21:07.0526 5532 WUDFRd - ok
19:21:07.0642 5532 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
19:21:07.0668 5532 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
19:21:07.0692 5532 MBR (0x1B8) (ef9cdc51b437d322d54016b68f003416) \Device\Harddisk0\DR0
19:21:13.0023 5532 \Device\Harddisk0\DR0 - ok
19:21:13.0053 5532 Boot (0x1200) (6a38443983083e85389d569ba4cbb9a8) \Device\Harddisk0\DR0\Partition0
19:21:13.0055 5532 \Device\Harddisk0\DR0\Partition0 - ok
19:21:13.0076 5532 Boot (0x1200) (207ef27b195e98348d261442766d1250) \Device\Harddisk0\DR0\Partition1
19:21:13.0078 5532 \Device\Harddisk0\DR0\Partition1 - ok
19:21:13.0084 5532 ============================================================
19:21:13.0084 5532 Scan finished
19:21:13.0084 5532 ============================================================
19:21:13.0106 4392 Detected object count: 3
19:21:13.0106 4392 Actual detected object count: 3
19:22:08.0510 4392 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:08.0510 4392 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:22:08.0515 4392 NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user
19:22:08.0515 4392 NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:22:08.0519 4392 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:22:08.0519 4392 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:23:24.0624 5016 Deinitialize success

Edited by angelinhi, 25 February 2012 - 12:16 AM.

  • 0

#13
RKinner
Posted 25 February 2012 - 01:10 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If everything is running OK then I think we are done and can clean up.

We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP