Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ISASS.EXE, MDM.EXE, eating resources and freezing! [Solved]

Started by Stang5Liter , Mar 20 2012 10:35 AM

  • This topic is locked This topic is locked

#16
Stang5Liter
Posted 26 March 2012 - 11:33 PM

Stang5Liter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Computer running the same and after reboot the messages are still there. Here is the log:

All processes killed
========== OTL ==========
Error: No service named KWEDBTC was found to stop!
Service\Driver key KWEDBTC not found.
File C:\DOCUME~1\JB\LOCALS~1\Temp\KWEDBTC.exe not found.
Error: No service named MpKslff9ccd33 was found to stop!
Service\Driver key MpKslff9ccd33 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{707243B4-0342-41FC-86DC-A64209401D97}\MpKslff9ccd33.sys not found.
Error: No service named MpKslfaab6c1f was found to stop!
Service\Driver key MpKslfaab6c1f not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EB48F6F-BADE-404D-A3D9-2C6659CD6FAC}\MpKslfaab6c1f.sys not found.
Error: No service named MpKslf647daa5 was found to stop!
Service\Driver key MpKslf647daa5 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BBA0A1-D3E8-44AB-BC26-E07FB1B752E7}\MpKslf647daa5.sys not found.
Error: No service named MpKslf252574d was found to stop!
Service\Driver key MpKslf252574d not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ACD6C7E8-8011-4D1D-A5E3-9281FB7D93C9}\MpKslf252574d.sys not found.
Error: No service named MpKslef95ff82 was found to stop!
Service\Driver key MpKslef95ff82 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A6864CF-4298-4F05-809F-FA17CD1DB595}\MpKslef95ff82.sys not found.
Error: No service named MpKslebf1c042 was found to stop!
Service\Driver key MpKslebf1c042 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F75FD67-6BBB-42B3-A1A7-7369CED4353D}\MpKslebf1c042.sys not found.
Error: No service named MpKsle92b213c was found to stop!
Service\Driver key MpKsle92b213c not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A71AFF6-A213-4480-A627-D10999F2266E}\MpKsle92b213c.sys not found.
Error: No service named MpKsle484988c was found to stop!
Service\Driver key MpKsle484988c not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{707B8A73-CD4D-426A-8F68-C73FA85CD53C}\MpKsle484988c.sys not found.
Error: No service named MpKsle3b8f8ef was found to stop!
Service\Driver key MpKsle3b8f8ef not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED9D53E3-0CD1-4F7D-9424-07E2C1E059B3}\MpKsle3b8f8ef.sys not found.
Error: No service named MpKsldf539f37 was found to stop!
Service\Driver key MpKsldf539f37 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{707243B4-0342-41FC-86DC-A64209401D97}\MpKsldf539f37.sys not found.
Error: No service named MpKslde96d960 was found to stop!
Service\Driver key MpKslde96d960 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC64252A-AB2C-4D5F-A151-541BAB1337E0}\MpKslde96d960.sys not found.
Error: No service named MpKsld73c892e was found to stop!
Service\Driver key MpKsld73c892e not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC282178-F459-4722-96ED-D76A892532FA}\MpKsld73c892e.sys not found.
Error: No service named MpKsld2fb9e93 was found to stop!
Service\Driver key MpKsld2fb9e93 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{224F6562-662E-4243-A6A9-E219558FB050}\MpKsld2fb9e93.sys not found.
Error: No service named MpKsld279533c was found to stop!
Service\Driver key MpKsld279533c not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D704C250-F655-4C36-B24C-F9A45BAC83DC}\MpKsld279533c.sys not found.
Error: No service named MpKslcc119f03 was found to stop!
Service\Driver key MpKslcc119f03 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD3F0706-F4C8-4DA1-B13D-F678E671FA59}\MpKslcc119f03.sys not found.
Error: No service named MpKslcb39b82b was found to stop!
Service\Driver key MpKslcb39b82b not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD1D0009-1E7E-4FB6-BD68-51DD4F51D716}\MpKslcb39b82b.sys not found.
Error: No service named MpKslc8fc57ff was found to stop!
Service\Driver key MpKslc8fc57ff not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84BB91BC-41AF-459B-82F5-C79C4939DBDE}\MpKslc8fc57ff.sys not found.
Error: No service named MpKslc4636035 was found to stop!
Service\Driver key MpKslc4636035 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52216164-940D-4159-A8D4-34F2CEB6BA80}\MpKslc4636035.sys not found.
Error: No service named MpKslbfb12517 was found to stop!
Service\Driver key MpKslbfb12517 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC16D0CA-BF7B-4278-92C2-C4F53022A704}\MpKslbfb12517.sys not found.
Error: No service named MpKslbc4f888f was found to stop!
Service\Driver key MpKslbc4f888f not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E0CB7D5-0C66-4534-AB1E-E7507D3DFCD0}\MpKslbc4f888f.sys not found.
Error: No service named MpKslb7c235d4 was found to stop!
Service\Driver key MpKslb7c235d4 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D704C250-F655-4C36-B24C-F9A45BAC83DC}\MpKslb7c235d4.sys not found.
Error: No service named MpKslb3c00df8 was found to stop!
Service\Driver key MpKslb3c00df8 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56F42DAC-A44D-4277-8AE1-1F40C1605B2A}\MpKslb3c00df8.sys not found.
Error: No service named MpKslb1c22682 was found to stop!
Service\Driver key MpKslb1c22682 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{704CC7C3-769F-4320-BF4C-81B8D2A3B5C7}\MpKslb1c22682.sys not found.
Error: No service named MpKslae99b876 was found to stop!
Service\Driver key MpKslae99b876 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C63909CB-9C37-4A79-A04A-EAC278007AA0}\MpKslae99b876.sys not found.
Error: No service named MpKslaa144a60 was found to stop!
Service\Driver key MpKslaa144a60 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B800C26-B2D2-4BB4-99FA-2AB61D5F4A4F}\MpKslaa144a60.sys not found.
Error: No service named MpKsla9c72486 was found to stop!
Service\Driver key MpKsla9c72486 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC64252A-AB2C-4D5F-A151-541BAB1337E0}\MpKsla9c72486.sys not found.
Error: No service named MpKsla23b2a5e was found to stop!
Service\Driver key MpKsla23b2a5e not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EB48F6F-BADE-404D-A3D9-2C6659CD6FAC}\MpKsla23b2a5e.sys not found.
Error: No service named MpKsl9aafa503 was found to stop!
Service\Driver key MpKsl9aafa503 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E07E3A39-5A4E-4959-8A92-3477F5E3A2D3}\MpKsl9aafa503.sys not found.
Error: No service named MpKsl87f063c3 was found to stop!
Service\Driver key MpKsl87f063c3 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0543ECB5-BF9C-4604-96E0-1AED66B84390}\MpKsl87f063c3.sys not found.
Error: No service named MpKsl8459c033 was found to stop!
Service\Driver key MpKsl8459c033 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3B0329FB-B879-4692-B3A2-BEF7620B6D0F}\MpKsl8459c033.sys not found.
Error: No service named MpKsl84373544 was found to stop!
Service\Driver key MpKsl84373544 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B800C26-B2D2-4BB4-99FA-2AB61D5F4A4F}\MpKsl84373544.sys not found.
Error: No service named MpKsl833939fd was found to stop!
Service\Driver key MpKsl833939fd not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21139F24-B2D4-4157-8607-9EBD05EE5F72}\MpKsl833939fd.sys not found.
Error: No service named MpKsl7efe35bf was found to stop!
Service\Driver key MpKsl7efe35bf not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB4EB5F5-2A42-43DD-9281-A80382E66734}\MpKsl7efe35bf.sys not found.
Error: No service named MpKsl72342831 was found to stop!
Service\Driver key MpKsl72342831 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6B46D12-49E0-4420-BCE1-681E7C45687F}\MpKsl72342831.sys not found.
Error: No service named MpKsl6368da2e was found to stop!
Service\Driver key MpKsl6368da2e not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3127E15-5A56-40A7-A0CE-271FF0A1C47A}\MpKsl6368da2e.sys not found.
Error: No service named MpKsl61f90e8b was found to stop!
Service\Driver key MpKsl61f90e8b not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A87CB2B-B4F5-4EEA-8BEC-9FE4F7722EA0}\MpKsl61f90e8b.sys not found.
Error: No service named MpKsl609b611f was found to stop!
Service\Driver key MpKsl609b611f not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B9CAE48C-E800-42FC-94C5-0071B615EDF1}\MpKsl609b611f.sys not found.
Error: No service named MpKsl5f2b96a5 was found to stop!
Service\Driver key MpKsl5f2b96a5 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E00BDB9-B2F1-4E7B-B371-0C5B1D88689C}\MpKsl5f2b96a5.sys not found.
Error: No service named MpKsl5b9f6992 was found to stop!
Service\Driver key MpKsl5b9f6992 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC282178-F459-4722-96ED-D76A892532FA}\MpKsl5b9f6992.sys not found.
Error: No service named MpKsl4b5ff5a8 was found to stop!
Service\Driver key MpKsl4b5ff5a8 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D704C250-F655-4C36-B24C-F9A45BAC83DC}\MpKsl4b5ff5a8.sys not found.
Error: No service named MpKsl41ad6028 was found to stop!
Service\Driver key MpKsl41ad6028 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04A41789-6FC5-43B5-BDBF-40C887A04CFF}\MpKsl41ad6028.sys not found.
Error: No service named MpKsl3d6b1e9e was found to stop!
Service\Driver key MpKsl3d6b1e9e not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{47A8C48E-C874-4006-A963-A33CADA34B13}\MpKsl3d6b1e9e.sys not found.
Error: No service named MpKsl3978a8bc was found to stop!
Service\Driver key MpKsl3978a8bc not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{10D29B89-A9F7-4C18-8E41-3451C3AB0870}\MpKsl3978a8bc.sys not found.
Error: No service named MpKsl2ffcdebf was found to stop!
Service\Driver key MpKsl2ffcdebf not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40BFA0FA-AE4D-4B9C-838B-5D662A6F7211}\MpKsl2ffcdebf.sys not found.
Error: No service named MpKsl2cd81515 was found to stop!
Service\Driver key MpKsl2cd81515 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40F7A827-4D22-41F4-917F-7D73CD5CE8B3}\MpKsl2cd81515.sys not found.
Error: No service named MpKsl271310c0 was found to stop!
Service\Driver key MpKsl271310c0 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D704C250-F655-4C36-B24C-F9A45BAC83DC}\MpKsl271310c0.sys not found.
Error: No service named MpKsl2581806c was found to stop!
Service\Driver key MpKsl2581806c not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DCD1E4F-4212-4569-B0E1-50F18C501024}\MpKsl2581806c.sys not found.
Error: No service named MpKsl2304a083 was found to stop!
Service\Driver key MpKsl2304a083 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52216164-940D-4159-A8D4-34F2CEB6BA80}\MpKsl2304a083.sys not found.
Error: No service named MpKsl1f3ac961 was found to stop!
Service\Driver key MpKsl1f3ac961 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB07D9FE-634D-40E2-87C3-FF04A5CB4DC7}\MpKsl1f3ac961.sys not found.
Error: No service named MpKsl1d3c0fe2 was found to stop!
Service\Driver key MpKsl1d3c0fe2 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4480F09-C10E-46C0-9A14-ACB0FC9E3A36}\MpKsl1d3c0fe2.sys not found.
Error: No service named MpKsl177483c1 was found to stop!
Service\Driver key MpKsl177483c1 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD3F0706-F4C8-4DA1-B13D-F678E671FA59}\MpKsl177483c1.sys not found.
Error: No service named MpKsl0cbf8673 was found to stop!
Service\Driver key MpKsl0cbf8673 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{165B2B8A-859B-4000-BF52-64C5F1568C0B}\MpKsl0cbf8673.sys not found.
Error: No service named MpKsl0a597762 was found to stop!
Service\Driver key MpKsl0a597762 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{44C5B103-42D7-4459-A104-2125426197DF}\MpKsl0a597762.sys not found.
Error: No service named MpKsl07aa9973 was found to stop!
Service\Driver key MpKsl07aa9973 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A2F1D88E-0E91-4DF4-A4A3-CA9392BD91E4}\MpKsl07aa9973.sys not found.
Error: No service named MpKsl072668f5 was found to stop!
Service\Driver key MpKsl072668f5 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21139F24-B2D4-4157-8607-9EBD05EE5F72}\MpKsl072668f5.sys not found.
Error: No service named MpKsl04792b7c was found to stop!
Service\Driver key MpKsl04792b7c not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F75FD67-6BBB-42B3-A1A7-7369CED4353D}\MpKsl04792b7c.sys not found.
Error: No service named MpKsl029add5a was found to stop!
Service\Driver key MpKsl029add5a not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B4068770-41C4-4B58-973C-70C0CCB3B1FC}\MpKsl029add5a.sys not found.
Error: No service named MpKsl023ac9f3 was found to stop!
Service\Driver key MpKsl023ac9f3 not found.
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD1D0009-1E7E-4FB6-BD68-51DD4F51D716}\MpKsl023ac9f3.sys not found.
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry value HKEY_USERS\S-1-5-21-4093121082-3281752449-162258664-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load: deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4093121082-3281752449-162258664-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Run: deleted successfully.
File C:\WINDOWS\akebook.ini not found.
File C:\WINDOWS\a3kebook.ini not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\JB\Desktop\Malware Tools\cmd.bat deleted successfully.
C:\Documents and Settings\JB\Desktop\Malware Tools\cmd.txt deleted successfully.
File\Folder C:\DOCUME~1\JB\LOCALS~1\Temp\KWEDBTC.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Clay
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JB
->Temp folder emptied: 67439424 bytes
->Temporary Internet Files folder emptied: 5633389 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43900588 bytes
->Flash cache emptied: 470 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 323198 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 171120 bytes

Total Files Cleaned = 112.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.1 log created on 03272012_002539

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\klsE1E1.tmp not found!

Registry entries deleted on Reboot...
  • 0

Advertisements

#17
Stang5Liter
Posted 26 March 2012 - 11:41 PM

Stang5Liter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
00:35:18.0031 3536 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
00:35:18.0640 3536 ============================================================
00:35:18.0640 3536 Current date / time: 2012/03/27 00:35:18.0640
00:35:18.0640 3536 SystemInfo:
00:35:18.0640 3536
00:35:18.0640 3536 OS Version: 5.1.2600 ServicePack: 3.0
00:35:18.0640 3536 Product type: Workstation
00:35:18.0640 3536 ComputerName: D2WWDTJ1
00:35:18.0640 3536 UserName: JB
00:35:18.0640 3536 Windows directory: C:\WINDOWS
00:35:18.0640 3536 System windows directory: C:\WINDOWS
00:35:18.0640 3536 Processor architecture: Intel x86
00:35:18.0640 3536 Number of processors: 2
00:35:18.0640 3536 Page size: 0x1000
00:35:18.0640 3536 Boot type: Normal boot
00:35:18.0640 3536 ============================================================
00:35:21.0609 3536 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:35:21.0609 3536 \Device\Harddisk0\DR0:
00:35:21.0609 3536 MBR used
00:35:21.0609 3536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2F10C, BlocksNum 0x253FE5B5
00:35:21.0625 3536 Initialize success
00:35:21.0625 3536 ============================================================
00:36:38.0390 2676 ============================================================
00:36:38.0390 2676 Scan started
00:36:38.0390 2676 Mode: Manual; SigCheck; TDLFS;
00:36:38.0390 2676 ============================================================
00:36:39.0140 2676 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
00:36:39.0546 2676 !SASCORE - ok
00:36:39.0625 2676 Abiosdsk - ok
00:36:39.0671 2676 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:36:40.0828 2676 abp480n5 - ok
00:36:40.0968 2676 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:36:41.0125 2676 ACPI - ok
00:36:41.0187 2676 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:36:41.0390 2676 ACPIEC - ok
00:36:41.0421 2676 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:36:41.0593 2676 adpu160m - ok
00:36:41.0640 2676 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:36:41.0734 2676 aec - ok
00:36:41.0781 2676 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:36:41.0812 2676 AFD - ok
00:36:41.0828 2676 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:36:41.0890 2676 agp440 - ok
00:36:41.0906 2676 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:36:42.0281 2676 agpCPQ - ok
00:36:42.0328 2676 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:36:42.0375 2676 Aha154x - ok
00:36:42.0390 2676 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:36:42.0500 2676 aic78u2 - ok
00:36:42.0515 2676 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:36:42.0625 2676 aic78xx - ok
00:36:42.0671 2676 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:36:42.0859 2676 Alerter - ok
00:36:42.0875 2676 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:36:42.0968 2676 ALG - ok
00:36:43.0000 2676 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:36:43.0156 2676 AliIde - ok
00:36:43.0156 2676 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:36:43.0250 2676 alim1541 - ok
00:36:43.0250 2676 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:36:43.0328 2676 amdagp - ok
00:36:43.0328 2676 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:36:43.0359 2676 amsint - ok
00:36:43.0421 2676 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
00:36:43.0421 2676 APPDRV ( UnsignedFile.Multi.Generic ) - warning
00:36:43.0421 2676 APPDRV - detected UnsignedFile.Multi.Generic (1)
00:36:43.0515 2676 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:36:43.0531 2676 Apple Mobile Device - ok
00:36:43.0562 2676 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
00:36:43.0593 2676 AppMgmt - ok
00:36:43.0609 2676 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:36:43.0671 2676 Arp1394 - ok
00:36:43.0687 2676 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:36:43.0750 2676 asc - ok
00:36:43.0750 2676 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:36:43.0812 2676 asc3350p - ok
00:36:43.0812 2676 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:36:43.0890 2676 asc3550 - ok
00:36:43.0984 2676 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:36:44.0031 2676 aspnet_state - ok
00:36:44.0062 2676 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:36:44.0156 2676 AsyncMac - ok
00:36:44.0218 2676 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:36:44.0312 2676 atapi - ok
00:36:44.0343 2676 Atdisk - ok
00:36:44.0359 2676 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:36:44.0437 2676 Atmarpc - ok
00:36:44.0484 2676 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:36:44.0578 2676 AudioSrv - ok
00:36:44.0593 2676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:36:44.0656 2676 audstub - ok
00:36:44.0953 2676 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
00:36:45.0015 2676 AVP - ok
00:36:45.0062 2676 b57w2k (741dfbf3a4dc41a400dbc71199564853) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
00:36:45.0093 2676 b57w2k - ok
00:36:45.0203 2676 BCM43XX (4eda899a470c7912b090e38f20fe1c3f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
00:36:45.0484 2676 BCM43XX - ok
00:36:45.0531 2676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:36:45.0734 2676 Beep - ok
00:36:45.0781 2676 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:36:45.0890 2676 BITS - ok
00:36:46.0000 2676 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
00:36:46.0015 2676 Bonjour Service - ok
00:36:46.0062 2676 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:36:46.0156 2676 Browser - ok
00:36:46.0203 2676 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
00:36:46.0250 2676 BrScnUsb ( UnsignedFile.Multi.Generic ) - warning
00:36:46.0250 2676 BrScnUsb - detected UnsignedFile.Multi.Generic (1)
00:36:46.0265 2676 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
00:36:46.0281 2676 BrSerIf ( UnsignedFile.Multi.Generic ) - warning
00:36:46.0281 2676 BrSerIf - detected UnsignedFile.Multi.Generic (1)
00:36:46.0281 2676 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
00:36:46.0312 2676 BrUsbSer ( UnsignedFile.Multi.Generic ) - warning
00:36:46.0312 2676 BrUsbSer - detected UnsignedFile.Multi.Generic (1)
00:36:46.0375 2676 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
00:36:46.0531 2676 BthEnum - ok
00:36:46.0546 2676 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
00:36:46.0703 2676 BthPan - ok
00:36:46.0765 2676 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
00:36:46.0828 2676 BTHPORT - ok
00:36:46.0828 2676 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
00:36:46.0984 2676 BthServ - ok
00:36:46.0984 2676 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
00:36:47.0109 2676 BTHUSB - ok
00:36:47.0125 2676 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:36:47.0203 2676 cbidf - ok
00:36:47.0218 2676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:36:47.0281 2676 cbidf2k - ok
00:36:47.0281 2676 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:36:47.0328 2676 cd20xrnt - ok
00:36:47.0390 2676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:36:47.0453 2676 Cdaudio - ok
00:36:47.0484 2676 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:36:47.0562 2676 Cdfs - ok
00:36:47.0593 2676 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:36:47.0656 2676 Cdrom - ok
00:36:47.0671 2676 Changer - ok
00:36:47.0703 2676 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:36:47.0796 2676 CiSvc - ok
00:36:47.0812 2676 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:36:47.0921 2676 ClipSrv - ok
00:36:47.0968 2676 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:36:48.0046 2676 clr_optimization_v2.0.50727_32 - ok
00:36:48.0078 2676 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:36:48.0171 2676 clr_optimization_v4.0.30319_32 - ok
00:36:48.0234 2676 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:36:48.0343 2676 CmBatt - ok
00:36:48.0390 2676 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:36:48.0500 2676 CmdIde - ok
00:36:48.0531 2676 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:36:48.0671 2676 Compbatt - ok
00:36:48.0687 2676 COMSysApp - ok
00:36:48.0703 2676 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:36:48.0859 2676 Cpqarray - ok
00:36:48.0890 2676 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:36:49.0046 2676 CryptSvc - ok
00:36:49.0078 2676 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:36:49.0234 2676 dac2w2k - ok
00:36:49.0250 2676 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:36:49.0328 2676 dac960nt - ok
00:36:49.0375 2676 dc3d (ca812b19c0e2bc044214ad3f6436e730) C:\WINDOWS\system32\DRIVERS\dc3d.sys
00:36:49.0406 2676 dc3d - ok
00:36:49.0453 2676 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:36:49.0500 2676 DcomLaunch - ok
00:36:49.0531 2676 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:36:49.0593 2676 Dhcp - ok
00:36:49.0656 2676 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:36:49.0718 2676 Disk - ok
00:36:49.0750 2676 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
00:36:49.0765 2676 DLABMFSM - ok
00:36:49.0796 2676 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
00:36:49.0812 2676 DLABOIOM - ok
00:36:49.0812 2676 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
00:36:49.0828 2676 DLACDBHM - ok
00:36:49.0828 2676 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
00:36:49.0843 2676 DLADResM - ok
00:36:49.0906 2676 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
00:36:49.0921 2676 DLAIFS_M - ok
00:36:49.0937 2676 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
00:36:49.0953 2676 DLAOPIOM - ok
00:36:49.0953 2676 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
00:36:49.0968 2676 DLAPoolM - ok
00:36:49.0984 2676 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
00:36:50.0000 2676 DLARTL_M - ok
00:36:50.0000 2676 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
00:36:50.0015 2676 DLAUDFAM - ok
00:36:50.0031 2676 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
00:36:50.0046 2676 DLAUDF_M - ok
00:36:50.0062 2676 dmadmin - ok
00:36:50.0109 2676 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:36:50.0265 2676 dmboot - ok
00:36:50.0281 2676 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:36:50.0390 2676 dmio - ok
00:36:50.0406 2676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:36:50.0531 2676 dmload - ok
00:36:50.0562 2676 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:36:50.0687 2676 dmserver - ok
00:36:50.0718 2676 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:36:50.0828 2676 DMusic - ok
00:36:50.0859 2676 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:36:50.0953 2676 Dnscache - ok
00:36:50.0968 2676 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:36:51.0109 2676 Dot3svc - ok
00:36:51.0171 2676 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:36:51.0296 2676 dpti2o - ok
00:36:51.0296 2676 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:36:51.0406 2676 drmkaud - ok
00:36:51.0484 2676 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
00:36:51.0500 2676 DRVMCDB - ok
00:36:51.0515 2676 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
00:36:51.0531 2676 DRVNDDM - ok
00:36:51.0578 2676 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:36:51.0718 2676 EapHost - ok
00:36:51.0750 2676 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:36:51.0859 2676 ERSvc - ok
00:36:51.0890 2676 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:36:51.0906 2676 Eventlog - ok
00:36:52.0046 2676 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:36:52.0468 2676 EventSystem - ok
00:36:52.0515 2676 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:36:52.0703 2676 Fastfat - ok
00:36:52.0734 2676 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:36:52.0812 2676 FastUserSwitchingCompatibility - ok
00:36:52.0843 2676 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
00:36:52.0906 2676 Fax - ok
00:36:52.0937 2676 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:36:53.0000 2676 Fdc - ok
00:36:53.0015 2676 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:36:53.0109 2676 Fips - ok
00:36:53.0109 2676 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:36:53.0187 2676 Flpydisk - ok
00:36:53.0265 2676 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:36:53.0390 2676 FltMgr - ok
00:36:53.0468 2676 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:36:53.0484 2676 FontCache3.0.0.0 - ok
00:36:53.0531 2676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:36:53.0625 2676 Fs_Rec - ok
00:36:53.0656 2676 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:36:53.0781 2676 Ftdisk - ok
00:36:53.0828 2676 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:36:53.0921 2676 GEARAspiWDM - ok
00:36:53.0937 2676 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
00:36:53.0953 2676 giveio ( UnsignedFile.Multi.Generic ) - warning
00:36:53.0953 2676 giveio - detected UnsignedFile.Multi.Generic (1)
00:36:53.0968 2676 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:36:54.0109 2676 Gpc - ok
00:36:54.0156 2676 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
00:36:54.0281 2676 grmnusb - ok
00:36:54.0406 2676 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
00:36:54.0484 2676 guardian2 - ok
00:36:54.0546 2676 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:36:54.0562 2676 gupdate - ok
00:36:54.0562 2676 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
00:36:54.0578 2676 gupdatem - ok
00:36:54.0593 2676 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:36:54.0781 2676 HDAudBus - ok
00:36:54.0843 2676 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:36:54.0968 2676 helpsvc - ok
00:36:55.0015 2676 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
00:36:55.0093 2676 HidServ - ok
00:36:55.0140 2676 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:36:55.0203 2676 hidusb - ok
00:36:55.0250 2676 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:36:55.0343 2676 hkmsvc - ok
00:36:55.0453 2676 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:36:55.0593 2676 hpn - ok
00:36:55.0828 2676 HSFHWAZL (7290fb97535c317a237d4c73149c7e2c) C:\WINDOWS\system32\DRIVERS\HSF_HWAZL.sys
00:36:55.0875 2676 HSFHWAZL ( UnsignedFile.Multi.Generic ) - warning
00:36:55.0875 2676 HSFHWAZL - detected UnsignedFile.Multi.Generic (1)
00:36:55.0921 2676 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
00:36:55.0984 2676 HSF_DPV ( UnsignedFile.Multi.Generic ) - warning
00:36:55.0984 2676 HSF_DPV - detected UnsignedFile.Multi.Generic (1)
00:36:56.0015 2676 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:36:56.0046 2676 HTTP - ok
00:36:56.0062 2676 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:36:56.0140 2676 HTTPFilter - ok
00:36:56.0187 2676 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:36:56.0250 2676 i2omgmt - ok
00:36:56.0296 2676 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:36:56.0375 2676 i2omp - ok
00:36:56.0421 2676 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:36:56.0500 2676 i8042prt - ok
00:36:56.0562 2676 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys
00:36:56.0578 2676 iaStor - ok
00:36:56.0656 2676 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:36:56.0703 2676 idsvc - ok
00:36:56.0750 2676 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:36:56.0828 2676 Imapi - ok
00:36:56.0875 2676 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:36:56.0937 2676 ImapiService - ok
00:36:56.0953 2676 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:36:57.0031 2676 ini910u - ok
00:36:57.0078 2676 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:36:57.0156 2676 IntelIde - ok
00:36:57.0187 2676 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:36:57.0250 2676 intelppm - ok
00:36:57.0265 2676 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:36:57.0328 2676 Ip6Fw - ok
00:36:57.0343 2676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:36:57.0421 2676 IpFilterDriver - ok
00:36:57.0437 2676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:36:57.0500 2676 IpInIp - ok
00:36:57.0625 2676 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:36:57.0718 2676 IpNat - ok
00:36:57.0828 2676 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
00:36:57.0906 2676 iPod Service - ok
00:36:57.0968 2676 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:36:58.0062 2676 IPSec - ok
00:36:58.0078 2676 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:36:58.0125 2676 IRENUM - ok
00:36:58.0171 2676 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:36:58.0234 2676 isapnp - ok
00:36:58.0468 2676 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
00:36:58.0468 2676 JavaQuickStarterService - ok
00:36:58.0531 2676 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:36:58.0593 2676 Kbdclass - ok
00:36:58.0609 2676 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:36:58.0687 2676 kbdhid - ok
00:36:58.0718 2676 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\kl1.sys
00:36:58.0734 2676 KL1 - ok
00:36:58.0765 2676 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\WINDOWS\system32\DRIVERS\kl2.sys
00:36:58.0796 2676 kl2 - ok
00:36:58.0828 2676 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\WINDOWS\system32\DRIVERS\klif.sys
00:36:58.0843 2676 KLIF - ok
00:36:58.0906 2676 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys
00:36:58.0906 2676 klim5 - ok
00:36:58.0953 2676 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
00:36:58.0968 2676 klmouflt - ok
00:36:59.0000 2676 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:36:59.0078 2676 kmixer - ok
00:36:59.0140 2676 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:36:59.0187 2676 KSecDD - ok
00:36:59.0218 2676 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:36:59.0281 2676 LanmanServer - ok
00:36:59.0312 2676 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:36:59.0390 2676 lanmanworkstation - ok
00:36:59.0390 2676 lbrtfdc - ok
00:36:59.0437 2676 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:36:59.0500 2676 LmHosts - ok
00:36:59.0515 2676 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
00:36:59.0531 2676 MBAMProtector - ok
00:36:59.0640 2676 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:36:59.0671 2676 MBAMService - ok
00:36:59.0734 2676 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
00:36:59.0750 2676 MDM - ok
00:36:59.0765 2676 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:36:59.0812 2676 mdmxsdk - ok
00:36:59.0859 2676 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:36:59.0953 2676 Messenger - ok
00:37:00.0000 2676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:37:00.0078 2676 mnmdd - ok
00:37:00.0093 2676 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:37:00.0187 2676 mnmsrvc - ok
00:37:00.0281 2676 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:37:00.0406 2676 Modem - ok
00:37:00.0453 2676 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:37:00.0531 2676 Mouclass - ok
00:37:00.0562 2676 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:37:00.0656 2676 mouhid - ok
00:37:00.0687 2676 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:37:00.0750 2676 MountMgr - ok
00:37:00.0796 2676 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:37:00.0859 2676 mraid35x - ok
00:37:00.0890 2676 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:37:00.0953 2676 MRxDAV - ok
00:37:01.0015 2676 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:37:01.0062 2676 MRxSmb - ok
00:37:01.0093 2676 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:37:01.0156 2676 MSDTC - ok
00:37:01.0171 2676 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:37:01.0250 2676 Msfs - ok
00:37:01.0250 2676 MSIServer - ok
00:37:01.0296 2676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:37:01.0359 2676 MSKSSRV - ok
00:37:01.0375 2676 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:37:01.0437 2676 MSPCLOCK - ok
00:37:01.0468 2676 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:37:01.0531 2676 MSPQM - ok
00:37:01.0562 2676 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:37:01.0640 2676 mssmbios - ok
00:37:01.0656 2676 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:37:01.0703 2676 Mup - ok
00:37:01.0718 2676 MxEFUF (363b85773d001e35dc977058956a1486) C:\WINDOWS\system32\DRIVERS\MxEFUF32.sys
00:37:01.0734 2676 MxEFUF - ok
00:37:01.0750 2676 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:37:01.0828 2676 napagent - ok
00:37:01.0843 2676 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:37:01.0921 2676 NDIS - ok
00:37:01.0953 2676 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:37:01.0968 2676 NdisTapi - ok
00:37:01.0984 2676 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:37:02.0046 2676 Ndisuio - ok
00:37:02.0062 2676 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:37:02.0125 2676 NdisWan - ok
00:37:02.0156 2676 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:37:02.0203 2676 NDProxy - ok
00:37:02.0281 2676 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:37:02.0375 2676 NetBIOS - ok
00:37:02.0484 2676 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:37:02.0546 2676 NetBT - ok
00:37:02.0562 2676 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:37:02.0640 2676 NetDDE - ok
00:37:02.0640 2676 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:37:02.0703 2676 NetDDEdsdm - ok
00:37:02.0734 2676 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:37:02.0796 2676 Netlogon - ok
00:37:02.0828 2676 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:37:02.0906 2676 Netman - ok
00:37:02.0984 2676 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:37:03.0062 2676 NetTcpPortSharing - ok
00:37:03.0109 2676 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:37:03.0187 2676 NIC1394 - ok
00:37:03.0265 2676 NICCONFIGSVC (27d38b7d646283d98d65e3435b1e6197) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
00:37:03.0296 2676 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning
00:37:03.0296 2676 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1)
00:37:03.0359 2676 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:37:03.0375 2676 Nla - ok
00:37:03.0421 2676 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:37:03.0500 2676 Npfs - ok
00:37:03.0546 2676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:37:03.0640 2676 Ntfs - ok
00:37:03.0687 2676 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:37:03.0765 2676 NtLmSsp - ok
00:37:03.0796 2676 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:37:03.0890 2676 NtmsSvc - ok
00:37:03.0921 2676 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
00:37:03.0953 2676 NuidFltr - ok
00:37:03.0984 2676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:37:04.0046 2676 Null - ok
00:37:04.0203 2676 nv (e036d93b0e073650cf6cf826cd9e1fbe) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:37:04.0765 2676 nv - ok
00:37:04.0796 2676 NVSvc (8ce9b8f0e1d36bae1c9fcc0693fe09bf) C:\WINDOWS\system32\nvsvc32.exe
00:37:04.0828 2676 NVSvc - ok
00:37:04.0875 2676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:37:04.0937 2676 NwlnkFlt - ok
00:37:04.0953 2676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:37:05.0031 2676 NwlnkFwd - ok
00:37:05.0078 2676 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:37:05.0156 2676 ohci1394 - ok
00:37:05.0218 2676 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:37:05.0234 2676 ose - ok
00:37:05.0250 2676 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
00:37:05.0328 2676 Parport - ok
00:37:05.0359 2676 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:37:05.0437 2676 PartMgr - ok
00:37:05.0468 2676 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:37:05.0531 2676 ParVdm - ok
00:37:05.0546 2676 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
00:37:05.0562 2676 PBADRV - ok
00:37:05.0609 2676 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:37:05.0687 2676 PCI - ok
00:37:05.0687 2676 PCIDump - ok
00:37:05.0734 2676 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:37:05.0796 2676 PCIIde - ok
00:37:05.0812 2676 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:37:05.0906 2676 Pcmcia - ok
00:37:05.0906 2676 PDCOMP - ok
00:37:05.0921 2676 PDFRAME - ok
00:37:05.0921 2676 PDRELI - ok
00:37:05.0937 2676 PDRFRAME - ok
00:37:05.0968 2676 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:37:06.0031 2676 perc2 - ok
00:37:06.0046 2676 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:37:06.0125 2676 perc2hib - ok
00:37:06.0156 2676 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:37:06.0156 2676 PlugPlay - ok
00:37:06.0296 2676 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\WINDOWS\system32\DRIVERS\point32.sys
00:37:06.0312 2676 Point32 - ok
00:37:06.0468 2676 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:37:06.0531 2676 PolicyAgent - ok
00:37:06.0625 2676 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:37:06.0765 2676 PptpMiniport - ok
00:37:06.0765 2676 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:37:06.0843 2676 ProtectedStorage - ok
00:37:06.0843 2676 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:37:07.0453 2676 PSched - ok
00:37:07.0515 2676 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
00:37:07.0546 2676 PSI - ok
00:37:07.0562 2676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:37:07.0703 2676 Ptilink - ok
00:37:07.0734 2676 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:37:07.0750 2676 PxHelp20 - ok
00:37:07.0765 2676 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:37:07.0843 2676 ql1080 - ok
00:37:07.0843 2676 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:37:07.0921 2676 Ql10wnt - ok
00:37:07.0937 2676 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:37:08.0000 2676 ql12160 - ok
00:37:08.0015 2676 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:37:08.0078 2676 ql1240 - ok
00:37:08.0093 2676 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:37:08.0156 2676 ql1280 - ok
00:37:08.0187 2676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:37:08.0250 2676 RasAcd - ok
00:37:08.0312 2676 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:37:08.0375 2676 RasAuto - ok
00:37:08.0406 2676 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:37:08.0468 2676 Rasl2tp - ok
00:37:08.0500 2676 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:37:08.0578 2676 RasMan - ok
00:37:08.0593 2676 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:37:08.0671 2676 RasPppoe - ok
00:37:08.0687 2676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:37:08.0750 2676 Raspti - ok
00:37:08.0781 2676 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:37:08.0859 2676 Rdbss - ok
00:37:08.0890 2676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:37:08.0968 2676 RDPCDD - ok
00:37:09.0015 2676 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:37:09.0109 2676 rdpdr - ok
00:37:09.0156 2676 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
00:37:09.0250 2676 RDPWD - ok
00:37:09.0265 2676 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:37:09.0343 2676 RDSessMgr - ok
00:37:09.0390 2676 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:37:09.0468 2676 redbook - ok
00:37:09.0500 2676 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:37:09.0625 2676 RemoteAccess - ok
00:37:09.0671 2676 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
00:37:09.0781 2676 RemoteRegistry - ok
00:37:09.0828 2676 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
00:37:09.0937 2676 RFCOMM - ok
00:37:10.0062 2676 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
00:37:10.0140 2676 rimmptsk ( UnsignedFile.Multi.Generic ) - warning
00:37:10.0140 2676 rimmptsk - detected UnsignedFile.Multi.Generic (1)
00:37:10.0187 2676 rimsptsk (03d6740e41e86476ef7d1e52ca0b947d) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
00:37:10.0234 2676 rimsptsk - ok
00:37:10.0265 2676 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
00:37:10.0281 2676 rismxdp ( UnsignedFile.Multi.Generic ) - warning
00:37:10.0281 2676 rismxdp - detected UnsignedFile.Multi.Generic (1)
00:37:10.0312 2676 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:37:10.0437 2676 RpcLocator - ok
00:37:10.0609 2676 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:37:10.0671 2676 RpcSs - ok
00:37:10.0703 2676 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:37:10.0843 2676 RSVP - ok
00:37:10.0875 2676 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:37:11.0031 2676 SamSs - ok
00:37:11.0093 2676 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:37:11.0109 2676 SASDIFSV - ok
00:37:11.0125 2676 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:37:11.0156 2676 SASKUTIL - ok
00:37:11.0156 2676 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:37:11.0328 2676 SCardSvr - ok
00:37:11.0343 2676 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:37:11.0421 2676 Schedule - ok
00:37:11.0468 2676 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:37:11.0562 2676 sdbus - ok
00:37:11.0609 2676 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:37:11.0625 2676 Secdrv ( UnsignedFile.Multi.Generic ) - warning
00:37:11.0625 2676 Secdrv - detected UnsignedFile.Multi.Generic (1)
00:37:11.0640 2676 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:37:11.0718 2676 seclogon - ok
00:37:11.0781 2676 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe
00:37:11.0812 2676 Secunia PSI Agent - ok
00:37:11.0890 2676 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe
00:37:11.0906 2676 Secunia Update Agent - ok
00:37:11.0968 2676 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
00:37:11.0984 2676 SecureStorageService ( UnsignedFile.Multi.Generic ) - warning
00:37:11.0984 2676 SecureStorageService - detected UnsignedFile.Multi.Generic (1)
00:37:12.0093 2676 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:37:12.0218 2676 SENS - ok
00:37:12.0250 2676 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:37:12.0375 2676 Serial - ok
00:37:12.0406 2676 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
00:37:12.0531 2676 sffdisk - ok
00:37:12.0578 2676 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
00:37:12.0640 2676 sffp_sd - ok
00:37:12.0656 2676 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:37:12.0718 2676 Sfloppy - ok
00:37:12.0765 2676 sfng32 (76bd55922b3179fa7b5bd528839e6fb4) C:\WINDOWS\system32\drivers\sfng32.sys
00:37:12.0843 2676 sfng32 - ok
00:37:12.0921 2676 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:37:13.0000 2676 SharedAccess - ok
00:37:13.0031 2676 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:37:13.0062 2676 ShellHWDetection - ok
00:37:13.0078 2676 Simbad - ok
00:37:13.0109 2676 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:37:13.0187 2676 sisagp - ok
00:37:13.0218 2676 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:37:13.0250 2676 Sparrow - ok
00:37:13.0296 2676 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
00:37:13.0343 2676 speedfan - ok
00:37:13.0406 2676 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:37:13.0578 2676 splitter - ok
00:37:13.0609 2676 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:37:13.0625 2676 Spooler - ok
00:37:13.0640 2676 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:37:13.0671 2676 sr - ok
00:37:13.0703 2676 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:37:13.0750 2676 srservice - ok
00:37:13.0765 2676 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:37:13.0843 2676 Srv - ok
00:37:13.0890 2676 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:37:13.0953 2676 SSDPSRV - ok
00:37:14.0156 2676 STHDA (673f69913bec70aa0e1d7935fd5c30da) C:\WINDOWS\system32\drivers\sthda.sys
00:37:14.0250 2676 STHDA - ok
00:37:14.0312 2676 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
00:37:14.0468 2676 StillCam - ok
00:37:14.0500 2676 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:37:14.0656 2676 stisvc - ok
00:37:14.0734 2676 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
00:37:14.0765 2676 stllssvr ( UnsignedFile.Multi.Generic ) - warning
00:37:14.0765 2676 stllssvr - detected UnsignedFile.Multi.Generic (1)
00:37:14.0812 2676 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:37:14.0968 2676 swenum - ok
00:37:15.0015 2676 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:37:15.0156 2676 swmidi - ok
00:37:15.0171 2676 SwPrv - ok
00:37:15.0218 2676 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:37:15.0359 2676 symc810 - ok
00:37:15.0390 2676 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:37:15.0531 2676 symc8xx - ok
00:37:15.0546 2676 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:37:15.0687 2676 sym_hi - ok
00:37:15.0703 2676 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:37:15.0796 2676 sym_u3 - ok
00:37:15.0828 2676 SynTP (dc1e7ee0a6494cd79d624bd8d5da8bfb) C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:37:15.0875 2676 SynTP - ok
00:37:15.0921 2676 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:37:16.0000 2676 sysaudio - ok
00:37:16.0031 2676 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:37:16.0093 2676 SysmonLog - ok
00:37:16.0125 2676 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:37:16.0203 2676 TapiSrv - ok
00:37:16.0250 2676 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:37:16.0265 2676 Tcpip - ok
00:37:16.0328 2676 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
00:37:16.0375 2676 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - warning
00:37:16.0375 2676 tcsd_win32.exe - detected UnsignedFile.Multi.Generic (1)
00:37:16.0468 2676 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
00:37:16.0484 2676 TdmService ( UnsignedFile.Multi.Generic ) - warning
00:37:16.0484 2676 TdmService - detected UnsignedFile.Multi.Generic (1)
00:37:16.0515 2676 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:37:16.0640 2676 TDPIPE - ok
00:37:16.0656 2676 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:37:16.0765 2676 TDTCP - ok
00:37:16.0812 2676 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:37:16.0906 2676 TermDD - ok
00:37:17.0031 2676 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:37:17.0343 2676 TermService - ok
00:37:17.0359 2676 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:37:17.0375 2676 Themes - ok
00:37:17.0390 2676 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
00:37:17.0437 2676 TlntSvr - ok
00:37:17.0453 2676 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
00:37:17.0515 2676 TosIde - ok
00:37:17.0531 2676 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:37:17.0640 2676 TrkWks - ok
00:37:17.0750 2676 ubohci (9dd333fa5746c222bbb58ab704c78ba5) C:\WINDOWS\system32\DRIVERS\ubohci.sys
00:37:17.0859 2676 ubohci ( UnsignedFile.Multi.Generic ) - warning
00:37:17.0859 2676 ubohci - detected UnsignedFile.Multi.Generic (1)
00:37:17.0937 2676 ubsbm (1bd61b9ac6756c58fd88fc74dcf1bd85) C:\WINDOWS\system32\DRIVERS\ubsbm.sys
00:37:17.0953 2676 ubsbm ( UnsignedFile.Multi.Generic ) - warning
00:37:17.0953 2676 ubsbm - detected UnsignedFile.Multi.Generic (1)
00:37:17.0984 2676 ubumapi (64461004a7e6a59f222b45d74a164556) C:\WINDOWS\system32\DRIVERS\ubumapi.sys
00:37:18.0031 2676 ubumapi ( UnsignedFile.Multi.Generic ) - warning
00:37:18.0031 2676 ubumapi - detected UnsignedFile.Multi.Generic (1)
00:37:18.0046 2676 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:37:18.0156 2676 Udfs - ok
00:37:18.0234 2676 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
00:37:18.0234 2676 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
00:37:18.0234 2676 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
00:37:18.0265 2676 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:37:18.0390 2676 ultra - ok
00:37:18.0453 2676 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:37:18.0671 2676 Update - ok
00:37:18.0718 2676 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:37:18.0765 2676 upnphost - ok
00:37:18.0781 2676 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:37:18.0843 2676 UPS - ok
00:37:18.0875 2676 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:37:18.0937 2676 USBAAPL - ok
00:37:18.0953 2676 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:37:19.0031 2676 usbccgp - ok
00:37:19.0078 2676 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
00:37:19.0109 2676 USBCCID - ok
00:37:19.0140 2676 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:37:19.0203 2676 usbehci - ok
00:37:19.0234 2676 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:37:19.0375 2676 usbhub - ok
00:37:19.0406 2676 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:37:19.0515 2676 usbprint - ok
00:37:19.0546 2676 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:37:19.0609 2676 usbscan - ok
00:37:19.0640 2676 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:37:19.0703 2676 USBSTOR - ok
00:37:19.0734 2676 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:37:19.0796 2676 usbuhci - ok
00:37:19.0828 2676 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:37:19.0890 2676 VgaSave - ok
00:37:19.0921 2676 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:37:19.0984 2676 viaagp - ok
00:37:20.0015 2676 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:37:20.0093 2676 ViaIde - ok
00:37:20.0125 2676 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:37:20.0187 2676 VolSnap - ok
00:37:20.0250 2676 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:37:20.0281 2676 VSS - ok
00:37:20.0328 2676 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:37:20.0421 2676 w32time - ok
00:37:20.0453 2676 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:37:20.0562 2676 Wanarp - ok
00:37:20.0593 2676 Wave UCSPlus - ok
00:37:20.0671 2676 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
00:37:20.0687 2676 WaveEnrollmentService ( UnsignedFile.Multi.Generic ) - warning
00:37:20.0687 2676 WaveEnrollmentService - detected UnsignedFile.Multi.Generic (1)
00:37:20.0718 2676 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
00:37:20.0734 2676 WaveFDE ( UnsignedFile.Multi.Generic ) - warning
00:37:20.0734 2676 WaveFDE - detected UnsignedFile.Multi.Generic (1)
00:37:20.0750 2676 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
00:37:20.0765 2676 WavxDMgr ( UnsignedFile.Multi.Generic ) - warning
00:37:20.0765 2676 WavxDMgr - detected UnsignedFile.Multi.Generic (1)
00:37:20.0828 2676 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:37:20.0859 2676 Wdf01000 - ok
00:37:20.0906 2676 WDICA - ok
00:37:20.0937 2676 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:37:21.0062 2676 wdmaud - ok
00:37:21.0125 2676 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:37:21.0203 2676 WebClient - ok
00:37:21.0250 2676 winachsf (2760c329ac300ed64c3dba8cda599cda) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:37:21.0281 2676 winachsf - ok
00:37:21.0359 2676 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:37:21.0421 2676 winmgmt - ok
00:37:21.0515 2676 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
00:37:21.0625 2676 WinRM - ok
00:37:21.0656 2676 wltrysvc - ok
00:37:21.0734 2676 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:37:21.0812 2676 WmdmPmSN - ok
00:37:21.0875 2676 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
00:37:21.0968 2676 Wmi - ok
00:37:22.0015 2676 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
00:37:22.0203 2676 WmiAcpi - ok
00:37:22.0265 2676 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:37:22.0343 2676 WmiApSrv - ok
00:37:22.0406 2676 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
00:37:22.0468 2676 WMPNetworkSvc - ok
00:37:22.0578 2676 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:37:22.0625 2676 WPFFontCache_v0400 - ok
00:37:22.0671 2676 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:37:22.0765 2676 wscsvc - ok
00:37:22.0781 2676 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:37:22.0875 2676 wuauserv - ok
00:37:22.0921 2676 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:37:22.0953 2676 WudfPf - ok
00:37:22.0984 2676 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:37:23.0046 2676 WudfRd - ok
00:37:23.0093 2676 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:37:23.0125 2676 WudfSvc - ok
00:37:23.0171 2676 WUSB54GPV4SRV (70aeec67e87a2002e6b2cc353d56e222) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
00:37:23.0234 2676 WUSB54GPV4SRV - ok
00:37:23.0281 2676 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:37:23.0359 2676 WZCSVC - ok
00:37:23.0375 2676 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:37:23.0562 2676 xmlprov - ok
00:37:23.0593 2676 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:37:23.0781 2676 \Device\Harddisk0\DR0 - ok
00:37:23.0781 2676 Boot (0x1200) (e758915b0d971762288879eb689d3568) \Device\Harddisk0\DR0\Partition0
00:37:23.0781 2676 \Device\Harddisk0\DR0\Partition0 - ok
00:37:23.0781 2676 ============================================================
00:37:23.0781 2676 Scan finished
00:37:23.0781 2676 ============================================================
00:37:23.0875 2976 Detected object count: 22
00:37:23.0875 2976 Actual detected object count: 22
00:38:02.0640 2976 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0640 2976 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0656 2976 BrScnUsb ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0656 2976 BrScnUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0656 2976 BrSerIf ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0656 2976 BrSerIf ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0656 2976 BrUsbSer ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0656 2976 BrUsbSer ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0656 2976 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0656 2976 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0656 2976 HSFHWAZL ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0656 2976 HSFHWAZL ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0656 2976 HSF_DPV ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0656 2976 HSF_DPV ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0656 2976 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0656 2976 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0656 2976 rimmptsk ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0656 2976 rimmptsk ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0656 2976 rismxdp ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0656 2976 rismxdp ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0671 2976 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0671 2976 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0671 2976 SecureStorageService ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0671 2976 SecureStorageService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0671 2976 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0671 2976 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0671 2976 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0671 2976 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0671 2976 TdmService ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0671 2976 TdmService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0671 2976 ubohci ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0671 2976 ubohci ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0671 2976 ubsbm ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0671 2976 ubsbm ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0687 2976 ubumapi ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0687 2976 ubumapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0687 2976 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0687 2976 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0687 2976 WaveEnrollmentService ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0687 2976 WaveEnrollmentService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0687 2976 WaveFDE ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0687 2976 WaveFDE ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:02.0687 2976 WavxDMgr ( UnsignedFile.Multi.Generic ) - skipped by user
00:38:02.0687 2976 WavxDMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:39:29.0906 0712 Deinitialize success
  • 0

#18
Stang5Liter
Posted 26 March 2012 - 11:57 PM

Stang5Liter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
OTL logfile created on: 3/27/2012 12:42:42 AM - Run 3
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\JB\Desktop\Malware Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 80.24% Memory free
5.33 Gb Paging File | 4.71 Gb Available in Paging File | 88.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.00 Gb Total Space | 187.71 Gb Free Space | 62.99% Space Free | Partition Type: NTFS

Computer Name: D2WWDTJ1 | User Name: JB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 10:51:44 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JB\Desktop\Malware Tools\OTL.exe
PRC - [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/09/08 00:31:18 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 12:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2005/01/31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/19 07:18:55 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/15 08:33:50 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/15 08:22:26 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/15 08:22:05 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 08:20:50 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/15 08:20:36 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/15 08:19:09 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/10/11 19:53:01 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2009/10/07 15:01:14 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/09/10 09:53:26 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2007/07/23 15:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2002/11/26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/09/08 00:31:18 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2008/02/22 12:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/09/13 14:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 17:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2005/01/31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/01/04 15:55:29 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 15:56:51 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/08 15:56:51 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/08/01 15:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/04/13 23:23:16 | 003,357,952 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/03/10 19:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/11/04 15:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/03/15 14:35:18 | 000,222,248 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2009/11/02 21:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/01/20 15:05:52 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/11/05 23:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/05/08 14:53:36 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DPV)
DRV - [2008/05/08 14:52:54 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_HWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/28 18:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/10/24 17:07:22 | 001,248,184 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/09/10 09:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 09:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 09:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/17 21:46:10 | 000,056,832 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/03/16 14:59:40 | 000,054,272 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2006/06/14 12:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/10/17 19:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/27 17:25:28 | 000,077,056 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ubohci.sys -- (ubohci)
DRV - [2005/07/27 17:25:28 | 000,036,352 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2005/07/27 17:25:28 | 000,014,080 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBSBM.sys -- (ubsbm)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\..\SearchScopes\{1A128990-A93B-4063-AB19-BB59625815A8}: "URL" = http://search.yahoo....1145,6901,0,8,0
IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\mfaroqoz.Default User1\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\JB\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\JB\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/02/21 09:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/02/21 09:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/02/21 09:42:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 07:18:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/04 16:55:23 | 000,000,000 | ---D | M]

[2009/10/31 18:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JB\Application Data\Mozilla\Extensions
[2010/09/19 20:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\l0h3ghfk.default\extensions
[2010/04/27 21:22:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\l0h3ghfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/11 14:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\mfaroqoz.Default User1\extensions
[2011/08/05 18:50:06 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\mfaroqoz.Default User1\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/09/11 14:41:04 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\mfaroqoz.Default User1\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/22 01:17:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\mfaroqoz.Default User1\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/19 07:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/07 20:55:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2012/03/19 07:18:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/07 20:55:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/29 23:04:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 06:19:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/11 00:10:05 | 000,439,920 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15128 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
F3 - HKU\S-1-5-21-4093121082-3281752449-162258664-1005 WinNT: Load - () - File not found
F3 - HKU\S-1-5-21-4093121082-3281752449-162258664-1005 WinNT: Run - () - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinn...am/skillgam.cab (SkillGam Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinn...ut/brickout.cab (Brickout Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinn...x/blockwerx.cab (Blockwerx Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1256872176343 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinn...8/clue/clue.cab (Clue Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinn...sol/golfsol.cab (GolfSol Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C366FFB-52A8-4C2D-8CE2-5BAEAFB4236C}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\gemsafe: DllName - (C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll) - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\JB\Application Data\Ulead Systems\Ulead Photo Explorer\8.5\Wall Paper\Ulead Photo Explorer.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JB\Application Data\Ulead Systems\Ulead Photo Explorer\8.5\Wall Paper\Ulead Photo Explorer.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/26 10:07:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/25 08:28:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JB\Recent
[2012/03/20 10:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JB\Desktop\Malware Tools
[2012/03/20 05:52:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/03/16 21:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/16 21:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/16 21:37:10 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/16 21:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/14 09:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JB\Desktop\New Folder (4)
[2012/03/14 09:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JB\Desktop\iPod Photo Cache
[2012/03/09 06:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/09 06:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/09 06:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/07 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/07 20:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/04 17:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JB\Desktop\New Folder (3)
[2012/03/04 17:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JB\Desktop\New Folder (2)

========== Files - Modified Within 30 Days ==========

[2012/03/27 00:47:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D2858A5F-9B56-42C3-A4BE-BD401EC9E36D}.job
[2012/03/27 00:32:31 | 000,537,352 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/27 00:32:31 | 000,103,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/27 00:29:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/27 00:28:39 | 000,094,682 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/03/27 00:28:39 | 000,037,472 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2012/03/27 00:28:00 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/27 00:27:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/27 00:27:51 | 3756,130,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/26 23:52:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/20 11:31:15 | 000,000,072 | ---- | M] () -- C:\WINDOWS\Pex.INI
[2012/03/20 10:36:16 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2012/03/16 21:38:12 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/13 15:36:49 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/13 15:21:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 11:42:32 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\JB\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/09 06:53:54 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/05 11:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/01 10:33:53 | 000,004,282 | ---- | M] () -- C:\Documents and Settings\JB\Application Data\wklnhst.dat

========== Files Created - No Company Name ==========

[2012/03/20 10:38:05 | 3756,130,304 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/16 21:38:12 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/12 11:42:32 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\JB\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/09 06:53:54 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/15 04:12:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/04 15:59:02 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\JB\Local Settings\Application Data\WebpageIcons.db
[2012/01/04 15:57:51 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/01/04 15:57:51 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/12/15 04:22:37 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/25 18:28:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/11/25 18:28:46 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/11/25 18:28:46 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/11/25 18:28:45 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/11/25 18:28:44 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/11/25 18:28:44 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/11/25 18:28:44 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/11/25 18:28:44 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/05/21 06:01:00 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/03/13 18:36:09 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/13 18:36:09 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/13 18:36:09 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/11 13:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2011/01/24 21:58:23 | 000,004,282 | ---- | C] () -- C:\Documents and Settings\JB\Application Data\wklnhst.dat
[2011/01/24 21:31:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/02 22:11:08 | 000,060,056 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/01 17:22:56 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/07/06 01:01:57 | 000,000,364 | ---- | C] () -- C:\WINDOWS\ANS2000.INI

========== LOP Check ==========

[2009/10/09 03:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2009/10/09 02:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/08/08 15:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/09/16 08:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BRC
[2011/10/17 23:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/01/20 02:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2011/09/10 14:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/09/01 06:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/10/09 02:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2010/08/08 19:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/08/02 22:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/06 12:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/10/09 03:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/09/11 17:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/09/25 18:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/09 03:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay\Application Data\Wave Systems Corp
[2009/10/09 02:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay\Application Data\Windows Desktop Search
[2009/10/09 03:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2009/10/09 02:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2012/02/01 15:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Amazon
[2010/08/03 22:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/10 11:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\ElevatedDiagnostics
[2011/09/11 14:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Garmin
[2011/08/05 18:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Sony Online Entertainment
[2011/03/11 10:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\SystemRequirementsLab
[2011/01/19 23:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Ulead Systems
[2011/04/24 20:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Unity
[2009/10/09 03:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Wave Systems Corp
[2011/12/18 10:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Worldwinner
[2012/03/27 00:47:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D2858A5F-9B56-42C3-A4BE-BD401EC9E36D}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKU\S-1-5-21-4093121082-3281752449-162258664-1005\Software\Microsoft\Windows NT\CurrentVersion\Windows /s >
"DebugOptions" = 2048
"Documents" =
"DosPrint" = no
"load" = ?
"NetMessage" = no
"NullPort" = None
"Programs" = com exe bat pif cmd
"Run" = ?
"Device" = Brother MFC-5460CN Printer (Copy 1),winspool,Ne04:

< HKU\S-1-5-21-4093121082-3281752449-162258664-1005\Software\Microsoft\Windows NT\CurrentVersion\Winlogon /s >
"ParseAutoexec" = 1
"ExcludeProfileDirs" = Local Settings;Temporary Internet Files;History;Temp
"BuildNumber" = 2600

< HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows /s >
"DebugOptions" = 2048
"Documents" =
"DosPrint" = no
"load" = ?
"NetMessage" = no
"NullPort" = None
"Programs" = com exe bat pif cmd
"Run" = ?
"Device" = Brother MFC-5460CN Printer (Copy 1),winspool,Ne04:

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/19 07:18:52 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/19 07:18:52 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/19 07:18:52 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/19 07:18:52 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/19 07:18:52 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/19 07:18:52 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC

< End of report >




I have never had Windows Defender on here to my knowledge. I had Microsoft security Essentials for maybe 8 months and then bought Kaspersky again because I didn't feel that the security essentials was strong enough. Always had Kaspersky on this machine since day one and just put it back on 2 months ago.
  • 0

#19
CompCav
Posted 27 March 2012 - 02:04 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions



Step 2.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    atapi.sys
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows /s
    HKU\S-1-5-21-4093121082-3281752449-162258664-1005\Software\Microsoft\Windows NT\CurrentVersion\Windows /s
    HKU\S-1-5-21-4093121082-3281752449-162258664-1005\Software\Microsoft\Windows NT\CurrentVersion\Winlogon /s
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt.
  • Post the log


Step 3.

Please post:

ComboFix.txt
OTL.txt

Please give me an update on the issues with your computer now
  • 0

#20
Stang5Liter
Posted 27 March 2012 - 03:03 PM

Stang5Liter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
ComboFix 12-03-27.03 - JB 03/27/2012 15:47:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2790 [GMT -5:00]
Running from: c:\documents and settings\JB\Desktop\Malware Tools\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-26 15:07 . 2012-03-26 15:07 -------- d-----w- C:\_OTL
2012-03-20 11:17 . 2012-03-20 11:17 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-03-20 11:14 . 2012-03-20 11:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-03-20 10:57 . 2012-03-20 10:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-03-20 10:56 . 2012-03-20 10:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2012-03-20 10:56 . 2012-03-20 10:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2012-03-20 10:53 . 2012-03-20 10:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-03-19 12:18 . 2012-03-19 12:18 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 12:18 . 2012-03-19 12:18 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-17 02:37 . 2012-03-17 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-17 02:37 . 2012-03-17 02:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-17 02:37 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 11:52 . 2012-03-09 11:52 -------- d-----w- c:\program files\iPod
2012-03-09 11:52 . 2012-03-09 11:53 -------- d-----w- c:\program files\iTunes
2012-03-08 01:56 . 2012-03-08 01:56 -------- d-----w- c:\program files\Common Files\Java
2012-03-08 01:55 . 2012-03-08 01:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-08 01:54 . 2012-03-08 01:54 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 01:55 . 2010-04-17 04:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-06 14:32 . 2011-05-31 17:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-22 04:38 . 2010-09-25 01:41 775 ----a-w- C:\cleanup.bat
2012-02-15 17:01 . 2011-03-07 13:37 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 17:01 . 2010-09-16 04:43 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 16:37 . 2008-04-25 16:16 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2012-01-11 19:06 . 2012-02-15 09:12 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-19 12:18 . 2011-05-07 00:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-07 13529088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-08 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^JB^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\JB\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 23:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 03:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2006-06-28 13:46 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-10-07 20:01 2498560 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-06-29 18:18 77824 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2008-02-22 17:43 1245184 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2011-09-21 15:27 9250728 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2011-09-21 15:27 9250728 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-07 01:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 19:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-07 21:59 13529088 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2008-05-07 21:59 86016 ----a-w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-07 21:59 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-07 21:59 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-04-02 23:33 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-09-14 15:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 23:02 49152 ----a-w- c:\program files\Brother\Brmfl06b\BrStDvPt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-12-06 03:07 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-27 05:27 1024000 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2004-11-26 17:43 90112 ------w- c:\program files\Common Files\Ulead Systems\Autodetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2007-09-10 14:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [9/19/2011 6:56 AM 102728]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 2:23 PM 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/16/2012 9:37 PM 652360]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 1:01 AM 399416]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [9/16/2011 7:27 AM 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [9/16/2011 7:27 AM 36352]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [4/25/2008 11:16 AM 5120]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [9/11/2011 3:56 PM 45288]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 7:34 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 9:27 PM 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/16/2012 9:37 PM 20464]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [9/16/2011 7:27 AM 77056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2011 8:37 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2011 8:37 PM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 11:16 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-25 01:37]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-25 01:37]
.
2012-03-27 c:\windows\Tasks\User_Feed_Synchronization-{D2858A5F-9B56-42C3-A4BE-BD401EC9E36D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\JB\Application Data\Mozilla\Firefox\Profiles\mfaroqoz.Default User1\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&tab=nw
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-27 15:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1080)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(1136)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2012-03-27 16:00:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 21:00
.
Pre-Run: 200,947,347,456 bytes free
Post-Run: 200,799,563,776 bytes free
.
- - End Of File - - D753EEC653B72EB164B0A4991A73BED0
  • 0

#21
Stang5Liter
Posted 27 March 2012 - 03:17 PM

Stang5Liter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
OTL logfile created on: 3/27/2012 4:04:30 PM - Run 4
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\JB\Desktop\Malware Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 82.95% Memory free
5.33 Gb Paging File | 4.82 Gb Available in Paging File | 90.48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.00 Gb Total Space | 187.06 Gb Free Space | 62.77% Space Free | Partition Type: NTFS

Computer Name: D2WWDTJ1 | User Name: JB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 10:51:44 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JB\Desktop\Malware Tools\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/09/08 00:31:18 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 12:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2005/01/31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 08:33:50 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/15 08:22:26 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/15 08:22:05 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 08:20:50 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/15 08:20:36 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/15 08:19:47 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/15 08:19:09 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/10/11 19:53:01 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2009/10/07 15:01:14 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/07/23 15:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2002/11/26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/09/08 00:31:18 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2008/02/22 12:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/09/13 14:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 17:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2005/01/31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\JB\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/01/04 15:55:29 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 15:56:51 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/08 15:56:51 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/08/01 15:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/04/13 23:23:16 | 003,357,952 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/03/10 19:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/11/04 15:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/03/15 14:35:18 | 000,222,248 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2009/11/02 21:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/01/20 15:05:52 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/11/05 23:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/05/08 14:53:36 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DPV)
DRV - [2008/05/08 14:52:54 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_HWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/28 18:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/10/24 17:07:22 | 001,248,184 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/09/10 09:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 09:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 09:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/17 21:46:10 | 000,056,832 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/03/16 14:59:40 | 000,054,272 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2006/06/14 12:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/10/17 19:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/27 17:25:28 | 000,077,056 | ---- | M] (Unibrain S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ubohci.sys -- (ubohci)
DRV - [2005/07/27 17:25:28 | 000,036,352 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2005/07/27 17:25:28 | 000,014,080 | ---- | M] (Unibrain S.A.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\UBSBM.sys -- (ubsbm)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\..\SearchScopes\{1A128990-A93B-4063-AB19-BB59625815A8}: "URL" = http://search.yahoo....1145,6901,0,8,0
IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\mfaroqoz.Default User1\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\JB\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\JB\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/02/21 09:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/02/21 09:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/02/21 09:42:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 07:18:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/04 16:55:23 | 000,000,000 | ---D | M]

[2009/10/31 18:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JB\Application Data\Mozilla\Extensions
[2010/09/19 20:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\l0h3ghfk.default\extensions
[2010/04/27 21:22:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\l0h3ghfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/11 14:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\mfaroqoz.Default User1\extensions
[2011/08/05 18:50:06 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\mfaroqoz.Default User1\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/09/11 14:41:04 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\mfaroqoz.Default User1\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/22 01:17:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\mfaroqoz.Default User1\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/19 07:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/07 20:55:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2012/03/19 07:18:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/07 20:55:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/29 23:04:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 06:19:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/27 15:54:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4093121082-3281752449-162258664-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinn...am/skillgam.cab (SkillGam Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinn...ut/brickout.cab (Brickout Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinn...x/blockwerx.cab (Blockwerx Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1256872176343 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinn...8/clue/clue.cab (Clue Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinn...sol/golfsol.cab (GolfSol Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C366FFB-52A8-4C2D-8CE2-5BAEAFB4236C}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\gemsafe: DllName - (C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll) - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\JB\Application Data\Ulead Systems\Ulead Photo Explorer\8.5\Wall Paper\Ulead Photo Explorer.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JB\Application Data\Ulead Systems\Ulead Photo Explorer\8.5\Wall Paper\Ulead Photo Explorer.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/27 15:44:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/27 15:44:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/27 15:44:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/27 15:44:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/27 15:44:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/26 10:07:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/25 08:28:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JB\Recent
[2012/03/20 10:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JB\Desktop\Malware Tools
[2012/03/20 05:52:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/03/16 21:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/16 21:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/16 21:37:10 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/16 21:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/14 09:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JB\Desktop\New Folder (4)
[2012/03/14 09:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JB\Desktop\iPod Photo Cache
[2012/03/09 06:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/09 06:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/09 06:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/07 20:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/07 20:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/04 17:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JB\Desktop\New Folder (3)
[2012/03/04 17:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JB\Desktop\New Folder (2)

========== Files - Modified Within 30 Days ==========

[2012/03/27 16:07:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D2858A5F-9B56-42C3-A4BE-BD401EC9E36D}.job
[2012/03/27 15:59:13 | 000,537,352 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/27 15:59:13 | 000,103,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/27 15:56:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/27 15:54:47 | 000,094,682 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/03/27 15:54:47 | 000,037,472 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2012/03/27 15:54:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/27 15:54:17 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/27 15:54:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/27 15:54:05 | 3756,130,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/27 09:52:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/20 11:31:15 | 000,000,072 | ---- | M] () -- C:\WINDOWS\Pex.INI
[2012/03/20 10:36:16 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2012/03/16 21:38:12 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/13 15:36:49 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/13 15:21:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 11:42:32 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\JB\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/09 06:53:54 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/05 11:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/01 10:33:53 | 000,004,282 | ---- | M] () -- C:\Documents and Settings\JB\Application Data\wklnhst.dat

========== Files Created - No Company Name ==========

[2012/03/27 15:44:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/27 15:44:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/27 15:44:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/27 15:44:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/27 15:44:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/20 10:38:05 | 3756,130,304 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/16 21:38:12 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/12 11:42:32 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\JB\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/09 06:53:54 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/15 04:12:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/04 15:59:02 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\JB\Local Settings\Application Data\WebpageIcons.db
[2012/01/04 15:57:51 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/01/04 15:57:51 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/12/15 04:22:37 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/25 18:28:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/11/25 18:28:46 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/11/25 18:28:46 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/11/25 18:28:45 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/11/25 18:28:44 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/11/25 18:28:44 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/11/25 18:28:44 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/11/25 18:28:44 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/05/21 06:01:00 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/03/13 18:36:09 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/13 18:36:09 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/13 18:36:09 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/11 13:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2011/01/24 21:58:23 | 000,004,282 | ---- | C] () -- C:\Documents and Settings\JB\Application Data\wklnhst.dat
[2011/01/24 21:31:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/02 22:11:08 | 000,060,056 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/01 17:22:56 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat

========== LOP Check ==========

[2009/10/09 03:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2009/10/09 02:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/08/08 15:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/09/16 08:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BRC
[2011/10/17 23:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/01/20 02:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2011/09/10 14:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/09/01 06:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/10/09 02:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2010/08/08 19:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/06 12:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/10/09 03:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/09/11 17:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/09/25 18:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/09 03:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay\Application Data\Wave Systems Corp
[2009/10/09 02:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay\Application Data\Windows Desktop Search
[2009/10/09 03:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2009/10/09 02:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2012/02/01 15:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Amazon
[2010/08/03 22:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/10 11:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\ElevatedDiagnostics
[2011/09/11 14:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Garmin
[2011/08/05 18:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Sony Online Entertainment
[2011/03/11 10:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\SystemRequirementsLab
[2011/01/19 23:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Ulead Systems
[2011/04/24 20:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Unity
[2009/10/09 03:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Wave Systems Corp
[2011/12/18 10:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JB\Application Data\Worldwinner
[2012/03/27 16:07:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D2858A5F-9B56-42C3-A4BE-BD401EC9E36D}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows /s >
"DeviceNotSelectedTimeout" = 15
"GDIProcessHandleQuota" = 10000
"Spooler" = yes
"swapdisk" =
"TransmissionRetryTimeout" = 90
"USERProcessHandleQuota" = 10000
"RequireSignedAppInit_DLLs" = 1

< HKU\S-1-5-21-4093121082-3281752449-162258664-1005\Software\Microsoft\Windows NT\CurrentVersion\Windows /s >
"DebugOptions" = 2048
"Documents" =
"DosPrint" = no
"NetMessage" = no
"NullPort" = None
"Programs" = com exe bat pif cmd
"Device" = Brother MFC-5460CN Printer (Copy 1),winspool,Ne04:

< HKU\S-1-5-21-4093121082-3281752449-162258664-1005\Software\Microsoft\Windows NT\CurrentVersion\Winlogon /s >
"ParseAutoexec" = 1
"ExcludeProfileDirs" = Local Settings;Temporary Internet Files;History;Temp
"BuildNumber" = 2600

< HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows /s >
"DebugOptions" = 2048
"Documents" =
"DosPrint" = no
"NetMessage" = no
"NullPort" = None
"Programs" = com exe bat pif cmd
"Device" = Brother MFC-5460CN Printer (Copy 1),winspool,Ne04:

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/19 07:18:52 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/19 07:18:52 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/19 07:18:52 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/19 07:18:52 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/19 07:18:52 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/19 07:18:52 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/19 07:18:55 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >



Not sure if this makes a difference but I copied and pasted all of the stuff to input into OTL except for the last line of CREATERESTOREPOINT and didn't notice it until after I started OTL. Just FYI for you. Also, after ComboFix ran and rebooted, the boxes did not pop up like normal but don't know if that was a work around the way ComboFix rebooted or if it is really gone.
  • 0

#22
CompCav
Posted 27 March 2012 - 03:24 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Try rebooting again to make sure they are gone, everything shows they were successfully deleted.

How is the computer performing now?

Regards,

CompCav
  • 0

#23
Stang5Liter
Posted 27 March 2012 - 03:33 PM

Stang5Liter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
It seems to be better and yes they pop ups did not come up after reboot. As I am trying to type write now it has slowed down considerably because when I type, the cursor is 5 letters behind before they finally come on the screen and I do not type fast at all. Also, after it rebooted, I tried the Recovery Console and the files are still corrupted. The message said that the file NVRD32.SYS could not be found. BTW, thank you so much for your time!!
  • 0

#24
CompCav
Posted 27 March 2012 - 04:06 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts

Also, after it rebooted, I tried the Recovery Console and the files are still corrupted.

What does it actually say on the screen?
  • 0

#25
Stang5Liter
Posted 27 March 2012 - 04:43 PM

Stang5Liter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
The file NVRD32.SYS could not be found

press any key to continue...

to reboot windows press any key...
  • 0

Advertisements

#26
CompCav
Posted 27 March 2012 - 05:11 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks
  • 0

#27
CompCav
Posted 28 March 2012 - 02:37 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Posted ImagePlease double click MalwareBytes'


  • Click on the Update tab, click Check for Updates
  • Click the Scanner tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 2.

  • Please download Farbar Service Scanner and run it on the computer.
    Posted Image
  • Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center / Action Center
  • Windows Update
  • Windows Defender


  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 3.

Please post:

mbam log
FSS.txt


Give me an update on the computer issues.


Step 4.

We need to run a check disk now.

Dakeyras has a nice little tutorial on it here

Give me an update on the computer issues.
  • 0

#28
Stang5Liter
Posted 28 March 2012 - 04:20 PM

Stang5Liter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.28.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
JB :: D2WWDTJ1 [administrator]

Protection: Disabled

3/28/2012 5:11:28 PM
mbam-log-2012-03-28 (17-11-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226556
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Computer seems to be running much better but have been trying to stay off of it until we get this problem solved...as to not add to the issue. :thumbsup:
  • 0

#29
Stang5Liter
Posted 28 March 2012 - 04:22 PM

Stang5Liter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Farbar Service Scanner Version: 01-03-2012
Ran by JB (administrator) on 28-03-2012 at 17:21:51
Running from "C:\Documents and Settings\JB\Desktop\Malware Tools"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) kl2(9) NetBT(5) PSched(7) RFCOMM(10) Tcpip(3)
0x0B000000090000000800000008000000040000000100000002000000030000000500000006000000070000000A000000


**** End of log ****
  • 0

#30
CompCav
Posted 28 March 2012 - 05:10 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Are you still seeing this during boot up?

The file NVRD32.SYS could not be found

press any key to continue...

to reboot windows press any key...


Regards,

CompCav
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP