Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Only plain white screen appears after start up! NO Desktop, No Too


  • Please log in to reply

#1
Steven Burnish

Steven Burnish

    Member

  • Member
  • PipPip
  • 23 posts
Yesterday I restarted my Lenovo laptop with Genuine Windows XP Service Pack 3 after a game I usually play started running slow. Before trying to play the game, all files and programs worked well. However, it took more than 5 minutes to restart whereas it usually takes around a minute. So having no other options, I pressed the power button for 10 seconds and opened the computer again. It took ages to open and reach the desktop. However, there were no desktop icons, there was start options but none of the programs worked. The Start icons looked more like that of windows 98/windows in safe mode!! I restarted it a few more times and this is how it is now:

- It takes around 5 minutes to reach the point where I enter my password and another 5 minutes to reach my desktop
- The desktop is plain white with no icons/start up/taskbars. My wallpaper was plain white like this one, so this maybe my wallpaper!
- The Windows Task Manager runs. It DOES have explorer.exe running!! But it cant open C:/
- "SMAUDIO - Could not find Contexant audio deice, applocation cannot run properly" message comes after every startup
- A roxiowatchtray.exe C++ error msg or something like that used to come. I unchecked RoxWatchTray.10 in System Configuration utility. Hence, this error msg no longer comes.

I tried running in safemode, IT DID NORMALLY!! All the files and prgorams were there safely!!


I consulted other forums and was asked to carry ouy the following steps which i did:
1. Used without the battery, only on power supply
2. Was asked to follow this " Type Regedit on the run task, then located this path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Option\Explorer.exe <<<--- Delete this folder and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplorer.exe"
I COULD NOT find those files at those locations was hence asked to delete "HKEY_LOCAL_MACHINE >> Software >> Microsoft >> Windows NT >> Current Version >> Winlogon' shell" Which I DID
3. Installed Internet Explorer8 in safemode hoping its inbuit malware remover will remove malwares if there are any!
5. Installed "JV16 PoweTools" in safe mode and fixed my registry files.

STILL the problem has not been solved!! The Windows XP im using is a genuine one But i have never done a back up so im against doing a system restore!


While closely looking at the plain white desktop, what i noticed was a small portion of the "Start" and the "Time" at the edge of the white background. SO what i think is a malware maybe behind this probelm and is hiding my desktop with a white image as a shield. SO i ran OTL Scan. A log of the scan is attached.



OTL logfile created on: 4/14/2012 5:12:32 PM - Run 3
OTL by OldTimer - Version 3.2.24.0 Folder = G:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 89.25% Memory free
6.81 Gb Paging File | 6.71 Gb Available in Paging File | 98.54% Paging File free
Paging file location(s): C:\pagefile.sys 4646 4691 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.75 Gb Total Space | 14.37 Gb Free Space | 6.28% Space Free | Partition Type: NTFS
Drive G: | 3.76 Gb Total Space | 2.45 Gb Free Space | 65.04% Space Free | Partition Type: FAT32

Computer Name: LENOVO-832649CA | User Name: Sakush | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - G:\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - G:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SessionLauncher) -- File not found
SRV - (HidServ) -- File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender)
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender)
SRV - (SafeBox) -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe (Bitdefender)
SRV - (Update Server) -- C:\Program Files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (CGVPNCliSrvc) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (MSR Service) -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe ()
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (UserAccess) -- C:\WINDOWS\system32\UAService.exe ()
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (FNF5SVC) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (PMSveH) -- C:\Program Files\Lenovo\PMDriver\PMSveH.exe (Lenovo)


========== Driver Services (SafeList) ==========

DRV - (avc3) -- C:\WINDOWS\system32\DRIVERS\avc3.sys (BitDefender)
DRV - (bdselfpr) -- C:\Program Files\BitDefender\Bitdefender 2012\bdselfpr.sys (BitDefender LLC)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (bdsandbox) -- C:\WINDOWS\system32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (avckf) -- C:\WINDOWS\system32\drivers\avckf.sys (BitDefender)
DRV - (trufos) -- C:\WINDOWS\system32\DRIVERS\trufos.sys (BitDefender S.R.L.)
DRV - (Bdfndisf) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf.sys (BitDefender LLC)
DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (avchv) -- C:\WINDOWS\system32\drivers\avchv.sys (BitDefender)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys (BitDefender)
DRV - (RegGuard) -- C:\WINDOWS\system32\drivers\regguard.sys (Greatis Software)
DRV - (NETwNx32) ___ Intel® -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\WINDOWS\system32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (EverestDriver) -- C:\Documents and Settings\Sakush\Desktop\everest\Everest_Ultimate_Build_2253\kerneld.wnt ()
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (BDVEDISK) -- C:\WINDOWS\system32\drivers\bdvedisk.sys (BitDefender)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (mdf15) -- C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys ()
DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (Cam5607) -- C:\WINDOWS\system32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (PMHler) -- C:\WINDOWS\system32\drivers\PMHler.sys (Lenovo )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.co...me/3000notebook [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.5
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.6.1
FF - prefs.js..flock.keyword.provider: "Yahoo!"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_5.0 [2012/01/21 20:16:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.5\extensions\\Components: C:\Program Files\Flock\components [2011/02/02 21:01:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.5\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/02/02 21:03:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2011/02/02 21:01:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/02/02 21:03:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/25 18:52:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/09 18:43:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012/01/21 20:16:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/03/27 02:34:50 | 000,000,000 | ---D | M]

[2010/02/03 10:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Extensions
[2010/02/03 10:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2012/04/13 19:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\extensions
[2010/06/03 20:20:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/02 19:46:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/09 12:10:50 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\extensions\[email protected]
[2010/08/23 18:59:58 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\extensions\[email protected]
[2012/04/13 19:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\extensions\staged
[2012/04/09 18:43:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/09 18:43:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2010/08/22 22:24:39 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\DOCUMENTS AND SETTINGS\SAKUSH\APPLICATION DATA\FLOCK\BROWSER\PROFILES\W46NR51B.DEFAULT\EXTENSIONS\[email protected]
[2009/11/11 03:15:41 | 000,000,000 | ---D | M] (Download Accelerator Plus Integration) -- C:\PROGRAM FILES\DAP\DAPFLOCK
[2012/03/13 10:24:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2012/04/09 18:43:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2012/03/13 10:23:32 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2012/03/13 10:23:32 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/04/14 17:45:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PMDriver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKLM..\Run: [WD Spindown Utility] C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 159
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Sakush/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 03:47:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1064bdda-9c46-11de-9831-001e652f4cc6}\Shell\AutoRun\command - "" = E:\3c.exe
O33 - MountPoints2\{1064bdda-9c46-11de-9831-001e652f4cc6}\Shell\open\Command - "" = E:\3c.exe
O33 - MountPoints2\{19b77e2a-2e63-11df-98a6-001e652f4cc6}\Shell\AutoRun\command - "" = sovittamrakar.exe
O33 - MountPoints2\{19b77e2a-2e63-11df-98a6-001e652f4cc6}\Shell\explore\Command - "" = sovittamrakar.exe
O33 - MountPoints2\{19b77e2a-2e63-11df-98a6-001e652f4cc6}\Shell\open\Command - "" = sovittamrakar.exe
O33 - MountPoints2\{355e9736-1609-11df-989b-001e652f4cc6}\Shell\AutoRun\command - "" = G:\sovittamrakar.exe
O33 - MountPoints2\{355e9736-1609-11df-989b-001e652f4cc6}\Shell\explore\Command - "" = G:\sovittamrakar.exe
O33 - MountPoints2\{355e9736-1609-11df-989b-001e652f4cc6}\Shell\open\Command - "" = G:\sovittamrakar.exe
O33 - MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\Shell\Auto\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\Shell\AutoRun\command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\Shell\Explore\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\Shell\Find\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\Shell\Format...\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\Shell\open\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\Shell\Auto\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\Shell\AutoRun\command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\Shell\Explore\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\Shell\Find\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\Shell\Format...\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\Shell\open\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{61f02bb7-d256-11de-9868-001e652f4cc6}\Shell\AutoRun\command - "" = E:\curice/elena.exe
O33 - MountPoints2\{61f02bb7-d256-11de-9868-001e652f4cc6}\Shell\explore\command - "" = E:\curice/elena.exe
O33 - MountPoints2\{61f02bb7-d256-11de-9868-001e652f4cc6}\Shell\open\command - "" = E:\curice/elena.exe
O33 - MountPoints2\{885d63f4-2c84-11df-98a5-001e652f4cc6}\Shell\AutoRun\command - "" = COKOLADA//topljena.exe
O33 - MountPoints2\{8c2a7210-1fcf-11df-98a2-001e652f4cc6}\Shell\AutoRun\command - "" = F:\ALKOHOLU///zdravooo.exe
O33 - MountPoints2\{8c2a7210-1fcf-11df-98a2-001e652f4cc6}\Shell\explore\command - "" = F:\ALKOHOLU///zdravooo.exe
O33 - MountPoints2\{8c2a7210-1fcf-11df-98a2-001e652f4cc6}\Shell\open\command - "" = F:\ALKOHOLU///zdravooo.exe
O33 - MountPoints2\{aa965ed8-24a2-11df-98a3-001e652f4cc6}\Shell\AutoRun\command - "" = F:\sovittamrakar.exe
O33 - MountPoints2\{aa965ed8-24a2-11df-98a3-001e652f4cc6}\Shell\explore\Command - "" = F:\sovittamrakar.exe
O33 - MountPoints2\{aa965ed8-24a2-11df-98a3-001e652f4cc6}\Shell\open\Command - "" = F:\sovittamrakar.exe
O33 - MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\Shell\Auto\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\Shell\AutoRun\command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\Shell\Explore\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\Shell\Find\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\Shell\Format...\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\Shell\open\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{cefbc302-ce13-11de-985d-001e652f4cc6}\Shell\AutoRun\command - "" = F:\sovittamrakar.exe
O33 - MountPoints2\{cefbc302-ce13-11de-985d-001e652f4cc6}\Shell\explore\Command - "" = F:\sovittamrakar.exe
O33 - MountPoints2\{cefbc302-ce13-11de-985d-001e652f4cc6}\Shell\open\Command - "" = F:\sovittamrakar.exe
O33 - MountPoints2\{cfd3b392-f9e3-11de-988b-001e652f4cc6}\Shell\AutoRun\command - "" = F:\SLATKO/torta.exe
O33 - MountPoints2\{cfd3b392-f9e3-11de-988b-001e652f4cc6}\Shell\explore\command - "" = F:\SLATKO/torta.exe
O33 - MountPoints2\{cfd3b392-f9e3-11de-988b-001e652f4cc6}\Shell\open\command - "" = F:\SLATKO/torta.exe
O33 - MountPoints2\{fb199afd-9c1d-11de-9830-001e652f4cc6}\Shell\AutoRun\command - "" = F:\tmp/bak.exe
O33 - MountPoints2\{fb199afd-9c1d-11de-9830-001e652f4cc6}\Shell\explore\command - "" = F:\tmp/bak.exe
O33 - MountPoints2\{fb199afd-9c1d-11de-9830-001e652f4cc6}\Shell\open\command - "" = F:\tmp/bak.exe
O33 - MountPoints2\{fe7fb16b-17ec-11df-989e-001e652f4cc6}\Shell\AutoRun\command - "" = sovittamrakar.exe
O33 - MountPoints2\{fe7fb16b-17ec-11df-989e-001e652f4cc6}\Shell\explore\Command - "" = sovittamrakar.exe
O33 - MountPoints2\{fe7fb16b-17ec-11df-989e-001e652f4cc6}\Shell\open\Command - "" = sovittamrakar.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/14 15:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2011
[2012/04/14 15:21:48 | 000,039,192 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2012/04/14 15:21:48 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2012/04/14 15:17:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sakush\IETldCache
[2012/04/14 15:07:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/04/14 15:07:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/04/13 20:26:40 | 000,000,000 | ---D | C] -- C:\Rock Star Supernova
[2012/04/13 11:00:15 | 000,000,000 | ---D | C] -- C:\Mission Impossible III (2006)
[2012/04/13 10:59:25 | 000,000,000 | ---D | C] -- C:\Mission Impossible II (2000)
[2012/04/13 10:58:50 | 000,000,000 | ---D | C] -- C:\Mission Impossible (1996)
[2012/04/09 21:18:20 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys
[2012/04/09 21:18:20 | 000,100,224 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bserd.sys
[2012/04/09 21:18:20 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys
[2012/04/09 21:18:20 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys
[2012/04/09 21:18:19 | 000,098,432 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys
[2012/04/09 21:18:19 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys
[2012/04/09 19:38:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/04/09 18:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/04/09 18:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/09 18:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Local Settings\Application Data\Samsung
[2012/04/09 18:20:34 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2012/04/09 18:20:01 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2012/04/09 18:20:01 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2012/04/09 18:17:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Local Settings\Application Data\Downloaded Installations
[2012/04/09 16:49:11 | 003,785,056 | ---- | C] (BlueStack Systems, Inc.) -- C:\Documents and Settings\Sakush\Desktop\BlueStacks-ThinInstaller_0.6.3.2212.exe
[2012/04/09 16:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Local Settings\Application Data\BlueStacksSetup
[2012/04/09 16:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Local Settings\Application Data\BlueStacks
[2012/04/05 21:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Desktop\New Folder (2)
[2012/04/03 20:40:03 | 000,000,000 | ---D | C] -- C:\Mission Impossible Ghost Protocol (2011)
[2012/04/01 22:55:36 | 000,000,000 | ---D | C] -- C:\BitDefender Total Security 2012 (x86x64) include Patch{h33t}{mad dog}
[2012/04/01 20:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Application Data\Intel
[2012/04/01 20:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2012/04/01 20:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2012/04/01 20:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2012/04/01 20:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
[2012/04/01 20:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/04/01 20:48:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/01 20:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/04/01 20:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Application Data\SystemRequirementsLab
[2012/03/31 07:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Desktop\Joaquin
[2012/03/30 22:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Desktop\Stones
[2012/03/29 23:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Desktop\Management Information System
[2012/03/28 22:11:08 | 000,325,552 | ---- | C] ((주)마크애니) -- C:\WINDOWS\MASetupCaller.dll
[2012/03/28 22:11:08 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\WINDOWS\MAMCityDownload.ocx
[2012/03/28 22:11:06 | 000,569,344 | ---- | C] (© MusicCity) -- C:\WINDOWS\System32\muzdecode.ax
[2012/03/28 22:11:06 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.dll
[2012/03/28 22:11:06 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\WINDOWS\System32\MSLUR71.dll
[2012/03/28 22:11:06 | 000,258,048 | ---- | C] (© PeeringPortal) -- C:\WINDOWS\System32\muzoggsp.ax
[2012/03/28 22:11:06 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\WINDOWS\System32\MSCLib.dll
[2012/03/28 22:11:06 | 000,200,704 | ---- | C] ( © MusicCity) -- C:\WINDOWS\System32\muzwmts.dll
[2012/03/28 22:11:06 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.exe
[2012/03/28 22:11:06 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\WINDOWS\System32\MSFLib.dll
[2012/03/28 22:11:06 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzaf1.dll
[2012/03/28 22:11:06 | 000,131,072 | ---- | C] (© MusicCity) -- C:\WINDOWS\System32\muzmpgsp.ax
[2012/03/28 22:11:06 | 000,122,880 | ---- | C] (© MUSICCITY) -- C:\WINDOWS\System32\muzeffect.ax
[2012/03/28 22:11:06 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\WINDOWS\System32\MaDRM.dll
[2012/03/28 22:11:06 | 000,110,592 | ---- | C] (© MusicCity) -- C:\WINDOWS\System32\muzmp4sp.ax
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] (Marktek) -- C:\WINDOWS\System32\MK_Lyric.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\WINDOWS\System32\MTXSYNCICON.dll
[2012/03/28 22:11:06 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MaJGUILib.dll
[2012/03/28 22:11:06 | 000,045,320 | ---- | C] (MARKANY) -- C:\WINDOWS\System32\MAMACExtract.dll
[2012/03/28 22:11:06 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MaXMLProto.dll
[2012/03/28 22:11:06 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MACXMLProto.dll
[2012/03/28 22:11:06 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\WINDOWS\System32\MTTELECHIP.dll
[2012/03/28 22:11:06 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\WINDOWS\System32\MASetupCleaner.exe
[2012/03/28 22:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Desktop\Operation management
[2012/03/28 16:12:53 | 000,000,000 | ---D | C] -- C:\Stacy Schiff - Cleopatra_A Life
[2012/03/28 16:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Desktop\Dizz e book
[2012/03/28 16:04:30 | 000,000,000 | ---D | C] -- C:\The Silmarillion (444)
[2012/03/28 15:55:19 | 000,000,000 | ---D | C] -- C:\The Silmarillion (AudioBook & E-Book)
[2012/03/27 02:48:40 | 000,000,000 | ---D | C] -- C:\Nrwcf
[2012/03/27 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/03/27 02:09:12 | 000,611,520 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2012/03/27 02:08:40 | 000,063,056 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
[2012/03/27 02:07:08 | 000,447,208 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2012/03/27 02:04:25 | 000,000,000 | ---D | C] -- C:\F1 - 2012
[2012/03/26 23:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Local Settings\Application Data\bdch
[2012/03/26 23:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2012/03/26 23:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Application Data\Bitdefender
[2012/03/26 23:20:56 | 000,360,976 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2012/03/26 23:20:56 | 000,340,624 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2012/03/26 00:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Technologies
[2012/03/26 00:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Start Menu\Programs\WD Spindown or Stop Utility
[2012/03/24 16:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\My Documents\FM12_temp
[2012/03/23 16:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\My Documents\VP Back Up
[2012/03/20 21:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Desktop\Om
[2012/03/20 05:54:42 | 000,000,000 | ---D | C] -- C:\Santana - Supernatural (1999) [CD Rip] 320 vtwin88cube
[2012/03/17 21:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Desktop\OverlaysChangerRepack1.0
[2011/06/16 23:03:31 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/14 16:59:10 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/14 16:58:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/14 16:27:11 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2955907764-2073543447-3033106246-1008UA.job
[2012/04/14 15:48:54 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\Buy jv16 PowerTools.url
[2012/04/14 15:47:44 | 000,000,022 | -HS- | M] () -- C:\WINDOWS\System5537 Data.Repository
[2012/04/14 15:47:44 | 000,000,022 | -HS- | M] () -- C:\Documents and Settings\Sakush\Application Data\Sys2662.Config.Repository.bin
[2012/04/14 15:21:48 | 000,039,192 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2012/04/14 15:21:48 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2012/04/14 15:17:57 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Sakush\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/14 15:08:22 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/04/14 14:38:01 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/04/14 00:55:18 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Sakush\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/13 23:26:07 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/12 13:27:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2955907764-2073543447-3033106246-1008Core.job
[2012/04/11 17:55:10 | 004,166,808 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\Ben Arfa Wonder Goal for Newcastle 2-1 Blackburn - Official Highlights and Goals FA Cup 3rd 07-01-12.mp4
[2012/04/11 17:42:08 | 001,195,538 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\Hatem Ben Arfa Goal vs Bolton HD(2).mp4
[2012/04/09 20:20:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/09 20:19:37 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/04/09 20:19:37 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/04/09 19:46:37 | 025,740,256 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\wmp11-windowsxp-x86-enu.exe.dap
[2012/04/09 19:39:06 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/04/09 18:20:42 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\Sakush\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/04/09 10:58:31 | 003,785,056 | ---- | M] (BlueStack Systems, Inc.) -- C:\Documents and Settings\Sakush\Desktop\BlueStacks-ThinInstaller_0.6.3.2212.exe
[2012/04/09 10:52:10 | 384,418,649 | ---- | M] () -- C:\Game.of.Thrones.S02E02.HDTV.x264-ASAP.mp4
[2012/04/08 13:48:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/06 05:41:15 | 000,048,041 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\557740_465013274977_511754977_1729949_1268780589_n.jpg
[2012/04/06 04:16:45 | 1963,042,257 | ---- | M] () -- C:\Sternberg's Diagnostic Surgical Pathology, 5th ed. 2010, Pg.chm
[2012/04/05 12:58:49 | 000,000,323 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2012/04/04 21:22:29 | 112,525,928 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\weekly.exe.dap
[2012/04/03 19:59:57 | 013,352,488 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\2012-Kookaburra-Brochure-Low-Res.pdf
[2012/04/02 19:06:35 | 000,002,529 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\WD Spindown or Stop Utility.lnk
[2012/04/01 20:51:34 | 000,531,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/01 20:51:34 | 000,098,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/01 01:54:17 | 043,942,094 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\Karim Benzema Van Bastenesque Wonder Goal V Osasusa [1080p].mp4
[2012/03/30 22:39:01 | 000,611,520 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2012/03/29 22:10:25 | 000,059,874 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\VP90.JPG
[2012/03/28 22:11:22 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2012/03/28 22:11:08 | 000,325,552 | ---- | M] ((주)마크애니) -- C:\WINDOWS\MASetupCaller.dll
[2012/03/28 22:11:08 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\WINDOWS\MAMCityDownload.ocx
[2012/03/28 22:11:08 | 000,030,568 | ---- | M] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | M] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/03/28 22:11:06 | 000,569,344 | ---- | M] (© MusicCity) -- C:\WINDOWS\System32\muzdecode.ax
[2012/03/28 22:11:06 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.dll
[2012/03/28 22:11:06 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\WINDOWS\System32\MSLUR71.dll
[2012/03/28 22:11:06 | 000,258,048 | ---- | M] (© PeeringPortal) -- C:\WINDOWS\System32\muzoggsp.ax
[2012/03/28 22:11:06 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\WINDOWS\System32\MSCLib.dll
[2012/03/28 22:11:06 | 000,200,704 | ---- | M] ( © MusicCity) -- C:\WINDOWS\System32\muzwmts.dll
[2012/03/28 22:11:06 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.exe
[2012/03/28 22:11:06 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\WINDOWS\System32\MSFLib.dll
[2012/03/28 22:11:06 | 000,143,360 | ---- | M] () -- C:\WINDOWS\System32\3DAudio.ax
[2012/03/28 22:11:06 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzaf1.dll
[2012/03/28 22:11:06 | 000,131,072 | ---- | M] (© MusicCity) -- C:\WINDOWS\System32\muzmpgsp.ax
[2012/03/28 22:11:06 | 000,122,880 | ---- | M] (© MUSICCITY) -- C:\WINDOWS\System32\muzeffect.ax
[2012/03/28 22:11:06 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\WINDOWS\System32\MaDRM.dll
[2012/03/28 22:11:06 | 000,110,592 | ---- | M] (© MusicCity) -- C:\WINDOWS\System32\muzmp4sp.ax
[2012/03/28 22:11:06 | 000,081,920 | ---- | M] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | M] (Marktek) -- C:\WINDOWS\System32\MK_Lyric.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\WINDOWS\System32\MTXSYNCICON.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | M] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/03/28 22:11:06 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\WINDOWS\System32\MaJGUILib.dll
[2012/03/28 22:11:06 | 000,045,320 | ---- | M] (MARKANY) -- C:\WINDOWS\System32\MAMACExtract.dll
[2012/03/28 22:11:06 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\WINDOWS\System32\MaXMLProto.dll
[2012/03/28 22:11:06 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\WINDOWS\System32\MACXMLProto.dll
[2012/03/28 22:11:06 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\WINDOWS\System32\MTTELECHIP.dll
[2012/03/28 22:11:06 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\WINDOWS\System32\MASetupCleaner.exe
[2012/03/28 22:11:02 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2012/03/28 22:11:02 | 000,020,032 | ---- | M] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2012/03/27 02:08:40 | 000,063,056 | ---- | M] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
[2012/03/27 02:07:08 | 000,447,208 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2012/03/27 02:02:30 | 000,340,624 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2012/03/26 23:54:13 | 000,113,616 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2012/03/26 23:54:03 | 000,240,184 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
[2012/03/26 23:53:59 | 000,360,976 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2012/03/26 23:24:50 | 000,528,423 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1332783350.bdinstall.bin
[2012/03/26 23:23:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/03/26 23:23:35 | 000,001,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security 2012.lnk
[2012/03/26 22:56:53 | 000,021,611 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1332781903.bdinstall.bin
[2012/03/26 22:53:59 | 001,540,166 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2012/03/25 18:53:00 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Sakush\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/23 12:34:48 | 000,238,983 | ---- | M] () -- C:\Documents and Settings\Sakush\My Documents\143863.jpg
[2012/03/22 21:31:59 | 000,108,869 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\Bwa Karobaar 22 March 2012.jpg
[2012/03/20 19:39:29 | 000,547,425 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\Nepali_National_Anthem_New_SanjaalDotCom.mp3
[2012/03/19 23:04:00 | 000,071,000 | ---- | M] () -- C:\Documents and Settings\Sakush\My Documents\421672_368203796543029_100000602341277_1315852_860064429_n.jpg
[2012/03/19 23:03:47 | 000,074,806 | ---- | M] () -- C:\Documents and Settings\Sakush\My Documents\427238_368782003151875_100000602341277_1316927_302775405_n.jpg
[2012/03/19 23:01:43 | 000,134,994 | ---- | M] () -- C:\Documents and Settings\Sakush\My Documents\423164_369700533060022_100000602341277_1318857_1263757118_n.jpg
[2012/03/19 23:01:24 | 000,071,330 | ---- | M] () -- C:\Documents and Settings\Sakush\My Documents\409387_370177059679036_1368194151_n.jpg
[2012/03/19 23:01:10 | 000,059,663 | ---- | M] () -- C:\Documents and Settings\Sakush\My Documents\419004_369098019786940_100000602341277_1317546_1427279519_n.jpg
[2012/03/19 22:59:13 | 000,106,928 | ---- | M] () -- C:\Documents and Settings\Sakush\My Documents\419681_371155639581178_100000602341277_1323565_1197523863_n.jpg
[2012/03/19 22:58:55 | 000,119,667 | ---- | M] () -- C:\Documents and Settings\Sakush\My Documents\417246_371828992847176_100000602341277_1325417_534628001_n.jpg
[2012/03/19 22:58:27 | 000,100,667 | ---- | M] () -- C:\Documents and Settings\Sakush\My Documents\426105_372214282808647_100000602341277_1326116_1879986617_n.jpg
[2012/03/19 22:58:18 | 000,144,135 | ---- | M] () -- C:\Documents and Settings\Sakush\My Documents\423331_373355882694487_100000602341277_1329458_1447430968_n.jpg
[2012/03/15 21:12:43 | 001,079,407 | ---- | M] () -- C:\Documents and Settings\Sakush\My Documents\Invisible Children FY11-Audited Financial Statements.pdf
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/14 15:48:54 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\Buy jv16 PowerTools.url
[2012/04/14 15:47:44 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\System5537 Data.Repository
[2012/04/14 15:47:44 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Sakush\Application Data\Sys2662.Config.Repository.bin
[2012/04/14 15:17:57 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Sakush\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/14 15:08:22 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/04/11 17:54:30 | 004,166,808 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\Ben Arfa Wonder Goal for Newcastle 2-1 Blackburn - Official Highlights and Goals FA Cup 3rd 07-01-12.mp4
[2012/04/11 17:41:56 | 001,195,538 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\Hatem Ben Arfa Goal vs Bolton HD(2).mp4
[2012/04/09 19:46:33 | 025,740,256 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\wmp11-windowsxp-x86-enu.exe.dap
[2012/04/09 19:39:06 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/04/09 18:20:42 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\Sakush\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/04/09 08:21:58 | 384,418,649 | ---- | C] () -- C:\Game.of.Thrones.S02E02.HDTV.x264-ASAP.mp4
[2012/04/06 05:41:15 | 000,048,041 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\557740_465013274977_511754977_1729949_1268780589_n.jpg
[2012/04/05 21:03:36 | 1963,042,257 | ---- | C] () -- C:\Sternberg's Diagnostic Surgical Pathology, 5th ed. 2010, Pg.chm
[2012/04/04 21:22:26 | 112,525,928 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\weekly.exe.dap
[2012/04/04 19:48:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/03 19:59:56 | 013,352,488 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\2012-Kookaburra-Brochure-Low-Res.pdf
[2012/04/02 20:51:29 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/01 02:06:22 | 043,942,094 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\Karim Benzema Van Bastenesque Wonder Goal V Osasusa [1080p].mp4
[2012/03/29 22:10:25 | 000,059,874 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\VP90.JPG
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/03/28 22:11:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\3DAudio.ax
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/03/26 23:46:18 | 000,000,323 | ---- | C] () -- C:\WINDOWS\System32\checkdnsid.xml
[2012/03/26 23:24:50 | 000,528,423 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1332783350.bdinstall.bin
[2012/03/26 23:23:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/03/26 23:23:35 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security 2012.lnk
[2012/03/26 22:56:53 | 000,021,611 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1332781903.bdinstall.bin
[2012/03/26 00:11:42 | 000,002,529 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\WD Spindown or Stop Utility.lnk
[2012/03/23 12:34:47 | 000,238,983 | ---- | C] () -- C:\Documents and Settings\Sakush\My Documents\143863.jpg
[2012/03/22 21:31:59 | 000,108,869 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\Bwa Karobaar 22 March 2012.jpg
[2012/03/20 19:38:56 | 000,547,425 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\Nepali_National_Anthem_New_SanjaalDotCom.mp3
[2012/03/19 23:03:59 | 000,071,000 | ---- | C] () -- C:\Documents and Settings\Sakush\My Documents\421672_368203796543029_100000602341277_1315852_860064429_n.jpg
[2012/03/19 23:03:47 | 000,074,806 | ---- | C] () -- C:\Documents and Settings\Sakush\My Documents\427238_368782003151875_100000602341277_1316927_302775405_n.jpg
[2012/03/19 23:01:43 | 000,134,994 | ---- | C] () -- C:\Documents and Settings\Sakush\My Documents\423164_369700533060022_100000602341277_1318857_1263757118_n.jpg
[2012/03/19 23:01:24 | 000,071,330 | ---- | C] () -- C:\Documents and Settings\Sakush\My Documents\409387_370177059679036_1368194151_n.jpg
[2012/03/19 23:01:09 | 000,059,663 | ---- | C] () -- C:\Documents and Settings\Sakush\My Documents\419004_369098019786940_100000602341277_1317546_1427279519_n.jpg
[2012/03/19 22:59:13 | 000,106,928 | ---- | C] () -- C:\Documents and Settings\Sakush\My Documents\419681_371155639581178_100000602341277_1323565_1197523863_n.jpg
[2012/03/19 22:58:55 | 000,119,667 | ---- | C] () -- C:\Documents and Settings\Sakush\My Documents\417246_371828992847176_100000602341277_1325417_534628001_n.jpg
[2012/03/19 22:58:26 | 000,100,667 | ---- | C] () -- C:\Documents and Settings\Sakush\My Documents\426105_372214282808647_100000602341277_1326116_1879986617_n.jpg
[2012/03/19 22:58:18 | 000,144,135 | ---- | C] () -- C:\Documents and Settings\Sakush\My Documents\423331_373355882694487_100000602341277_1329458_1447430968_n.jpg
[2012/03/15 21:12:43 | 001,079,407 | ---- | C] () -- C:\Documents and Settings\Sakush\My Documents\Invisible Children FY11-Audited Financial Statements.pdf
[2011/06/16 23:03:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/02/21 18:41:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imblacklist.dat
[2011/02/21 14:08:15 | 001,540,166 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/11/22 18:15:54 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool.dat
[2010/11/22 18:15:53 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll
[2010/11/22 18:15:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll
[2010/11/22 18:15:53 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\bsrgvas.dll
[2010/11/22 18:15:29 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2010/11/22 18:15:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2010/11/11 21:31:05 | 004,932,426 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2955907764-2073543447-3033106246-1008-0.dat
[2010/11/07 14:08:35 | 000,359,226 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/06 22:17:11 | 000,096,409 | ---- | C] () -- C:\Documents and Settings\Sakush\Application Data\Sakushlog.dat
[2010/08/14 00:26:56 | 001,244,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/13 22:01:22 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/08/13 22:01:22 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/08/13 22:01:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Sakush\Application Data\$_hpcst$.hpc
[2010/08/02 02:01:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/07/11 00:56:10 | 000,000,571 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/06/03 17:25:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010/02/10 11:15:04 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Sakush\Application Data\bdfvconp.ini
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2009/12/06 22:35:32 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/12/06 07:07:59 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2009/12/06 07:07:59 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/12/04 17:28:33 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/11/11 02:19:07 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/10 06:49:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/10 01:33:31 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\imapdd.dll
[2009/10/10 01:33:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imapdb.exe
[2009/10/10 01:33:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imapd.exe
[2009/09/25 22:22:07 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService.exe
[2009/09/25 22:22:07 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/09/21 21:52:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/11 22:09:30 | 000,000,208 | ---- | C] () -- C:\WINDOWS\POD.INI
[2009/09/11 22:08:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/09/07 12:58:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\rotscxmktkmnqt.sys
[2009/09/04 02:32:11 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Sakush\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/03 19:54:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/13 11:51:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/13 11:36:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009/07/13 11:33:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/07/13 11:33:24 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/07/13 11:33:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/07/13 11:33:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/07/13 11:33:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/07/13 11:33:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/07/13 11:32:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/07/13 11:32:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/13 11:28:49 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009/07/13 11:28:49 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009/07/13 11:28:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009/07/13 11:28:48 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009/07/13 11:28:48 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009/07/13 11:28:48 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009/07/13 11:28:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009/07/13 11:28:47 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009/07/13 11:28:47 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009/07/13 11:28:47 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009/07/13 11:28:47 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009/07/13 11:28:47 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009/07/13 11:28:47 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009/07/13 11:28:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009/07/13 11:28:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009/07/13 11:28:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009/07/13 11:28:45 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009/07/13 11:23:12 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/07/13 11:23:12 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/07/13 11:23:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2009/07/13 11:17:26 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/07/13 11:14:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2008/07/22 21:07:09 | 000,000,350 | RHS- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/22 04:35:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/07/22 04:35:00 | 000,531,862 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/07/22 04:35:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/07/22 04:35:00 | 000,098,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/07/22 04:35:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/07/22 04:34:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/07/22 04:34:59 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/07/22 04:34:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/07/22 04:34:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/07/22 04:34:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/07/22 04:34:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/07/22 04:34:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/07/22 03:49:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/22 03:45:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/21 20:40:48 | 000,004,307 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/21 20:40:02 | 000,399,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2004/12/20 15:53:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 15:48:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/10 19:21:12 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll
[2002/12/15 03:31:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/15 03:31:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/15 03:31:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/15 02:31:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 17:56:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll

========== LOP Check ==========

[2011/02/21 14:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4fdb0000-3fd7-41bd-4053-3d24a308378b
[2011/02/21 14:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aa080000-27c5-4bde-4bdc-603f579e61b6
[2011/02/25 16:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2012/03/27 02:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/03/26 23:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/09/10 22:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/09/06 12:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/19 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/07/13 11:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2012/01/21 20:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/01/21 20:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012/01/21 20:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/07/13 11:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/07/13 11:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/04/09 18:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/11/11 03:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2009/11/29 17:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2012/04/09 19:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/01 01:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/07/13 11:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/06/15 18:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VeriFace
[2010/02/20 12:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/06/15 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2011/02/02 21:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/11 03:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/01 01:19:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012/03/26 23:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Bitdefender
[2011/02/04 15:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\cald3
[2010/09/10 22:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\DAEMON Tools Lite
[2009/10/11 23:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\dxdlls
[2012/03/27 04:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Esnyzi
[2010/02/03 10:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Flock
[2009/10/03 15:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\InterVideo
[2009/09/03 22:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Leadertech
[2012/02/29 23:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Maxthon3
[2011/11/11 21:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Mefy
[2012/01/21 20:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Nokia
[2012/01/21 20:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Nokia Suite
[2009/09/25 22:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\oald7
[2012/01/21 20:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\PC Suite
[2011/02/21 14:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\QuickScan
[2012/04/09 18:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Samsung
[2011/12/05 22:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Sports Interactive
[2012/04/01 20:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\SystemRequirementsLab
[2012/02/26 22:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\TeamViewer
[2011/02/19 16:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\temp
[2010/03/01 01:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\TuneUp Software
[2012/04/13 23:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\uTorrent
[2011/06/15 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Zbshareware Lab
[2012/03/14 03:00:27 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/02/21 15:01:45 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Sakush\?????) -- C:\Documents and Settings\Sakush\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

< End of report >

Attached Files

  • Attached File  OTL.Txt   134.08KB   50 downloads

Edited by Steven Burnish, 15 April 2012 - 05:11 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
I've moved your post over to the malware forum.

Uninstall:
Unhackme so it doesn't interfere

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Sakush/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O33 - MountPoints2\{1064bdda-9c46-11de-9831-001e652f4cc6}\Shell\AutoRun\command - "" = E:\3c.exe
O33 - MountPoints2\{1064bdda-9c46-11de-9831-001e652f4cc6}\Shell\open\Command - "" = E:\3c.exe
O33 - MountPoints2\{19b77e2a-2e63-11df-98a6-001e652f4cc6}\Shell\AutoRun\command - "" = sovittamrakar.exe
O33 - MountPoints2\{19b77e2a-2e63-11df-98a6-001e652f4cc6}\Shell\explore\Command - "" = sovittamrakar.exe
O33 - MountPoints2\{19b77e2a-2e63-11df-98a6-001e652f4cc6}\Shell\open\Command - "" = sovittamrakar.exe
O33 - MountPoints2\{355e9736-1609-11df-989b-001e652f4cc6}\Shell\AutoRun\command - "" = G:\sovittamrakar.exe
O33 - MountPoints2\{355e9736-1609-11df-989b-001e652f4cc6}\Shell\explore\Command - "" = G:\sovittamrakar.exe
O33 - MountPoints2\{355e9736-1609-11df-989b-001e652f4cc6}\Shell\open\Command - "" = G:\sovittamrakar.exe
O33 - MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\Shell\Auto\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\Shell\AutoRun\command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\Shell\Explore\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\Shell\Find\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\Shell\Format...\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\Shell\open\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\Shell\Auto\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\Shell\AutoRun\command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\Shell\Explore\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\Shell\Find\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\Shell\Format...\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\Shell\open\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{61f02bb7-d256-11de-9868-001e652f4cc6}\Shell\AutoRun\command - "" = E:\curice/elena.exe
O33 - MountPoints2\{61f02bb7-d256-11de-9868-001e652f4cc6}\Shell\explore\command - "" = E:\curice/elena.exe
O33 - MountPoints2\{61f02bb7-d256-11de-9868-001e652f4cc6}\Shell\open\command - "" = E:\curice/elena.exe
O33 - MountPoints2\{885d63f4-2c84-11df-98a5-001e652f4cc6}\Shell\AutoRun\command - "" = COKOLADA//topljena.exe
O33 - MountPoints2\{8c2a7210-1fcf-11df-98a2-001e652f4cc6}\Shell\AutoRun\command - "" = F:\ALKOHOLU///zdravooo.exe
O33 - MountPoints2\{8c2a7210-1fcf-11df-98a2-001e652f4cc6}\Shell\explore\command - "" = F:\ALKOHOLU///zdravooo.exe
O33 - MountPoints2\{8c2a7210-1fcf-11df-98a2-001e652f4cc6}\Shell\open\command - "" = F:\ALKOHOLU///zdravooo.exe
O33 - MountPoints2\{aa965ed8-24a2-11df-98a3-001e652f4cc6}\Shell\AutoRun\command - "" = F:\sovittamrakar.exe
O33 - MountPoints2\{aa965ed8-24a2-11df-98a3-001e652f4cc6}\Shell\explore\Command - "" = F:\sovittamrakar.exe
O33 - MountPoints2\{aa965ed8-24a2-11df-98a3-001e652f4cc6}\Shell\open\Command - "" = F:\sovittamrakar.exe
O33 - MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\Shell\Auto\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\Shell\AutoRun\command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\Shell\Explore\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\Shell\Find\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\Shell\Format...\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\Shell\open\Command - "" = wscript.exe killvirus.vbs
O33 - MountPoints2\{cefbc302-ce13-11de-985d-001e652f4cc6}\Shell\AutoRun\command - "" = F:\sovittamrakar.exe
O33 - MountPoints2\{cefbc302-ce13-11de-985d-001e652f4cc6}\Shell\explore\Command - "" = F:\sovittamrakar.exe
O33 - MountPoints2\{cefbc302-ce13-11de-985d-001e652f4cc6}\Shell\open\Command - "" = F:\sovittamrakar.exe
O33 - MountPoints2\{cfd3b392-f9e3-11de-988b-001e652f4cc6}\Shell\AutoRun\command - "" = F:\SLATKO/torta.exe
O33 - MountPoints2\{cfd3b392-f9e3-11de-988b-001e652f4cc6}\Shell\explore\command - "" = F:\SLATKO/torta.exe
O33 - MountPoints2\{cfd3b392-f9e3-11de-988b-001e652f4cc6}\Shell\open\command - "" = F:\SLATKO/torta.exe
O33 - MountPoints2\{fb199afd-9c1d-11de-9830-001e652f4cc6}\Shell\AutoRun\command - "" = F:\tmp/bak.exe
O33 - MountPoints2\{fb199afd-9c1d-11de-9830-001e652f4cc6}\Shell\explore\command - "" = F:\tmp/bak.exe
O33 - MountPoints2\{fb199afd-9c1d-11de-9830-001e652f4cc6}\Shell\open\command - "" = F:\tmp/bak.exe
O33 - MountPoints2\{fe7fb16b-17ec-11df-989e-001e652f4cc6}\Shell\AutoRun\command - "" = sovittamrakar.exe
O33 - MountPoints2\{fe7fb16b-17ec-11df-989e-001e652f4cc6}\Shell\explore\Command - "" = sovittamrakar.exe
O33 - MountPoints2\{fe7fb16b-17ec-11df-989e-001e652f4cc6}\Shell\open\Command - "" = sovittamrakar.exe
[2012/04/14 15:47:44 | 000,000,022 | -HS- | M] () -- C:\WINDOWS\System5537 Data.Repository
[2012/04/14 15:47:44 | 000,000,022 | -HS- | M] () -- C:\Documents and Settings\Sakush\Application Data\Sys2662.Config.Repository.bin
[2009/09/07 12:58:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\rotscxmktkmnqt.sys
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan (Allow the Avast Engine)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
Steven Burnish

Steven Burnish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello Ron,

Thanks a ton for assisting me with my problem!!


I first uninstalled unhack me so it would not interfere!

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

I ran OTL Scan as you mentioned and here is the log.

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\USB Antivirus deleted successfully.
C:\Program Files\USB Disk Security\USBGuard.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\USB Security deleted successfully.
File C:\Program Files\USB Disk Security\USBGuard.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NoIE4StubProcessing deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PicNotify\ deleted successfully.
C:\WINDOWS\system32\PicNotify.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File file:///C:/DOCUME~1/Sakush/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\ deleted successfully.
File About:Home not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1064bdda-9c46-11de-9831-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1064bdda-9c46-11de-9831-001e652f4cc6}\ not found.
File E:\3c.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1064bdda-9c46-11de-9831-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1064bdda-9c46-11de-9831-001e652f4cc6}\ not found.
File E:\3c.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b77e2a-2e63-11df-98a6-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19b77e2a-2e63-11df-98a6-001e652f4cc6}\ not found.
File sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b77e2a-2e63-11df-98a6-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19b77e2a-2e63-11df-98a6-001e652f4cc6}\ not found.
File sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b77e2a-2e63-11df-98a6-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19b77e2a-2e63-11df-98a6-001e652f4cc6}\ not found.
File sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{355e9736-1609-11df-989b-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{355e9736-1609-11df-989b-001e652f4cc6}\ not found.
File G:\sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{355e9736-1609-11df-989b-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{355e9736-1609-11df-989b-001e652f4cc6}\ not found.
File G:\sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{355e9736-1609-11df-989b-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{355e9736-1609-11df-989b-001e652f4cc6}\ not found.
File G:\sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b9af8e2-9a9c-11de-982a-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b9af8f4-9a9c-11de-982a-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61f02bb7-d256-11de-9868-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61f02bb7-d256-11de-9868-001e652f4cc6}\ not found.
File E:\curice/elena.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61f02bb7-d256-11de-9868-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61f02bb7-d256-11de-9868-001e652f4cc6}\ not found.
File E:\curice/elena.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61f02bb7-d256-11de-9868-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61f02bb7-d256-11de-9868-001e652f4cc6}\ not found.
File E:\curice/elena.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885d63f4-2c84-11df-98a5-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{885d63f4-2c84-11df-98a5-001e652f4cc6}\ not found.
File COKOLADA//topljena.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2a7210-1fcf-11df-98a2-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c2a7210-1fcf-11df-98a2-001e652f4cc6}\ not found.
File F:\ALKOHOLU///zdravooo.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2a7210-1fcf-11df-98a2-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c2a7210-1fcf-11df-98a2-001e652f4cc6}\ not found.
File F:\ALKOHOLU///zdravooo.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c2a7210-1fcf-11df-98a2-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c2a7210-1fcf-11df-98a2-001e652f4cc6}\ not found.
File F:\ALKOHOLU///zdravooo.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa965ed8-24a2-11df-98a3-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa965ed8-24a2-11df-98a3-001e652f4cc6}\ not found.
File F:\sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa965ed8-24a2-11df-98a3-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa965ed8-24a2-11df-98a3-001e652f4cc6}\ not found.
File F:\sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa965ed8-24a2-11df-98a3-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa965ed8-24a2-11df-98a3-001e652f4cc6}\ not found.
File F:\sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be3384ff-991c-11de-9828-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be3384ff-991c-11de-9828-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be3384ff-991c-11de-9828-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be3384ff-991c-11de-9828-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be3384ff-991c-11de-9828-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be3384ff-991c-11de-9828-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be3384ff-991c-11de-9828-001e652f4cc6}\ not found.
File wscript.exe killvirus.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cefbc302-ce13-11de-985d-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cefbc302-ce13-11de-985d-001e652f4cc6}\ not found.
File F:\sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cefbc302-ce13-11de-985d-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cefbc302-ce13-11de-985d-001e652f4cc6}\ not found.
File F:\sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cefbc302-ce13-11de-985d-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cefbc302-ce13-11de-985d-001e652f4cc6}\ not found.
File F:\sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd3b392-f9e3-11de-988b-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd3b392-f9e3-11de-988b-001e652f4cc6}\ not found.
File F:\SLATKO/torta.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd3b392-f9e3-11de-988b-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd3b392-f9e3-11de-988b-001e652f4cc6}\ not found.
File F:\SLATKO/torta.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd3b392-f9e3-11de-988b-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd3b392-f9e3-11de-988b-001e652f4cc6}\ not found.
File F:\SLATKO/torta.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb199afd-9c1d-11de-9830-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb199afd-9c1d-11de-9830-001e652f4cc6}\ not found.
File F:\tmp/bak.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb199afd-9c1d-11de-9830-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb199afd-9c1d-11de-9830-001e652f4cc6}\ not found.
File F:\tmp/bak.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb199afd-9c1d-11de-9830-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb199afd-9c1d-11de-9830-001e652f4cc6}\ not found.
File F:\tmp/bak.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe7fb16b-17ec-11df-989e-001e652f4cc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe7fb16b-17ec-11df-989e-001e652f4cc6}\ not found.
File sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe7fb16b-17ec-11df-989e-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe7fb16b-17ec-11df-989e-001e652f4cc6}\ not found.
File sovittamrakar.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe7fb16b-17ec-11df-989e-001e652f4cc6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe7fb16b-17ec-11df-989e-001e652f4cc6}\ not found.
File sovittamrakar.exe not found.
C:\WINDOWS\System5537 Data.Repository moved successfully.
C:\Documents and Settings\Sakush\Application Data\Sys2662.Config.Repository.bin moved successfully.
C:\WINDOWS\system32\drivers\rotscxmktkmnqt.sys moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5 deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Sakush\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sakush\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Sakush\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sakush\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Sakush\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sakush\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Sakush\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sakush\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Error: Unable to interpret <[EMPTYJAVA] > in the current context!

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 321 bytes

User: All Users

User: Default User
->Flash cache emptied: 321 bytes

User: LocalService

User: NetworkService

User: Sakush
->Flash cache emptied: 2032357 bytes

Total Flash Files Cleaned = 2.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.0 log created on 04212012_193347

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

ComboFix

I can run my laptop only on safe mode so all the activites i carried out were in safe mode. It could not use internet connection. As a result. I could not install the "Recovery Console"

Here is the log of ComboFix

ComboFix 12-04-20.03 - Sakush 04/21/2012 19:55:51.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2617 [GMT 5.75:45]
Running from: c:\documents and settings\Sakush\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\Sakush\Application Data\dxdlls
c:\documents and settings\Sakush\Application Data\dxdlls\readme.html
c:\documents and settings\Sakush\Application Data\dxdlls\sovittamrakar.bmp
c:\documents and settings\Sakush\Application Data\Sakushlog.dat
c:\documents and settings\Sakush\Local Settings\Temporary Internet Files\Windows12111_ConfigRepository.bin
c:\documents and settings\Sakush\Recent\Thumbs.db
c:\documents and settings\Sakush\WINDOWS
c:\program files\Hotspot Shield\hssie\HsSIe.dll
C:\Thumbs.db
c:\windows\EventSystem.log
c:\windows\system32\ICAutoUpdate.log
c:\windows\system32\imapd.exe
c:\windows\system32\imapdb.exe
c:\windows\system32\imapdd.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 14:06 . 2012-04-21 14:06 75254 ----a-w- c:\documents and settings\All Users\Application Data\1335017161.bdinstall.bin
2012-04-21 13:48 . 2012-04-21 13:48 -------- d-----w- C:\_OTL
2012-04-14 10:02 . 2012-04-14 10:02 -------- d-----w- c:\program files\jv16 PowerTools 2011
2012-04-14 09:32 . 2012-04-14 09:32 -------- d-sh--w- c:\documents and settings\Sakush\IETldCache
2012-04-14 09:25 . 2012-04-14 09:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-04-14 09:22 . 2012-04-14 09:23 -------- dc-h--w- c:\windows\ie8
2012-04-14 09:22 . 2012-04-14 09:22 -------- d-----w- c:\windows\LastGood
2012-04-13 14:41 . 2012-04-13 17:14 -------- d-----w- C:\Rock Star Supernova
2012-04-13 05:15 . 2012-04-13 05:16 -------- d-----w- C:\Mission Impossible III (2006)
2012-04-13 05:14 . 2012-04-13 05:15 -------- d-----w- C:\Mission Impossible II (2000)
2012-04-13 05:13 . 2012-04-13 05:14 -------- d-----w- C:\Mission Impossible (1996)
2012-04-11 07:05 . 2012-04-11 07:05 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\bdch
2012-04-09 15:33 . 2010-12-21 05:55 14848 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2012-04-09 15:33 . 2010-12-21 05:55 12416 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2012-04-09 15:33 . 2010-12-21 05:55 123648 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2012-04-09 15:33 . 2010-12-21 05:55 100224 ----a-w- c:\windows\system32\drivers\ss_bserd.sys
2012-04-09 15:33 . 2010-12-21 05:55 98432 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2012-04-09 15:33 . 2010-12-21 05:55 12288 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2012-04-09 13:53 . 2012-04-09 13:53 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-04-09 12:58 . 2012-04-09 12:58 -------- d-----w- c:\program files\Common Files\Java
2012-04-09 12:58 . 2012-04-09 12:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-09 12:58 . 2012-04-09 12:58 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-09 12:58 . 2012-04-09 12:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-09 12:41 . 2012-04-09 14:50 -------- d-----w- c:\documents and settings\Sakush\Local Settings\Application Data\Samsung
2012-04-09 12:35 . 2012-03-28 16:26 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-04-09 12:35 . 2012-03-28 16:26 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-04-09 12:35 . 2012-03-28 16:26 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-04-09 12:35 . 2012-03-28 16:26 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-04-09 12:32 . 2012-04-09 12:32 -------- d-----w- c:\documents and settings\Sakush\Local Settings\Application Data\Downloaded Installations
2012-04-09 11:04 . 2012-04-09 11:04 -------- d-----w- c:\documents and settings\Sakush\Local Settings\Application Data\BlueStacks
2012-04-03 14:55 . 2012-04-09 12:11 -------- d-----w- C:\Mission Impossible Ghost Protocol (2011)
2012-04-02 15:06 . 2012-04-02 15:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 17:10 . 2012-04-01 17:10 -------- d-----w- C:\BitDefender Total Security 2012 (x86x64) include Patch{h33t}{mad dog}
2012-04-01 15:05 . 2012-04-01 15:05 -------- d-----w- c:\documents and settings\Sakush\Application Data\Intel
2012-04-01 15:05 . 2012-04-01 15:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2012-04-01 15:05 . 2012-04-01 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2012-04-01 15:05 . 2012-04-01 15:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2012-04-01 15:05 . 2011-12-12 02:20 7477120 ----a-w- c:\windows\system32\drivers\NETwNx32.sys
2012-04-01 15:05 . 2010-05-18 15:46 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2012-04-01 15:05 . 2010-05-18 15:44 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2012-04-01 15:04 . 2012-04-01 15:04 -------- d-----w- c:\program files\Common Files\Intel
2012-04-01 14:54 . 2012-04-01 14:54 -------- d-----w- c:\program files\SystemRequirementsLab
2012-04-01 14:53 . 2012-04-01 14:53 -------- d-----w- c:\documents and settings\Sakush\Application Data\SystemRequirementsLab
2012-03-28 10:27 . 2012-03-28 10:31 -------- d-----w- C:\Stacy Schiff - Cleopatra_A Life
2012-03-28 10:19 . 2012-04-21 13:27 -------- d-----w- C:\The Silmarillion (444)
2012-03-28 10:10 . 2012-03-28 10:18 -------- d-----w- C:\The Silmarillion (AudioBook & E-Book)
2012-03-26 21:08 . 2012-03-26 21:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Bitdefender
2012-03-26 21:03 . 2012-04-01 17:09 -------- d-----w- C:\Nrwcf
2012-03-26 20:50 . 2012-03-26 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2012-03-26 20:24 . 2012-03-30 16:54 611520 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-26 20:23 . 2012-03-26 20:23 63056 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-03-26 20:22 . 2012-03-26 20:22 447208 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-03-26 20:19 . 2012-04-21 13:27 -------- d-----w- C:\F1 - 2012
2012-03-26 17:44 . 2012-03-26 17:44 -------- d-----w- c:\documents and settings\Sakush\Local Settings\Application Data\bdch
2012-03-26 17:39 . 2012-03-26 17:39 528423 ----a-w- c:\documents and settings\All Users\Application Data\1332783350.bdinstall.bin
2012-03-26 17:38 . 2012-03-26 17:41 -------- d-----w- c:\documents and settings\Sakush\Application Data\Bitdefender
2012-03-26 17:11 . 2012-03-26 17:11 21611 ----a-w- c:\documents and settings\All Users\Application Data\1332781903.bdinstall.bin
2012-03-25 18:26 . 2012-03-25 18:26 -------- d-----w- c:\program files\Western Digital Technologies
2012-03-25 13:07 . 2012-03-13 04:39 97208 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-03-25 13:07 . 2012-03-13 04:39 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-25 13:07 . 2012-03-13 04:39 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-25 13:07 . 2012-03-13 04:38 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-25 13:07 . 2012-03-13 04:38 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-25 13:07 . 2012-03-13 04:38 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 15:06 . 2011-08-13 19:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-26 18:09 . 2011-03-01 12:00 113616 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2012-03-26 18:09 . 2011-07-15 10:26 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-03-26 17:08 . 2011-02-21 08:23 1540166 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin
2012-02-29 10:12 . 2012-02-29 10:12 2 --shatr- c:\windows\winstart.bat
2010-07-08 04:52 . 2010-07-08 04:52 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2012-03-13 04:39 . 2012-03-25 13:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\Team JPN\Fifa 2010\Uninstaller .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-07-13 05:43 241752 ----a-w- c:\windows\system32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-03-26 20:22 239112 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-03-26 20:22 239112 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-03-26 20:22 239112 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-03-26 20:22 239112 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2009-04-03 247080]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2009-07-13 323584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2008-12-20 449088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-22 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-22 163328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-22 138752]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"WD Spindown Utility"="c:\program files\Western Digital Technologies\Spindown\ExSpinDn.exe" [2004-08-09 278528]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-30 1183616]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-12-23 1407248]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-12-23 1210640]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-30 3521424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"InstallerLauncher"="c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\SetupLauncher.exe" [2011-07-22 428632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-31 04:25 136176 ----atw- c:\documents and settings\Sakush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-03-30 22:53 954256 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-03-30 22:53 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 04:32 5252408 ------w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 23:44 3883856 ------w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2011-11-01 09:55 1053056 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-04-25 15:15 244208 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA Sports\\FIFA 09\\FIFA09.exe"=
"c:\\Program Files\\Team JPN\\Fifa 2010\\FIFA10.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=
"c:\\Documents and Settings\\Sakush\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\EA Sports\\MyProg\\Game\\fifa.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Maxthon3\\Modules\\MxMiniThunder\\ThunderMini.exe"=
"c:\\Program Files\\Maxthon3\\Bin\\Maxthon.exe"=
"c:\\Program Files\\Maxthon3\\Bin\\MxUp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/10/2010 10:01 PM 691696]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [5/25/2006 12:33 AM 10240]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [7/15/2011 4:11 PM 240184]
S0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [3/27/2012 2:09 AM 611520]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [1/19/2010 7:32 PM 85128]
S1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [7/25/2010 12:00 PM 12800]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/10/2008 6:35 AM 46144]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/05 18:35];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [3/13/2010 12:58 PM 87536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [9/11/2008 12:34 PM 54560]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [8/13/2010 10:01 PM 217088]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [1/9/2010 5:27 AM 285744]
S2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [7/25/2010 12:00 PM 114688]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 9:03 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 9:01 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 9:00 PM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/15/2012 1:30 PM 158856]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/25/2008 4:19 AM 520192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/10/2008 6:35 AM 360448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 8:51 PM 253600]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [3/27/2012 2:07 AM 447208]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfndisf.sys [3/1/2011 5:45 PM 113616]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [3/27/2012 2:08 AM 63056]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [7/31/2011 7:18 AM 2428968]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [4/9/2012 6:20 PM 20032]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\documents and settings\Sakush\Desktop\everest\Everest_Ultimate_Build_2253\kerneld.wnt --> c:\documents and settings\Sakush\Desktop\everest\Everest_Ultimate_Build_2253\kerneld.wnt [?]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [7/13/2009 11:23 AM 116224]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [7/13/2009 11:18 AM 97536]
S3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [4/1/2012 8:50 PM 7477120]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 9:03 PM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 9:00 PM 1120752]
S3 SafeBox;SafeBox;c:\program files\BitDefender\Bitdefender Safebox\safeboxservice.exe [7/22/2011 5:24 PM 67120]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [4/9/2012 9:18 PM 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [4/9/2012 9:18 PM 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [4/9/2012 9:18 PM 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [4/9/2012 9:18 PM 100224]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/23/2008 4:39 AM 37312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:06]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2955907764-2073543447-3033106246-1008Core.job
- c:\documents and settings\Sakush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-31 04:25]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2955907764-2073543447-3033106246-1008UA.job
- c:\documents and settings\Sakush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-31 04:25]
.
2012-03-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-GamePad Fix - c:\program files\EA Sports\EA SPORTS FIFA 12 Demo\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-21 20:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Sakush\Desktop\everest\Everest_Ultimate_Build_2253\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vaaur8rPygA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-2955907764-2073543447-3033106246-1008\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Documents and Settings\\Sakush\\My Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Documents and Settings\\Sakush\\My Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Documents and Settings\\Sakush\\My Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Documents and Settings\\Sakush\\My Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Sakush\\My Documents\\Sports Interactive\\Football Manager 2010\\sakush1 (Backup).fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006f
"UniqueID"="E5-8380-E6EF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-2955907764-2073543447-3033106246-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2955907764-2073543447-3033106246-1008\Software\SecuROM\License information*]
"datasecu"=hex:26,6c,ce,69,bb,49,56,64,b5,07,98,ce,5a,60,6a,2c,97,a8,c4,90,b6,
74,97,9b,35,a5,73,3c,bb,cc,fc,03,5b,e2,38,c0,f1,1b,b2,59,ba,9a,7d,de,cf,6f,\
"rkeysecu"=hex:cd,e7,4a,c1,69,73,bf,50,34,f1,eb,1f,0d,d4,40,68
.
Completion time: 2012-04-21 20:09:08
ComboFix-quarantined-files.txt 2012-04-21 14:23
.
Pre-Run: 15,365,599,232 bytes free
Post-Run: 15,971,975,168 bytes free
.
- - End Of File - - 99EDC03C430507A1677DB2C402AF5BB4


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  • 0

#4
Steven Burnish

Steven Burnish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
TDSSKiller

Log of the first run


23:44:00.0953 1120 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
23:44:01.0015 1120 ============================================================
23:44:01.0015 1120 Current date / time: 2012/04/22 23:44:01.0015
23:44:01.0015 1120 SystemInfo:
23:44:01.0015 1120
23:44:01.0015 1120 OS Version: 5.1.2600 ServicePack: 3.0
23:44:01.0015 1120 Product type: Workstation
23:44:01.0015 1120 ComputerName: LENOVO-832649CA
23:44:01.0015 1120 UserName: Sakush
23:44:01.0015 1120 Windows directory: C:\WINDOWS
23:44:01.0015 1120 System windows directory: C:\WINDOWS
23:44:01.0015 1120 Processor architecture: Intel x86
23:44:01.0015 1120 Number of processors: 2
23:44:01.0015 1120 Page size: 0x1000
23:44:01.0015 1120 Boot type: Safe boot
23:44:01.0015 1120 ============================================================
23:44:12.0296 1120 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:44:12.0296 1120 \Device\Harddisk0\DR0:
23:44:12.0296 1120 MBR partitions:
23:44:12.0296 1120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1C981000
23:44:12.0437 1120 C: <-> \Device\Harddisk0\DR0\Partition0
23:44:12.0671 1120 Initialize success
23:44:12.0671 1120 ============================================================
23:44:29.0078 1168 ============================================================
23:44:29.0078 1168 Scan started
23:44:29.0078 1168 Mode: Manual;
23:44:29.0078 1168 ============================================================
23:44:29.0906 1168 Abiosdsk - ok
23:44:30.0093 1168 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:44:30.0093 1168 abp480n5 - ok
23:44:30.0296 1168 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:44:30.0296 1168 ACPI - ok
23:44:30.0500 1168 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:44:30.0500 1168 ACPIEC - ok
23:44:30.0687 1168 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:44:30.0687 1168 AdobeFlashPlayerUpdateSvc - ok
23:44:30.0890 1168 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:44:30.0890 1168 adpu160m - ok
23:44:31.0109 1168 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:44:31.0109 1168 aec - ok
23:44:31.0312 1168 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:44:31.0312 1168 AFD - ok
23:44:31.0515 1168 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:44:31.0515 1168 agp440 - ok
23:44:31.0703 1168 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:44:31.0703 1168 agpCPQ - ok
23:44:31.0906 1168 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:44:31.0906 1168 Aha154x - ok
23:44:32.0078 1168 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:44:32.0078 1168 aic78u2 - ok
23:44:32.0281 1168 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:44:32.0281 1168 aic78xx - ok
23:44:32.0437 1168 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:44:32.0437 1168 Alerter - ok
23:44:32.0609 1168 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:44:32.0609 1168 ALG - ok
23:44:32.0796 1168 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:44:32.0796 1168 AliIde - ok
23:44:33.0000 1168 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:44:33.0000 1168 alim1541 - ok
23:44:33.0187 1168 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:44:33.0187 1168 amdagp - ok
23:44:33.0390 1168 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:44:33.0390 1168 amsint - ok
23:44:33.0578 1168 ApfiltrService (0f83cb9bcb247869bcad28026b8f134b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
23:44:33.0593 1168 ApfiltrService - ok
23:44:33.0687 1168 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:44:33.0687 1168 Apple Mobile Device - ok
23:44:33.0859 1168 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
23:44:33.0859 1168 AppMgmt - ok
23:44:34.0062 1168 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:44:34.0078 1168 Arp1394 - ok
23:44:34.0250 1168 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:44:34.0250 1168 asc - ok
23:44:34.0453 1168 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:44:34.0453 1168 asc3350p - ok
23:44:34.0640 1168 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:44:34.0640 1168 asc3550 - ok
23:44:34.0859 1168 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:44:34.0937 1168 aspnet_state - ok
23:44:35.0140 1168 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:44:35.0140 1168 AsyncMac - ok
23:44:35.0328 1168 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:44:35.0328 1168 atapi - ok
23:44:35.0500 1168 Atdisk - ok
23:44:35.0703 1168 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:44:35.0703 1168 Atmarpc - ok
23:44:35.0875 1168 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:44:35.0875 1168 AudioSrv - ok
23:44:36.0078 1168 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:44:36.0078 1168 audstub - ok
23:44:36.0296 1168 avc3 (f0c0e213d6d811384a49981adff0b6c0) C:\WINDOWS\system32\DRIVERS\avc3.sys
23:44:36.0312 1168 avc3 - ok
23:44:36.0515 1168 avchv (a64529781e5b9cc454666a33a24e3e1d) C:\WINDOWS\system32\DRIVERS\avchv.sys
23:44:36.0515 1168 avchv - ok
23:44:36.0718 1168 avckf (2bce314a25e71298add6794bfbd66266) C:\WINDOWS\system32\DRIVERS\avckf.sys
23:44:36.0718 1168 avckf - ok
23:44:36.0890 1168 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23:44:36.0890 1168 b57w2k - ok
23:44:37.0015 1168 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
23:44:37.0015 1168 BcmSqlStartupSvc - ok
23:44:37.0140 1168 Bdfndisf (ab9f7295010ae9b9399746a02f044cc5) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
23:44:37.0140 1168 Bdfndisf - ok
23:44:37.0265 1168 bdftdif (f7d825f7e47d8a7865f5d2156b1b7a24) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
23:44:37.0265 1168 bdftdif - ok
23:44:37.0500 1168 bdsandbox (e260c0079b5c1107b87e98f356292004) C:\WINDOWS\system32\drivers\bdsandbox.sys
23:44:37.0500 1168 bdsandbox - ok
23:44:37.0687 1168 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
23:44:37.0687 1168 BDVEDISK - ok
23:44:37.0890 1168 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:44:37.0890 1168 Beep - ok
23:44:38.0046 1168 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:44:38.0234 1168 BITS - ok
23:44:38.0359 1168 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
23:44:38.0359 1168 Bonjour Service - ok
23:44:38.0531 1168 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:44:38.0531 1168 Browser - ok
23:44:38.0765 1168 Cam5607 (631783a00f11ea25abf597c9c33053d0) C:\WINDOWS\system32\Drivers\BisonC07.sys
23:44:38.0796 1168 Cam5607 - ok
23:44:38.0921 1168 catchme - ok
23:44:39.0046 1168 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:44:39.0046 1168 cbidf - ok
23:44:39.0218 1168 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:44:39.0218 1168 cbidf2k - ok
23:44:39.0406 1168 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:44:39.0421 1168 CCDECODE - ok
23:44:39.0593 1168 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:44:39.0593 1168 cd20xrnt - ok
23:44:39.0781 1168 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:44:39.0781 1168 Cdaudio - ok
23:44:39.0984 1168 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:44:39.0984 1168 Cdfs - ok
23:44:40.0187 1168 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:44:40.0187 1168 Cdrom - ok
23:44:40.0734 1168 CGVPNCliSrvc (8fa3860fa448ccf9eae4de6bef190735) C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
23:44:40.0906 1168 CGVPNCliSrvc - ok
23:44:41.0062 1168 Changer - ok
23:44:41.0109 1168 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:44:41.0109 1168 CiSvc - ok
23:44:41.0125 1168 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:44:41.0125 1168 ClipSrv - ok
23:44:41.0234 1168 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:44:41.0281 1168 clr_optimization_v2.0.50727_32 - ok
23:44:41.0453 1168 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:44:41.0453 1168 clr_optimization_v4.0.30319_32 - ok
23:44:41.0656 1168 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:44:41.0656 1168 CmBatt - ok
23:44:41.0703 1168 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:44:41.0703 1168 CmdIde - ok
23:44:41.0906 1168 CnxtHdAudService (e2d7f6af93fe72dd840802797fafe4d3) C:\WINDOWS\system32\drivers\CHDAU32.sys
23:44:41.0921 1168 CnxtHdAudService - ok
23:44:42.0125 1168 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:44:42.0125 1168 Compbatt - ok
23:44:42.0156 1168 COMSysApp - ok
23:44:42.0203 1168 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:44:42.0203 1168 Cpqarray - ok
23:44:42.0281 1168 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
23:44:42.0281 1168 cpudrv - ok
23:44:42.0421 1168 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:44:42.0421 1168 CryptSvc - ok
23:44:42.0531 1168 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:44:42.0531 1168 dac2w2k - ok
23:44:42.0656 1168 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:44:42.0656 1168 dac960nt - ok
23:44:42.0703 1168 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:44:42.0718 1168 DcomLaunch - ok
23:44:42.0906 1168 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
23:44:42.0906 1168 dgderdrv - ok
23:44:42.0953 1168 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:44:42.0953 1168 Dhcp - ok
23:44:43.0156 1168 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:43.0156 1168 Disk - ok
23:44:43.0203 1168 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
23:44:43.0218 1168 DLABMFSM - ok
23:44:43.0328 1168 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
23:44:43.0328 1168 DLABOIOM - ok
23:44:43.0359 1168 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
23:44:43.0359 1168 DLACDBHM - ok
23:44:43.0453 1168 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS
23:44:43.0453 1168 DLADResM - ok
23:44:43.0484 1168 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
23:44:43.0484 1168 DLAIFS_M - ok
23:44:43.0609 1168 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
23:44:43.0609 1168 DLAOPIOM - ok
23:44:43.0656 1168 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
23:44:43.0656 1168 DLAPoolM - ok
23:44:43.0812 1168 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
23:44:43.0828 1168 DLARTL_M - ok
23:44:43.0843 1168 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
23:44:43.0843 1168 DLAUDFAM - ok
23:44:43.0968 1168 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
23:44:43.0968 1168 DLAUDF_M - ok
23:44:43.0984 1168 dmadmin - ok
23:44:44.0125 1168 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:44:44.0140 1168 dmboot - ok
23:44:44.0359 1168 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:44:44.0375 1168 dmio - ok
23:44:44.0390 1168 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:44:44.0390 1168 dmload - ok
23:44:44.0421 1168 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:44:44.0437 1168 dmserver - ok
23:44:44.0546 1168 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:44:44.0546 1168 DMusic - ok
23:44:44.0593 1168 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:44:44.0593 1168 Dnscache - ok
23:44:44.0734 1168 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:44:44.0734 1168 Dot3svc - ok
23:44:44.0812 1168 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:44:44.0812 1168 dpti2o - ok
23:44:45.0000 1168 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:44:45.0000 1168 drmkaud - ok
23:44:45.0046 1168 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
23:44:45.0046 1168 DRVMCDB - ok
23:44:45.0171 1168 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
23:44:45.0171 1168 DRVNDDM - ok
23:44:45.0234 1168 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:44:45.0234 1168 EapHost - ok
23:44:45.0375 1168 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:44:45.0375 1168 ERSvc - ok
23:44:45.0437 1168 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:44:45.0437 1168 Eventlog - ok
23:44:45.0656 1168 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:44:45.0718 1168 EventSystem - ok
23:44:45.0859 1168 EverestDriver - ok
23:44:46.0031 1168 EvtEng (f969b2632fc5ace069a1fb9decf5581b) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:44:46.0062 1168 EvtEng - ok
23:44:46.0265 1168 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:44:46.0265 1168 Fastfat - ok
23:44:46.0312 1168 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:44:46.0312 1168 FastUserSwitchingCompatibility - ok
23:44:46.0531 1168 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:44:46.0531 1168 Fdc - ok
23:44:46.0546 1168 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:44:46.0546 1168 Fips - ok
23:44:46.0578 1168 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:44:46.0578 1168 Flpydisk - ok
23:44:46.0593 1168 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:44:46.0593 1168 FltMgr - ok
23:44:46.0718 1168 FNF5SVC (c4c9a48c3339b6335f8f0db1f47bb668) C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
23:44:46.0718 1168 FNF5SVC - ok
23:44:46.0906 1168 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:44:46.0906 1168 FontCache3.0.0.0 - ok
23:44:46.0984 1168 FsUsbExService (f96c429788350db4ba6771c3034dfd88) C:\WINDOWS\system32\FsUsbExService.Exe
23:44:46.0984 1168 FsUsbExService - ok
23:44:47.0062 1168 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:44:47.0062 1168 Fs_Rec - ok
23:44:47.0218 1168 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:44:47.0218 1168 Ftdisk - ok
23:44:47.0265 1168 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:44:47.0281 1168 GEARAspiWDM - ok
23:44:47.0390 1168 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:44:47.0390 1168 Gpc - ok
23:44:47.0421 1168 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:44:47.0421 1168 HDAudBus - ok
23:44:47.0500 1168 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:44:47.0500 1168 helpsvc - ok
23:44:47.0562 1168 HidServ - ok
23:44:47.0656 1168 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:44:47.0656 1168 HidUsb - ok
23:44:47.0765 1168 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:44:47.0765 1168 hkmsvc - ok
23:44:47.0906 1168 HotspotShieldService (fbcc7ff08e18a0b06d012c558fb00f05) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
23:44:47.0906 1168 HotspotShieldService - ok
23:44:48.0078 1168 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:44:48.0078 1168 hpn - ok
23:44:48.0156 1168 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:44:48.0156 1168 HSFHWAZL - ok
23:44:48.0312 1168 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:44:48.0328 1168 HSF_DPV - ok
23:44:48.0484 1168 HssSrv (d5687c8c02df0eb4687b044a10df5cb4) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
23:44:48.0500 1168 HssSrv - ok
23:44:48.0562 1168 HssTrayService (c5bf8240e12ef056bfd6838abc8bb916) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
23:44:48.0562 1168 HssTrayService - ok
23:44:48.0578 1168 HssWd (cd85ba2ba40f0fb7b5231c780d9b6057) C:\Program Files\Hotspot Shield\bin\hsswd.exe
23:44:48.0593 1168 HssWd - ok
23:44:48.0781 1168 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:44:48.0781 1168 HTTP - ok
23:44:48.0953 1168 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:44:48.0953 1168 HTTPFilter - ok
23:44:49.0062 1168 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:44:49.0062 1168 i2omgmt - ok
23:44:49.0203 1168 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:44:49.0203 1168 i2omp - ok
23:44:49.0234 1168 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:44:49.0234 1168 i8042prt - ok
23:44:49.0421 1168 ialm (2f91ca49fb204262d234cae40e51c8cd) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:44:49.0468 1168 ialm - ok
23:44:49.0703 1168 iaStor (80c633722da72e97f3f5b3b11325696d) C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:44:49.0703 1168 iaStor - ok
23:44:49.0890 1168 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:44:49.0890 1168 IDriverT - ok
23:44:50.0140 1168 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:44:50.0156 1168 idsvc - ok
23:44:50.0406 1168 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:44:50.0406 1168 Imapi - ok
23:44:50.0453 1168 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:44:50.0453 1168 ImapiService - ok
23:44:50.0609 1168 InCDFs - ok
23:44:50.0625 1168 InCDPass - ok
23:44:50.0640 1168 InCDRm - ok
23:44:50.0671 1168 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:44:50.0671 1168 ini910u - ok
23:44:50.0734 1168 IntcHdmiAddService (f5c70e41b19d33cc764998786ab74165) C:\WINDOWS\system32\drivers\IntcHdmi.sys
23:44:50.0734 1168 IntcHdmiAddService - ok
23:44:50.0781 1168 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:44:50.0781 1168 IntelIde - ok
23:44:50.0828 1168 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:44:50.0828 1168 intelppm - ok
23:44:50.0859 1168 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:44:50.0859 1168 Ip6Fw - ok
23:44:50.0875 1168 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:44:50.0875 1168 IpFilterDriver - ok
23:44:50.0906 1168 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:44:50.0921 1168 IpInIp - ok
23:44:51.0015 1168 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:44:51.0015 1168 IpNat - ok
23:44:51.0109 1168 iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe
23:44:51.0125 1168 iPod Service - ok
23:44:51.0328 1168 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:44:51.0328 1168 IPSec - ok
23:44:51.0375 1168 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:44:51.0375 1168 IRENUM - ok
23:44:51.0421 1168 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:44:51.0421 1168 isapnp - ok
23:44:51.0531 1168 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
23:44:51.0531 1168 IviRegMgr - ok
23:44:51.0656 1168 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
23:44:51.0765 1168 JavaQuickStarterService - ok
23:44:51.0953 1168 JMCR (a69a1b991824b98f744913555f665893) C:\WINDOWS\system32\DRIVERS\jmcr.sys
23:44:51.0953 1168 JMCR - ok
23:44:52.0000 1168 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:44:52.0000 1168 Kbdclass - ok
23:44:52.0078 1168 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:44:52.0093 1168 kmixer - ok
23:44:52.0140 1168 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:44:52.0156 1168 KSecDD - ok
23:44:52.0312 1168 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:44:52.0312 1168 LanmanServer - ok
23:44:52.0359 1168 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:44:52.0390 1168 lanmanworkstation - ok
23:44:52.0531 1168 lbrtfdc - ok
23:44:52.0609 1168 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:44:52.0609 1168 LmHosts - ok
23:44:52.0687 1168 mdf15 (7ad11a5b5ea3bb3093a24c85e653ce54) C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys
23:44:52.0687 1168 mdf15 - ok
23:44:52.0875 1168 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:44:52.0875 1168 mdmxsdk - ok
23:44:52.0921 1168 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:44:52.0921 1168 Messenger - ok
23:44:53.0000 1168 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:44:53.0000 1168 mnmdd - ok
23:44:53.0078 1168 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:44:53.0078 1168 mnmsrvc - ok
23:44:53.0093 1168 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:44:53.0109 1168 Modem - ok
23:44:53.0156 1168 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:44:53.0156 1168 Mouclass - ok
23:44:53.0234 1168 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:44:53.0234 1168 mouhid - ok
23:44:53.0281 1168 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:44:53.0281 1168 MountMgr - ok
23:44:53.0437 1168 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:44:53.0437 1168 mraid35x - ok
23:44:53.0609 1168 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:44:53.0625 1168 MRxDAV - ok
23:44:53.0796 1168 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:44:53.0812 1168 MRxSmb - ok
23:44:53.0984 1168 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:44:53.0984 1168 MSDTC - ok
23:44:54.0062 1168 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:44:54.0062 1168 Msfs - ok
23:44:54.0078 1168 MSIServer - ok
23:44:54.0125 1168 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:44:54.0125 1168 MSKSSRV - ok
23:44:54.0140 1168 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:44:54.0140 1168 MSPCLOCK - ok
23:44:54.0171 1168 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:44:54.0171 1168 MSPQM - ok
23:44:54.0250 1168 MSR Service (9da8fd98e368730e38589aa1952ac37f) C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
23:44:54.0250 1168 MSR Service - ok
23:44:54.0453 1168 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:44:54.0453 1168 mssmbios - ok
23:44:54.0562 1168 MSSQL$MSSMLBIZ - ok
23:44:54.0625 1168 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
23:44:54.0625 1168 MSSQLServerADHelper - ok
23:44:54.0828 1168 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:44:54.0828 1168 MSTEE - ok
23:44:54.0859 1168 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:44:54.0859 1168 Mup - ok
23:44:55.0000 1168 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:44:55.0000 1168 NABTSFEC - ok
23:44:55.0062 1168 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:44:55.0078 1168 napagent - ok
23:44:55.0125 1168 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:44:55.0125 1168 NDIS - ok
23:44:55.0296 1168 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:44:55.0296 1168 NdisIP - ok
23:44:55.0343 1168 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:44:55.0343 1168 NdisTapi - ok
23:44:55.0375 1168 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:44:55.0375 1168 Ndisuio - ok
23:44:55.0390 1168 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:44:55.0390 1168 NdisWan - ok
23:44:55.0421 1168 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:44:55.0421 1168 NDProxy - ok
23:44:55.0609 1168 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:44:55.0609 1168 NetBIOS - ok
23:44:55.0625 1168 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:44:55.0625 1168 NetBT - ok
23:44:55.0703 1168 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:44:55.0703 1168 NetDDE - ok
23:44:55.0718 1168 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:44:55.0718 1168 NetDDEdsdm - ok
23:44:55.0765 1168 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:44:55.0765 1168 Netlogon - ok
23:44:55.0812 1168 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:44:55.0828 1168 Netman - ok
23:44:55.0937 1168 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:44:55.0953 1168 NetTcpPortSharing - ok
23:44:56.0234 1168 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
23:44:56.0328 1168 NETw5x32 - ok
23:44:56.0734 1168 NETwNx32 (78edacb732c05f6a7b15856929e6fe5f) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
23:44:56.0937 1168 NETwNx32 - ok
23:44:57.0156 1168 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:44:57.0156 1168 NIC1394 - ok
23:44:57.0234 1168 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:44:57.0234 1168 Nla - ok
23:44:57.0343 1168 nmwcd (b0a67de1a128389aea4d42c5a56215fd) C:\WINDOWS\system32\drivers\ccdcmb.sys
23:44:57.0343 1168 nmwcd - ok
23:44:57.0375 1168 nmwcdc (025c54f9f8c8bc1894ea38529c742c54) C:\WINDOWS\system32\drivers\ccdcmbo.sys
23:44:57.0375 1168 nmwcdc - ok
23:44:57.0500 1168 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:44:57.0500 1168 Npfs - ok
23:44:57.0546 1168 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:44:57.0562 1168 Ntfs - ok
23:44:57.0718 1168 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:44:57.0718 1168 NtLmSsp - ok
23:44:57.0781 1168 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:44:57.0796 1168 NtmsSvc - ok
23:44:57.0875 1168 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:44:57.0875 1168 Null - ok
23:44:57.0953 1168 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:44:57.0953 1168 NwlnkFlt - ok
23:44:57.0968 1168 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:44:57.0968 1168 NwlnkFwd - ok
23:44:58.0140 1168 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:44:58.0156 1168 odserv - ok
23:44:58.0343 1168 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:44:58.0343 1168 ohci1394 - ok
23:44:58.0437 1168 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:44:58.0437 1168 ose - ok
23:44:58.0640 1168 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:44:58.0640 1168 Parport - ok
23:44:58.0640 1168 Partizan - ok
23:44:58.0687 1168 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:44:58.0687 1168 PartMgr - ok
23:44:58.0718 1168 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:44:58.0718 1168 ParVdm - ok
23:44:58.0765 1168 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
23:44:58.0765 1168 pccsmcfd - ok
23:44:58.0812 1168 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:44:58.0812 1168 PCI - ok
23:44:58.0828 1168 PCIDump - ok
23:44:58.0875 1168 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:44:58.0875 1168 PCIIde - ok
23:44:58.0921 1168 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:44:58.0921 1168 Pcmcia - ok
23:44:58.0937 1168 PDCOMP - ok
23:44:58.0953 1168 PDFRAME - ok
23:44:58.0968 1168 PDRELI - ok
23:44:58.0984 1168 PDRFRAME - ok
23:44:59.0015 1168 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:44:59.0015 1168 perc2 - ok
23:44:59.0046 1168 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:44:59.0062 1168 perc2hib - ok
23:44:59.0125 1168 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:44:59.0125 1168 PlugPlay - ok
23:44:59.0203 1168 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
23:44:59.0203 1168 pmem - ok
23:44:59.0250 1168 PMHler (c6114ccd63db3925a0450b1089ece503) C:\WINDOWS\system32\drivers\PMHler.sys
23:44:59.0250 1168 PMHler - ok
23:44:59.0328 1168 PMSveH (29a26236447e5b5e3fce5e33168c43e0) C:\Program Files\Lenovo\PMDriver\PMSveH.exe
23:44:59.0343 1168 PMSveH - ok
23:44:59.0484 1168 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:44:59.0484 1168 PolicyAgent - ok
23:44:59.0578 1168 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:44:59.0578 1168 PptpMiniport - ok
23:44:59.0578 1168 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:44:59.0578 1168 ProtectedStorage - ok
23:44:59.0625 1168 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
23:44:59.0625 1168 psadd - ok
23:44:59.0687 1168 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:44:59.0687 1168 PSched - ok
23:44:59.0703 1168 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:44:59.0703 1168 Ptilink - ok
23:44:59.0750 1168 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:44:59.0750 1168 PxHelp20 - ok
23:44:59.0781 1168 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:44:59.0781 1168 ql1080 - ok
23:44:59.0796 1168 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:44:59.0796 1168 Ql10wnt - ok
23:44:59.0843 1168 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:44:59.0843 1168 ql12160 - ok
23:44:59.0843 1168 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:44:59.0859 1168 ql1240 - ok
23:44:59.0875 1168 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:44:59.0875 1168 ql1280 - ok
23:44:59.0906 1168 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:44:59.0906 1168 RasAcd - ok
23:44:59.0953 1168 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:44:59.0953 1168 RasAuto - ok
23:44:59.0984 1168 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:44:59.0984 1168 Rasl2tp - ok
23:45:00.0015 1168 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:45:00.0015 1168 RasMan - ok
23:45:00.0031 1168 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:45:00.0031 1168 RasPppoe - ok
23:45:00.0062 1168 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:45:00.0062 1168 Raspti - ok
23:45:00.0093 1168 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:45:00.0093 1168 Rdbss - ok
23:45:00.0109 1168 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:45:00.0109 1168 RDPCDD - ok
23:45:00.0171 1168 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:45:00.0171 1168 rdpdr - ok
23:45:00.0218 1168 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:45:00.0218 1168 RDPWD - ok
23:45:00.0281 1168 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:45:00.0281 1168 RDSessMgr - ok
23:45:00.0328 1168 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:45:00.0328 1168 redbook - ok
23:45:00.0468 1168 RegSrvc (9155c9cd54f1f8f85b68440d896b6d63) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:45:00.0484 1168 RegSrvc - ok
23:45:00.0656 1168 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:45:00.0656 1168 RemoteAccess - ok
23:45:00.0703 1168 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
23:45:00.0718 1168 RemoteRegistry - ok
23:45:00.0750 1168 riuwivxeismqenev - ok
23:45:00.0890 1168 Roxio UPnP Renderer 10 (ada991d7a02130fa78413281a134330b) C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
23:45:00.0906 1168 Roxio UPnP Renderer 10 - ok
23:45:00.0937 1168 Roxio Upnp Server 10 (11f07111105072f81c03a437423e88ee) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
23:45:00.0937 1168 Roxio Upnp Server 10 - ok
23:45:01.0031 1168 RoxLiveShare10 (7c334636b539fbfa65bd3b6da75b9d30) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
23:45:01.0046 1168 RoxLiveShare10 - ok
23:45:01.0093 1168 RoxMediaDB10 (eb9eeb379848f356797eb9ef31114ca5) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
23:45:01.0125 1168 RoxMediaDB10 - ok
23:45:01.0187 1168 RoxWatch10 (640e33efb13278bedd3699dfa88185e5) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
23:45:01.0187 1168 RoxWatch10 - ok
23:45:01.0328 1168 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:45:01.0343 1168 RpcLocator - ok
23:45:01.0390 1168 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
23:45:01.0406 1168 RpcSs - ok
23:45:01.0453 1168 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:45:01.0453 1168 RSVP - ok
23:45:01.0578 1168 S24EventMonitor (f911b1afe543be0797001f30226b8b0a) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
23:45:01.0593 1168 S24EventMonitor - ok
23:45:01.0812 1168 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
23:45:01.0828 1168 s24trans - ok
23:45:01.0984 1168 SafeBox (d5291db188e4423f3696ca550edeb876) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
23:45:01.0984 1168 SafeBox - ok
23:45:02.0140 1168 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:45:02.0140 1168 SamSs - ok
23:45:02.0187 1168 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:45:02.0187 1168 SCardSvr - ok
23:45:02.0281 1168 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
23:45:02.0281 1168 SCDEmu - ok
23:45:02.0312 1168 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:45:02.0312 1168 Schedule - ok
23:45:02.0375 1168 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:45:02.0375 1168 sdbus - ok
23:45:02.0500 1168 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:45:02.0500 1168 SeaPort - ok
23:45:02.0687 1168 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:45:02.0687 1168 Secdrv - ok
23:45:02.0718 1168 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:45:02.0718 1168 seclogon - ok
23:45:02.0843 1168 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:45:02.0843 1168 SENS - ok
23:45:02.0906 1168 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:45:02.0906 1168 Serial - ok
23:45:03.0062 1168 ServiceLayer (668043f192ab9659761a349a4703600d) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:45:03.0078 1168 ServiceLayer - ok
23:45:03.0218 1168 SessionLauncher - ok
23:45:03.0375 1168 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:45:03.0375 1168 Sfloppy - ok
23:45:03.0453 1168 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:45:03.0453 1168 SharedAccess - ok
23:45:03.0593 1168 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:45:03.0593 1168 ShellHWDetection - ok
23:45:03.0656 1168 Simbad - ok
23:45:03.0718 1168 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:45:03.0718 1168 sisagp - ok
23:45:03.0828 1168 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
23:45:03.0828 1168 SkypeUpdate - ok
23:45:04.0000 1168 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:45:04.0000 1168 SLIP - ok
23:45:04.0062 1168 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:45:04.0062 1168 Sparrow - ok
23:45:04.0250 1168 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:45:04.0250 1168 splitter - ok
23:45:04.0312 1168 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:45:04.0312 1168 Spooler - ok
23:45:04.0500 1168 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
23:45:04.0500 1168 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
23:45:04.0500 1168 sptd ( LockedFile.Multi.Generic ) - warning
23:45:04.0500 1168 sptd - detected LockedFile.Multi.Generic (1)
23:45:04.0671 1168 spupdsvc (03d7ad16ac204c48640cbe6ed8281a65) C:\WINDOWS\system32\spupdsvc.exe
23:45:04.0671 1168 spupdsvc - ok
23:45:04.0734 1168 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:45:04.0734 1168 SQLBrowser - ok
23:45:04.0750 1168 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:45:04.0750 1168 SQLWriter - ok
23:45:04.0937 1168 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:45:04.0937 1168 sr - ok
23:45:05.0093 1168 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:45:05.0093 1168 srservice - ok
23:45:05.0296 1168 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:45:05.0312 1168 Srv - ok
23:45:05.0687 1168 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:45:05.0687 1168 SSDPSRV - ok
23:45:05.0828 1168 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
23:45:05.0828 1168 ss_bbus - ok
23:45:05.0968 1168 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
23:45:05.0968 1168 ss_bmdfl - ok
23:45:06.0203 1168 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
23:45:06.0218 1168 ss_bmdm - ok
23:45:06.0234 1168 ss_bserd (994d2e5378cc337ec7dd73c1e04fcaa4) C:\WINDOWS\system32\DRIVERS\ss_bserd.sys
23:45:06.0234 1168 ss_bserd - ok
23:45:06.0406 1168 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:45:06.0421 1168 stisvc - ok
23:45:06.0531 1168 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:45:06.0531 1168 stllssvr - ok
23:45:06.0687 1168 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:45:06.0687 1168 streamip - ok
23:45:06.0828 1168 SUService (c2191c1a5dfed0795e3d3b68905b195b) c:\program files\lenovo\system update\suservice.exe
23:45:06.0828 1168 SUService - ok
23:45:07.0031 1168 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:45:07.0031 1168 swenum - ok
23:45:07.0156 1168 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:45:07.0156 1168 swmidi - ok
23:45:07.0187 1168 SwPrv - ok
23:45:07.0265 1168 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:45:07.0265 1168 symc810 - ok
23:45:07.0500 1168 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:45:07.0500 1168 symc8xx - ok
23:45:07.0718 1168 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:45:07.0718 1168 sym_hi - ok
23:45:07.0890 1168 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:45:07.0890 1168 sym_u3 - ok
23:45:08.0062 1168 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:45:08.0062 1168 sysaudio - ok
23:45:08.0218 1168 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:45:08.0218 1168 SysmonLog - ok
23:45:08.0421 1168 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
23:45:08.0421 1168 tap0901 - ok
23:45:08.0625 1168 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
23:45:08.0625 1168 taphss - ok
23:45:08.0781 1168 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:45:08.0781 1168 TapiSrv - ok
23:45:08.0984 1168 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:45:09.0000 1168 Tcpip - ok
23:45:09.0171 1168 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:45:09.0171 1168 TDPIPE - ok
23:45:09.0375 1168 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:45:09.0375 1168 TDTCP - ok
23:45:09.0578 1168 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:45:09.0578 1168 TermDD - ok
23:45:09.0750 1168 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:45:09.0765 1168 TermService - ok
23:45:09.0906 1168 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:45:09.0906 1168 Themes - ok
23:45:10.0046 1168 ThinkVantage Registry Monitor Service (9626746a9b120d2ed537dd8d76278405) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
23:45:10.0062 1168 ThinkVantage Registry Monitor Service - ok
23:45:10.0234 1168 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
23:45:10.0234 1168 TlntSvr - ok
23:45:10.0453 1168 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:45:10.0453 1168 TosIde - ok
23:45:10.0640 1168 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:45:10.0640 1168 TrkWks - ok
23:45:10.0718 1168 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
23:45:10.0718 1168 TSMAPIP - ok
23:45:10.0875 1168 TVT Backup Protection Service (1aa675a55e169bc45b5685355bec2c66) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
23:45:10.0890 1168 TVT Backup Protection Service - ok
23:45:10.0921 1168 TVT Backup Service (ff86960cf29eab25cddecc92cbba43d4) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
23:45:10.0937 1168 TVT Backup Service - ok
23:45:11.0125 1168 TVT Scheduler (49851e0177f2044184c125e919d1917c) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
23:45:11.0156 1168 TVT Scheduler - ok
23:45:11.0359 1168 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
23:45:11.0359 1168 tvtfilter - ok
23:45:11.0515 1168 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
23:45:11.0515 1168 TVTI2C - ok
23:45:11.0718 1168 tvtumon (930b8b8ef659a714cf1c755928b8850c) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
23:45:11.0718 1168 tvtumon - ok
23:45:11.0875 1168 TVT_UpdateMonitor (22a001f3fbb92e3811c3bfd8fdad3ed3) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
23:45:11.0890 1168 TVT_UpdateMonitor - ok
23:45:12.0078 1168 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:45:12.0078 1168 Udfs - ok
23:45:12.0281 1168 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:45:12.0281 1168 ultra - ok
23:45:12.0515 1168 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:45:12.0531 1168 Update - ok
23:45:13.0000 1168 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:45:13.0000 1168 upnphost - ok
23:45:13.0281 1168 upperdev (78b74af8727a28c128e164e9b53a5413) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
23:45:13.0281 1168 upperdev - ok
23:45:13.0421 1168 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:45:13.0437 1168 UPS - ok
23:45:13.0500 1168 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:45:13.0500 1168 USBAAPL - ok
23:45:13.0656 1168 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:45:13.0671 1168 usbccgp - ok
23:45:13.0859 1168 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:45:13.0859 1168 usbehci - ok
23:45:14.0046 1168 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:45:14.0046 1168 usbhub - ok
23:45:14.0250 1168 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:45:14.0265 1168 usbscan - ok
23:45:14.0437 1168 UsbserFilt (4f8fbc51a1c0a17310846b417a447f91) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
23:45:14.0437 1168 UsbserFilt - ok
23:45:14.0640 1168 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:45:14.0640 1168 USBSTOR - ok
23:45:14.0812 1168 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:45:14.0812 1168 usbuhci - ok
23:45:15.0000 1168 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:45:15.0000 1168 usbvideo - ok
23:45:15.0171 1168 UserAccess (ae24f1a4c2d92ed8132254aad3b8486e) C:\WINDOWS\system32\UAService.exe
23:45:15.0171 1168 UserAccess - ok
23:45:15.0437 1168 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:45:15.0468 1168 VgaSave - ok
23:45:15.0796 1168 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:45:15.0796 1168 viaagp - ok
23:45:15.0984 1168 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:45:15.0984 1168 ViaIde - ok
23:45:16.0156 1168 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:45:16.0156 1168 VolSnap - ok
23:45:16.0343 1168 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:45:16.0343 1168 VSS - ok
23:45:16.0515 1168 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:45:16.0515 1168 W32Time - ok
23:45:16.0703 1168 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:45:16.0718 1168 Wanarp - ok
23:45:16.0906 1168 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:45:16.0906 1168 Wdf01000 - ok
23:45:17.0062 1168 WDICA - ok
23:45:17.0265 1168 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:45:17.0265 1168 wdmaud - ok
23:45:17.0453 1168 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:45:17.0453 1168 WebClient - ok
23:45:17.0656 1168 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:45:17.0671 1168 winachsf - ok
23:45:17.0890 1168 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:45:17.0890 1168 winmgmt - ok
23:45:18.0031 1168 WMConnectCDS (ebc6ace28e58ba5be4a8190b613b6f02) C:\Program Files\Windows Media Connect 2\wmccds.exe
23:45:18.0046 1168 WMConnectCDS - ok
23:45:18.0187 1168 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
23:45:18.0187 1168 WmdmPmSN - ok
23:45:18.0375 1168 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
23:45:18.0390 1168 Wmi - ok
23:45:18.0578 1168 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:45:18.0578 1168 WmiAcpi - ok
23:45:18.0796 1168 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:45:18.0796 1168 WmiApSrv - ok
23:45:18.0953 1168 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:45:18.0984 1168 WMPNetworkSvc - ok
23:45:19.0203 1168 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:45:19.0203 1168 WpdUsb - ok
23:45:19.0421 1168 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:45:19.0531 1168 WPFFontCache_v0400 - ok
23:45:19.0718 1168 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:45:19.0718 1168 WS2IFSL - ok
23:45:19.0859 1168 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:45:19.0875 1168 wscsvc - ok
23:45:20.0046 1168 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:45:20.0046 1168 WSTCODEC - ok
23:45:20.0203 1168 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:45:20.0250 1168 wuauserv - ok
23:45:20.0468 1168 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:45:20.0515 1168 WudfPf - ok
23:45:20.0703 1168 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:45:20.0718 1168 WudfRd - ok
23:45:20.0859 1168 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
23:45:20.0859 1168 WudfSvc - ok
23:45:21.0031 1168 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:45:21.0031 1168 WZCSVC - ok
23:45:21.0218 1168 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:45:21.0312 1168 xmlprov - ok
23:45:21.0531 1168 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
23:45:21.0531 1168 xusb21 - ok
23:45:21.0640 1168 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
23:45:21.0656 1168 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
23:45:21.0734 1168 MBR (0x1B8) (889fc228f9dbef5df1e8a10ffcfcbd9c) \Device\Harddisk0\DR0
23:45:21.0765 1168 \Device\Harddisk0\DR0 - ok
23:45:21.0796 1168 Boot (0x1200) (2a0b5924fe20874d90ad997c44554473) \Device\Harddisk0\DR0\Partition0
23:45:21.0796 1168 \Device\Harddisk0\DR0\Partition0 - ok
23:45:21.0796 1168 ============================================================
23:45:21.0796 1168 Scan finished
23:45:21.0796 1168 ============================================================
23:45:21.0812 1160 Detected object count: 1
23:45:21.0812 1160 Actual detected object count: 1
23:45:55.0781 1160 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
23:45:55.0781 1160 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
23:45:59.0750 1116 Deinitialize success



I changed the parameters as you mentioned. However, there was no TDSS files so skipped delete all the results!! Here is the log

23:46:49.0031 1324 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
23:46:49.0031 1324 ============================================================
23:46:49.0031 1324 Current date / time: 2012/04/22 23:46:49.0031
23:46:49.0031 1324 SystemInfo:
23:46:49.0031 1324
23:46:49.0031 1324 OS Version: 5.1.2600 ServicePack: 3.0
23:46:49.0031 1324 Product type: Workstation
23:46:49.0031 1324 ComputerName: LENOVO-832649CA
23:46:49.0031 1324 UserName: Sakush
23:46:49.0031 1324 Windows directory: C:\WINDOWS
23:46:49.0031 1324 System windows directory: C:\WINDOWS
23:46:49.0031 1324 Processor architecture: Intel x86
23:46:49.0031 1324 Number of processors: 2
23:46:49.0031 1324 Page size: 0x1000
23:46:49.0031 1324 Boot type: Safe boot
23:46:49.0031 1324 ============================================================
23:46:49.0343 1324 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:46:49.0343 1324 \Device\Harddisk0\DR0:
23:46:49.0359 1324 MBR partitions:
23:46:49.0359 1324 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1C981000
23:46:49.0406 1324 C: <-> \Device\Harddisk0\DR0\Partition0
23:46:49.0406 1324 Initialize success
23:46:49.0406 1324 ============================================================
23:47:03.0296 1340 ============================================================
23:47:03.0296 1340 Scan started
23:47:03.0296 1340 Mode: Manual; SigCheck; TDLFS;
23:47:03.0296 1340 ============================================================
23:47:03.0609 1340 Abiosdsk - ok
23:47:03.0656 1340 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:47:04.0750 1340 abp480n5 - ok
23:47:04.0937 1340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:47:05.0078 1340 ACPI - ok
23:47:05.0140 1340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:47:05.0234 1340 ACPIEC - ok
23:47:05.0328 1340 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:47:05.0343 1340 AdobeFlashPlayerUpdateSvc - ok
23:47:05.0406 1340 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:47:05.0500 1340 adpu160m - ok
23:47:05.0546 1340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:47:05.0625 1340 aec - ok
23:47:05.0671 1340 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:47:05.0750 1340 AFD - ok
23:47:05.0781 1340 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:47:05.0875 1340 agp440 - ok
23:47:05.0906 1340 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:47:06.0000 1340 agpCPQ - ok
23:47:06.0031 1340 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:47:06.0062 1340 Aha154x - ok
23:47:06.0078 1340 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:47:06.0187 1340 aic78u2 - ok
23:47:06.0187 1340 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:47:06.0265 1340 aic78xx - ok
23:47:06.0328 1340 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:47:06.0406 1340 Alerter - ok
23:47:06.0421 1340 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:47:06.0468 1340 ALG - ok
23:47:06.0515 1340 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:47:06.0593 1340 AliIde - ok
23:47:06.0609 1340 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:47:06.0687 1340 alim1541 - ok
23:47:06.0703 1340 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:47:06.0781 1340 amdagp - ok
23:47:06.0812 1340 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:47:06.0859 1340 amsint - ok
23:47:06.0875 1340 ApfiltrService (0f83cb9bcb247869bcad28026b8f134b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
23:47:07.0109 1340 ApfiltrService - ok
23:47:07.0218 1340 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:47:07.0218 1340 Apple Mobile Device - ok
23:47:07.0390 1340 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
23:47:07.0437 1340 AppMgmt - ok
23:47:07.0515 1340 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:47:07.0609 1340 Arp1394 - ok
23:47:07.0656 1340 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:47:07.0750 1340 asc - ok
23:47:07.0781 1340 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:47:07.0812 1340 asc3350p - ok
23:47:07.0828 1340 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:47:07.0906 1340 asc3550 - ok
23:47:08.0062 1340 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:47:08.0062 1340 aspnet_state - ok
23:47:08.0093 1340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:47:08.0187 1340 AsyncMac - ok
23:47:08.0218 1340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:47:08.0296 1340 atapi - ok
23:47:08.0312 1340 Atdisk - ok
23:47:08.0343 1340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:47:08.0437 1340 Atmarpc - ok
23:47:08.0500 1340 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:47:08.0578 1340 AudioSrv - ok
23:47:08.0593 1340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:47:08.0671 1340 audstub - ok
23:47:08.0750 1340 avc3 (f0c0e213d6d811384a49981adff0b6c0) C:\WINDOWS\system32\DRIVERS\avc3.sys
23:47:08.0796 1340 avc3 - ok
23:47:08.0843 1340 avchv (a64529781e5b9cc454666a33a24e3e1d) C:\WINDOWS\system32\DRIVERS\avchv.sys
23:47:08.0859 1340 avchv - ok
23:47:08.0921 1340 avckf (2bce314a25e71298add6794bfbd66266) C:\WINDOWS\system32\DRIVERS\avckf.sys
23:47:08.0937 1340 avckf - ok
23:47:09.0000 1340 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23:47:09.0046 1340 b57w2k - ok
23:47:09.0171 1340 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
23:47:09.0171 1340 BcmSqlStartupSvc - ok
23:47:09.0265 1340 Bdfndisf (ab9f7295010ae9b9399746a02f044cc5) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys
23:47:09.0281 1340 Bdfndisf - ok
23:47:09.0343 1340 bdftdif (f7d825f7e47d8a7865f5d2156b1b7a24) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys
23:47:09.0359 1340 bdftdif - ok
23:47:09.0437 1340 bdsandbox (e260c0079b5c1107b87e98f356292004) C:\WINDOWS\system32\drivers\bdsandbox.sys
23:47:09.0437 1340 bdsandbox - ok
23:47:09.0484 1340 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
23:47:09.0500 1340 BDVEDISK - ok
23:47:09.0531 1340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:47:09.0625 1340 Beep - ok
23:47:09.0671 1340 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:47:09.0765 1340 BITS - ok
23:47:09.0875 1340 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
23:47:09.0875 1340 Bonjour Service - ok
23:47:09.0937 1340 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:47:10.0031 1340 Browser - ok
23:47:10.0109 1340 Cam5607 (631783a00f11ea25abf597c9c33053d0) C:\WINDOWS\system32\Drivers\BisonC07.sys
23:47:10.0156 1340 Cam5607 - ok
23:47:10.0281 1340 catchme - ok
23:47:10.0312 1340 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:47:10.0406 1340 cbidf - ok
23:47:10.0421 1340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:47:10.0500 1340 cbidf2k - ok
23:47:10.0546 1340 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:47:10.0640 1340 CCDECODE - ok
23:47:10.0656 1340 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:47:10.0703 1340 cd20xrnt - ok
23:47:10.0750 1340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:47:10.0828 1340 Cdaudio - ok
23:47:10.0859 1340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:47:10.0937 1340 Cdfs - ok
23:47:10.0953 1340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:47:11.0031 1340 Cdrom - ok
23:47:11.0234 1340 CGVPNCliSrvc (8fa3860fa448ccf9eae4de6bef190735) C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
23:47:11.0343 1340 CGVPNCliSrvc - ok
23:47:11.0343 1340 Changer - ok
23:47:11.0390 1340 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:47:11.0484 1340 CiSvc - ok
23:47:11.0515 1340 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:47:11.0625 1340 ClipSrv - ok
23:47:11.0750 1340 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:47:11.0750 1340 clr_optimization_v2.0.50727_32 - ok
23:47:11.0812 1340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:47:11.0828 1340 clr_optimization_v4.0.30319_32 - ok
23:47:11.0875 1340 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:47:11.0953 1340 CmBatt - ok
23:47:12.0000 1340 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:47:12.0093 1340 CmdIde - ok
23:47:12.0156 1340 CnxtHdAudService (e2d7f6af93fe72dd840802797fafe4d3) C:\WINDOWS\system32\drivers\CHDAU32.sys
23:47:12.0250 1340 CnxtHdAudService - ok
23:47:12.0265 1340 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:47:12.0359 1340 Compbatt - ok
23:47:12.0359 1340 COMSysApp - ok
23:47:12.0390 1340 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:47:12.0468 1340 Cpqarray - ok
23:47:12.0546 1340 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
23:47:12.0562 1340 cpudrv - ok
23:47:12.0593 1340 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:47:12.0671 1340 CryptSvc - ok
23:47:12.0734 1340 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:47:12.0843 1340 dac2w2k - ok
23:47:12.0859 1340 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:47:12.0937 1340 dac960nt - ok
23:47:13.0000 1340 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:47:13.0031 1340 DcomLaunch - ok
23:47:13.0093 1340 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
23:47:13.0093 1340 dgderdrv - ok
23:47:13.0140 1340 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:47:13.0218 1340 Dhcp - ok
23:47:13.0265 1340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:47:13.0343 1340 Disk - ok
23:47:13.0406 1340 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
23:47:13.0421 1340 DLABMFSM - ok
23:47:13.0437 1340 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
23:47:13.0453 1340 DLABOIOM - ok
23:47:13.0468 1340 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
23:47:13.0468 1340 DLACDBHM - ok
23:47:13.0484 1340 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS
23:47:13.0500 1340 DLADResM - ok
23:47:13.0515 1340 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
23:47:13.0531 1340 DLAIFS_M - ok
23:47:13.0546 1340 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
23:47:13.0562 1340 DLAOPIOM - ok
23:47:13.0578 1340 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
23:47:13.0593 1340 DLAPoolM - ok
23:47:13.0609 1340 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
23:47:13.0609 1340 DLARTL_M - ok
23:47:13.0640 1340 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
23:47:13.0640 1340 DLAUDFAM - ok
23:47:13.0656 1340 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
23:47:13.0671 1340 DLAUDF_M - ok
23:47:13.0671 1340 dmadmin - ok
23:47:13.0765 1340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:47:13.0875 1340 dmboot - ok
23:47:13.0890 1340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:47:13.0984 1340 dmio - ok
23:47:14.0015 1340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:47:14.0109 1340 dmload - ok
23:47:14.0156 1340 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:47:14.0250 1340 dmserver - ok
23:47:14.0296 1340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:47:14.0390 1340 DMusic - ok
23:47:14.0437 1340 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:47:14.0531 1340 Dnscache - ok
23:47:14.0562 1340 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:47:14.0640 1340 Dot3svc - ok
23:47:14.0687 1340 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:47:14.0765 1340 dpti2o - ok
23:47:14.0796 1340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:47:14.0890 1340 drmkaud - ok
23:47:14.0937 1340 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
23:47:14.0953 1340 DRVMCDB - ok
23:47:14.0953 1340 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
23:47:14.0968 1340 DRVNDDM - ok
23:47:15.0000 1340 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:47:15.0078 1340 EapHost - ok
23:47:15.0109 1340 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:47:15.0203 1340 ERSvc - ok
23:47:15.0250 1340 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:47:15.0265 1340 Eventlog - ok
23:47:15.0312 1340 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:47:15.0359 1340 EventSystem - ok
23:47:15.0468 1340 EverestDriver - ok
23:47:15.0625 1340 EvtEng (f969b2632fc5ace069a1fb9decf5581b) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:47:15.0671 1340 EvtEng - ok
23:47:15.0750 1340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:47:15.0828 1340 Fastfat - ok
23:47:15.0875 1340 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:47:15.0921 1340 FastUserSwitchingCompatibility - ok
23:47:15.0937 1340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:47:16.0015 1340 Fdc - ok
23:47:16.0046 1340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:47:16.0125 1340 Fips - ok
23:47:16.0140 1340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:47:16.0234 1340 Flpydisk - ok
23:47:16.0250 1340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:47:16.0328 1340 FltMgr - ok
23:47:16.0437 1340 FNF5SVC (c4c9a48c3339b6335f8f0db1f47bb668) C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
23:47:16.0453 1340 FNF5SVC - ok
23:47:16.0562 1340 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:47:16.0578 1340 FontCache3.0.0.0 - ok
23:47:16.0609 1340 FsUsbExService (f96c429788350db4ba6771c3034dfd88) C:\WINDOWS\system32\FsUsbExService.Exe
23:47:16.0609 1340 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
23:47:16.0609 1340 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
23:47:16.0625 1340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:47:16.0703 1340 Fs_Rec - ok
23:47:16.0750 1340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:47:16.0828 1340 Ftdisk - ok
23:47:16.0875 1340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:47:16.0875 1340 GEARAspiWDM - ok
23:47:16.0890 1340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:47:16.0984 1340 Gpc - ok
23:47:17.0000 1340 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:47:17.0093 1340 HDAudBus - ok
23:47:17.0171 1340 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:47:17.0265 1340 helpsvc - ok
23:47:17.0265 1340 HidServ - ok
23:47:17.0328 1340 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:47:17.0406 1340 HidUsb - ok
23:47:17.0453 1340 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:47:17.0546 1340 hkmsvc - ok
23:47:17.0671 1340 HotspotShieldService (fbcc7ff08e18a0b06d012c558fb00f05) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
23:47:17.0671 1340 HotspotShieldService ( UnsignedFile.Multi.Generic ) - warning
23:47:17.0671 1340 HotspotShieldService - detected UnsignedFile.Multi.Generic (1)
23:47:17.0718 1340 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:47:17.0796 1340 hpn - ok
23:47:17.0843 1340 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:47:17.0875 1340 HSFHWAZL - ok
23:47:17.0906 1340 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:47:17.0953 1340 HSF_DPV - ok
23:47:18.0109 1340 HssSrv (d5687c8c02df0eb4687b044a10df5cb4) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
23:47:18.0125 1340 HssSrv ( UnsignedFile.Multi.Generic ) - warning
23:47:18.0125 1340 HssSrv - detected UnsignedFile.Multi.Generic (1)
23:47:18.0187 1340 HssTrayService (c5bf8240e12ef056bfd6838abc8bb916) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
23:47:18.0187 1340 HssTrayService ( UnsignedFile.Multi.Generic ) - warning
23:47:18.0187 1340 HssTrayService - detected UnsignedFile.Multi.Generic (1)
23:47:18.0218 1340 HssWd (cd85ba2ba40f0fb7b5231c780d9b6057) C:\Program Files\Hotspot Shield\bin\hsswd.exe
23:47:18.0250 1340 HssWd ( UnsignedFile.Multi.Generic ) - warning
23:47:18.0250 1340 HssWd - detected UnsignedFile.Multi.Generic (1)
23:47:18.0343 1340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:47:18.0390 1340 HTTP - ok
23:47:18.0437 1340 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:47:18.0531 1340 HTTPFilter - ok
23:47:18.0578 1340 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:47:18.0656 1340 i2omgmt - ok
23:47:18.0687 1340 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:47:18.0765 1340 i2omp - ok
23:47:18.0796 1340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:47:18.0875 1340 i8042prt - ok
23:47:18.0953 1340 ialm (2f91ca49fb204262d234cae40e51c8cd) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:47:19.0109 1340 ialm - ok
23:47:19.0156 1340 iaStor (80c633722da72e97f3f5b3b11325696d) C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:47:19.0171 1340 iaStor - ok
23:47:19.0328 1340 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:47:19.0343 1340 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:47:19.0343 1340 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:47:19.0515 1340 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:47:19.0546 1340 idsvc - ok
23:47:19.0609 1340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:47:19.0687 1340 Imapi - ok
23:47:19.0734 1340 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:47:19.0812 1340 ImapiService - ok
23:47:19.0828 1340 InCDFs - ok
23:47:19.0843 1340 InCDPass - ok
23:47:19.0859 1340 InCDRm - ok
23:47:19.0890 1340 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:47:20.0000 1340 ini910u - ok
23:47:20.0031 1340 IntcHdmiAddService (f5c70e41b19d33cc764998786ab74165) C:\WINDOWS\system32\drivers\IntcHdmi.sys
23:47:20.0093 1340 IntcHdmiAddService - ok
23:47:20.0109 1340 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:47:20.0187 1340 IntelIde - ok
23:47:20.0234 1340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:47:20.0312 1340 intelppm - ok
23:47:20.0343 1340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:47:20.0453 1340 Ip6Fw - ok
23:47:20.0453 1340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:47:20.0546 1340 IpFilterDriver - ok
23:47:20.0562 1340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:47:20.0640 1340 IpInIp - ok
23:47:20.0671 1340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:47:20.0765 1340 IpNat - ok
23:47:20.0843 1340 iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe
23:47:20.0875 1340 iPod Service - ok
23:47:20.0890 1340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:47:20.0968 1340 IPSec - ok
23:47:21.0000 1340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:47:21.0031 1340 IRENUM - ok
23:47:21.0078 1340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:47:21.0156 1340 isapnp - ok
23:47:21.0218 1340 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
23:47:21.0234 1340 IviRegMgr - ok
23:47:21.0343 1340 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
23:47:21.0359 1340 JavaQuickStarterService - ok
23:47:21.0406 1340 JMCR (a69a1b991824b98f744913555f665893) C:\WINDOWS\system32\DRIVERS\jmcr.sys
23:47:21.0421 1340 JMCR - ok
23:47:21.0468 1340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:47:21.0562 1340 Kbdclass - ok
23:47:21.0578 1340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:47:21.0671 1340 kmixer - ok
23:47:21.0718 1340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:47:21.0812 1340 KSecDD - ok
23:47:21.0875 1340 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:47:21.0890 1340 LanmanServer - ok
23:47:21.0937 1340 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:47:21.0984 1340 lanmanworkstation - ok
23:47:22.0062 1340 lbrtfdc - ok
23:47:22.0109 1340 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:47:22.0187 1340 LmHosts - ok
23:47:22.0281 1340 mdf15 (7ad11a5b5ea3bb3093a24c85e653ce54) C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys
23:47:22.0296 1340 mdf15 ( UnsignedFile.Multi.Generic ) - warning
23:47:22.0296 1340 mdf15 - detected UnsignedFile.Multi.Generic (1)
23:47:22.0328 1340 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:47:22.0343 1340 mdmxsdk - ok
23:47:22.0406 1340 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:47:22.0468 1340 Messenger - ok
23:47:22.0515 1340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:47:22.0593 1340 mnmdd - ok
23:47:22.0640 1340 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:47:22.0718 1340 mnmsrvc - ok
23:47:22.0750 1340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:47:22.0843 1340 Modem - ok
23:47:22.0859 1340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:47:22.0937 1340 Mouclass - ok
23:47:22.0968 1340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:47:23.0062 1340 mouhid - ok
23:47:23.0078 1340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:47:23.0171 1340 MountMgr - ok
23:47:23.0203 1340 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:47:23.0281 1340 mraid35x - ok
23:47:23.0312 1340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:47:23.0406 1340 MRxDAV - ok
23:47:23.0437 1340 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:47:23.0484 1340 MRxSmb - ok
23:47:23.0515 1340 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:47:23.0593 1340 MSDTC - ok
23:47:23.0640 1340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:47:23.0718 1340 Msfs - ok
23:47:23.0765 1340 MSIServer - ok
23:47:23.0812 1340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:47:23.0890 1340 MSKSSRV - ok
23:47:23.0921 1340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:47:24.0000 1340 MSPCLOCK - ok
23:47:24.0000 1340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:47:24.0093 1340 MSPQM - ok
23:47:24.0187 1340 MSR Service (9da8fd98e368730e38589aa1952ac37f) C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
23:47:24.0187 1340 MSR Service ( UnsignedFile.Multi.Generic ) - warning
23:47:24.0187 1340 MSR Service - detected UnsignedFile.Multi.Generic (1)
23:47:24.0234 1340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:47:24.0312 1340 mssmbios - ok
23:47:24.0375 1340 MSSQL$MSSMLBIZ - ok
23:47:24.0453 1340 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
23:47:24.0453 1340 MSSQLServerADHelper - ok
23:47:24.0484 1340 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:47:24.0562 1340 MSTEE - ok
23:47:24.0593 1340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:47:24.0609 1340 Mup - ok
23:47:24.0625 1340 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:47:24.0703 1340 NABTSFEC - ok
23:47:24.0765 1340 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:47:24.0859 1340 napagent - ok
23:47:24.0890 1340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:47:24.0984 1340 NDIS - ok
23:47:25.0000 1340 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:47:25.0078 1340 NdisIP - ok
23:47:25.0109 1340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:47:25.0140 1340 NdisTapi - ok
23:47:25.0156 1340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:47:25.0234 1340 Ndisuio - ok
23:47:25.0265 1340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:47:25.0343 1340 NdisWan - ok
23:47:25.0390 1340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:47:25.0406 1340 NDProxy - ok
23:47:25.0421 1340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:47:25.0484 1340 NetBIOS - ok
23:47:25.0515 1340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:47:25.0593 1340 NetBT - ok
23:47:25.0640 1340 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:47:25.0718 1340 NetDDE - ok
23:47:25.0718 1340 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:47:25.0796 1340 NetDDEdsdm - ok
23:47:25.0828 1340 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:47:25.0921 1340 Netlogon - ok
23:47:25.0937 1340 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:47:26.0031 1340 Netman - ok
23:47:26.0140 1340 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:47:26.0156 1340 NetTcpPortSharing - ok
23:47:26.0312 1340 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
23:47:26.0468 1340 NETw5x32 - ok
23:47:26.0703 1340 NETwNx32 (78edacb732c05f6a7b15856929e6fe5f) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
23:47:26.0984 1340 NETwNx32 - ok
23:47:27.0046 1340 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:47:27.0140 1340 NIC1394 - ok
23:47:27.0203 1340 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:47:27.0218 1340 Nla - ok
23:47:27.0250 1340 nmwcd (b0a67de1a128389aea4d42c5a56215fd) C:\WINDOWS\system32\drivers\ccdcmb.sys
23:47:27.0500 1340 nmwcd - ok
23:47:27.0687 1340 nmwcdc (025c54f9f8c8bc1894ea38529c742c54) C:\WINDOWS\system32\drivers\ccdcmbo.sys
23:47:27.0750 1340 nmwcdc - ok
23:47:27.0781 1340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:47:27.0875 1340 Npfs - ok
23:47:27.0921 1340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:47:28.0015 1340 Ntfs - ok
23:47:28.0046 1340 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:47:28.0125 1340 NtLmSsp - ok
23:47:28.0187 1340 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:47:28.0265 1340 NtmsSvc - ok
23:47:28.0296 1340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:47:28.0390 1340 Null - ok
23:47:28.0406 1340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:47:28.0484 1340 NwlnkFlt - ok
23:47:28.0500 1340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:47:28.0593 1340 NwlnkFwd - ok
23:47:28.0765 1340 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:47:28.0781 1340 odserv - ok
23:47:28.0812 1340 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:47:28.0890 1340 ohci1394 - ok
23:47:28.0921 1340 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:47:28.0937 1340 ose - ok
23:47:28.0984 1340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:47:29.0078 1340 Parport - ok
23:47:29.0093 1340 Partizan - ok
23:47:29.0109 1340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:47:29.0187 1340 PartMgr - ok
23:47:29.0203 1340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:47:29.0281 1340 ParVdm - ok
23:47:29.0312 1340 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
23:47:29.0359 1340 pccsmcfd - ok
23:47:29.0421 1340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:47:29.0500 1340 PCI - ok
23:47:29.0515 1340 PCIDump - ok
23:47:29.0562 1340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:47:29.0640 1340 PCIIde - ok
23:47:29.0671 1340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:47:29.0734 1340 Pcmcia - ok
23:47:29.0750 1340 PDCOMP - ok
23:47:29.0765 1340 PDFRAME - ok
23:47:29.0781 1340 PDRELI - ok
23:47:29.0796 1340 PDRFRAME - ok
23:47:29.0812 1340 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:47:29.0890 1340 perc2 - ok
23:47:29.0890 1340 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:47:29.0968 1340 perc2hib - ok
23:47:30.0031 1340 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:47:30.0046 1340 PlugPlay - ok
23:47:30.0093 1340 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
23:47:30.0093 1340 pmem ( UnsignedFile.Multi.Generic ) - warning
23:47:30.0093 1340 pmem - detected UnsignedFile.Multi.Generic (1)
23:47:30.0140 1340 PMHler (c6114ccd63db3925a0450b1089ece503) C:\WINDOWS\system32\drivers\PMHler.sys
23:47:30.0156 1340 PMHler - ok
23:47:30.0250 1340 PMSveH (29a26236447e5b5e3fce5e33168c43e0) C:\Program Files\Lenovo\PMDriver\PMSveH.exe
23:47:30.0250 1340 PMSveH ( UnsignedFile.Multi.Generic ) - warning
23:47:30.0250 1340 PMSveH - detected UnsignedFile.Multi.Generic (1)
23:47:30.0296 1340 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:47:30.0359 1340 PolicyAgent - ok
23:47:30.0406 1340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:47:30.0500 1340 PptpMiniport - ok
23:47:30.0515 1340 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:47:30.0593 1340 ProtectedStorage - ok
23:47:30.0625 1340 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
23:47:30.0640 1340 psadd - ok
23:47:30.0671 1340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:47:30.0750 1340 PSched - ok
23:47:30.0781 1340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:47:30.0859 1340 Ptilink - ok
23:47:30.0921 1340 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:47:30.0921 1340 PxHelp20 - ok
23:47:30.0953 1340 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:47:31.0062 1340 ql1080 - ok
23:47:31.0062 1340 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:47:31.0140 1340 Ql10wnt - ok
23:47:31.0187 1340 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:47:31.0265 1340 ql12160 - ok
23:47:31.0281 1340 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:47:31.0375 1340 ql1240 - ok
23:47:31.0390 1340 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:47:31.0468 1340 ql1280 - ok
23:47:31.0468 1340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:47:31.0546 1340 RasAcd - ok
23:47:31.0609 1340 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:47:31.0703 1340 RasAuto - ok
23:47:31.0734 1340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:47:31.0812 1340 Rasl2tp - ok
23:47:31.0843 1340 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:47:31.0921 1340 RasMan - ok
23:47:31.0937 1340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:47:32.0015 1340 RasPppoe - ok
23:47:32.0031 1340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:47:32.0109 1340 Raspti - ok
23:47:32.0125 1340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:47:32.0218 1340 Rdbss - ok
23:47:32.0234 1340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:47:32.0312 1340 RDPCDD - ok
23:47:32.0359 1340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:47:32.0437 1340 rdpdr - ok
23:47:32.0500 1340 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:47:32.0562 1340 RDPWD - ok
23:47:32.0609 1340 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:47:32.0703 1340 RDSessMgr - ok
23:47:32.0750 1340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:47:32.0828 1340 redbook - ok
23:47:32.0953 1340 RegSrvc (9155c9cd54f1f8f85b68440d896b6d63) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:47:32.0968 1340 RegSrvc - ok
23:47:33.0031 1340 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:47:33.0125 1340 RemoteAccess - ok
23:47:33.0171 1340 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
23:47:33.0250 1340 RemoteRegistry - ok
23:47:33.0265 1340 riuwivxeismqenev - ok
23:47:33.0375 1340 Roxio UPnP Renderer 10 (ada991d7a02130fa78413281a134330b) C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
23:47:33.0390 1340 Roxio UPnP Renderer 10 - ok
23:47:33.0421 1340 Roxio Upnp Server 10 (11f07111105072f81c03a437423e88ee) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
23:47:33.0437 1340 Roxio Upnp Server 10 - ok
23:47:33.0515 1340 RoxLiveShare10 (7c334636b539fbfa65bd3b6da75b9d30) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
23:47:33.0531 1340 RoxLiveShare10 - ok
23:47:33.0593 1340 RoxMediaDB10 (eb9eeb379848f356797eb9ef31114ca5) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
23:47:33.0656 1340 RoxMediaDB10 - ok
23:47:33.0687 1340 RoxWatch10 (640e33efb13278bedd3699dfa88185e5) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
23:47:33.0703 1340 RoxWatch10 - ok
23:47:33.0843 1340 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:47:33.0921 1340 RpcLocator - ok
23:47:33.0968 1340 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
23:47:34.0000 1340 RpcSs - ok
23:47:34.0046 1340 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:47:34.0140 1340 RSVP - ok
23:47:34.0265 1340 S24EventMonitor (f911b1afe543be0797001f30226b8b0a) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
23:47:34.0312 1340 S24EventMonitor - ok
23:47:34.0375 1340 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
23:47:34.0390 1340 s24trans ( UnsignedFile.Multi.Generic ) - warning
23:47:34.0390 1340 s24trans - detected UnsignedFile.Multi.Generic (1)
23:47:34.0500 1340 SafeBox (d5291db188e4423f3696ca550edeb876) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
23:47:34.0515 1340 SafeBox - ok
23:47:34.0562 1340 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:47:34.0625 1340 SamSs - ok
23:47:34.0656 1340 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:47:34.0750 1340 SCardSvr - ok
23:47:34.0781 1340 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
23:47:34.0796 1340 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
23:47:34.0796 1340 SCDEmu - detected UnsignedFile.Multi.Generic (1)
23:47:34.0812 1340 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:47:34.0890 1340 Schedule - ok
23:47:34.0937 1340 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:47:35.0015 1340 sdbus - ok
23:47:35.0140 1340 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:47:35.0156 1340 SeaPort - ok
23:47:35.0171 1340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:47:35.0218 1340 Secdrv - ok
23:47:35.0250 1340 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:47:35.0328 1340 seclogon - ok
23:47:35.0343 1340 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:47:35.0421 1340 SENS - ok
23:47:35.0453 1340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:47:35.0531 1340 Serial - ok
23:47:35.0671 1340 ServiceLayer (668043f192ab9659761a349a4703600d) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:47:35.0687 1340 ServiceLayer - ok
23:47:35.0796 1340 SessionLauncher - ok
23:47:35.0859 1340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:47:35.0937 1340 Sfloppy - ok
23:47:35.0984 1340 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:47:36.0062 1340 SharedAccess - ok
23:47:36.0109 1340 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:47:36.0109 1340 ShellHWDetection - ok
23:47:36.0125 1340 Simbad - ok
23:47:36.0171 1340 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:47:36.0250 1340 sisagp - ok
23:47:36.0328 1340 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
23:47:36.0343 1340 SkypeUpdate - ok
23:47:36.0390 1340 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:47:36.0484 1340 SLIP - ok
23:47:36.0531 1340 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:47:36.0562 1340 Sparrow - ok
23:47:36.0593 1340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:47:36.0671 1340 splitter - ok
23:47:36.0718 1340 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:47:36.0750 1340 Spooler - ok
23:47:36.0796 1340 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
23:47:36.0796 1340 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
23:47:36.0796 1340 sptd ( LockedFile.Multi.Generic ) - warning
23:47:36.0796 1340 sptd - detected LockedFile.Multi.Generic (1)
23:47:36.0843 1340 spupdsvc (03d7ad16ac204c48640cbe6ed8281a65) C:\WINDOWS\system32\spupdsvc.exe
23:47:36.0843 1340 spupdsvc - ok
23:47:36.0968 1340 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:47:36.0968 1340 SQLBrowser - ok
23:47:37.0000 1340 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:47:37.0000 1340 SQLWriter - ok
23:47:37.0062 1340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:47:37.0093 1340 sr - ok
23:47:37.0140 1340 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:47:37.0171 1340 srservice - ok
23:47:37.0218 1340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:47:37.0281 1340 Srv - ok
23:47:37.0328 1340 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:47:37.0375 1340 SSDPSRV - ok
23:47:37.0437 1340 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
23:47:37.0453 1340 ss_bbus - ok
23:47:37.0484 1340 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
23:47:37.0500 1340 ss_bmdfl - ok
23:47:37.0546 1340 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
23:47:37.0546 1340 ss_bmdm - ok
23:47:37.0578 1340 ss_bserd (994d2e5378cc337ec7dd73c1e04fcaa4) C:\WINDOWS\system32\DRIVERS\ss_bserd.sys
23:47:37.0578 1340 ss_bserd - ok
23:47:37.0609 1340 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:47:37.0703 1340 stisvc - ok
23:47:37.0812 1340 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:47:37.0828 1340 stllssvr - ok
23:47:37.0875 1340 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:47:37.0968 1340 streamip - ok
23:47:38.0078 1340 SUService (c2191c1a5dfed0795e3d3b68905b195b) c:\program files\lenovo\system update\suservice.exe
23:47:38.0078 1340 SUService ( UnsignedFile.Multi.Generic ) - warning
23:47:38.0078 1340 SUService - detected UnsignedFile.Multi.Generic (1)
23:47:38.0125 1340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:47:38.0203 1340 swenum - ok
23:47:38.0250 1340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:47:38.0328 1340 swmidi - ok
23:47:38.0343 1340 SwPrv - ok
23:47:38.0406 1340 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:47:38.0468 1340 symc810 - ok
23:47:38.0500 1340 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:47:38.0578 1340 symc8xx - ok
23:47:38.0578 1340 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:47:38.0671 1340 sym_hi - ok
23:47:38.0718 1340 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:47:38.0796 1340 sym_u3 - ok
23:47:38.0843 1340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:47:38.0921 1340 sysaudio - ok
23:47:38.0968 1340 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:47:39.0046 1340 SysmonLog - ok
23:47:39.0078 1340 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
23:47:39.0093 1340 tap0901 ( UnsignedFile.Multi.Generic ) - warning
23:47:39.0093 1340 tap0901 - detected UnsignedFile.Multi.Generic (1)
23:47:39.0125 1340 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
23:47:39.0125 1340 taphss - ok
23:47:39.0156 1340 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:47:39.0234 1340 TapiSrv - ok
23:47:39.0296 1340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:47:39.0312 1340 Tcpip - ok
23:47:39.0359 1340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:47:39.0437 1340 TDPIPE - ok
23:47:39.0484 1340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:47:39.0546 1340 TDTCP - ok
23:47:39.0609 1340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:47:39.0687 1340 TermDD - ok
23:47:39.0734 1340 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:47:39.0812 1340 TermService - ok
23:47:39.0859 1340 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:47:39.0875 1340 Themes - ok
23:47:40.0000 1340 ThinkVantage Registry Monitor Service (9626746a9b120d2ed537dd8d76278405) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
23:47:40.0015 1340 ThinkVantage Registry Monitor Service - ok
23:47:40.0062 1340 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
23:47:40.0093 1340 TlntSvr - ok
23:47:40.0140 1340 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:47:40.0218 1340 TosIde - ok
23:47:40.0218 1340 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:47:40.0328 1340 TrkWks - ok
23:47:40.0375 1340 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
23:47:40.0390 1340 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
23:47:40.0390 1340 TSMAPIP - detected UnsignedFile.Multi.Generic (1)
23:47:40.0484 1340 TVT Backup Protection Service (1aa675a55e169bc45b5685355bec2c66) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
23:47:40.0531 1340 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
23:47:40.0531 1340 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
23:47:40.0578 1340 TVT Backup Service (ff86960cf29eab25cddecc92cbba43d4) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
23:47:40.0640 1340 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
23:47:40.0640 1340 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
23:47:40.0750 1340 TVT Scheduler (49851e0177f2044184c125e919d1917c) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
23:47:40.0796 1340 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
23:47:40.0796 1340 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
23:47:40.0906 1340 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
23:47:40.0921 1340 tvtfilter - ok
23:47:40.0984 1340 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
23:47:40.0984 1340 TVTI2C - ok
23:47:41.0015 1340 tvtumon (930b8b8ef659a714cf1c755928b8850c) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
23:47:41.0031 1340 tvtumon - ok
23:47:41.0078 1340 TVT_UpdateMonitor (22a001f3fbb92e3811c3bfd8fdad3ed3) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
23:47:41.0093 1340 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - warning
23:47:41.0093 1340 TVT_UpdateMonitor - detected UnsignedFile.Multi.Generic (1)
23:47:41.0156 1340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:47:41.0234 1340 Udfs - ok
23:47:41.0281 1340 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:47:41.0312 1340 ultra - ok
23:47:41.0359 1340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:47:41.0437 1340 Update - ok
23:47:41.0484 1340 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:47:41.0546 1340 upnphost - ok
23:47:41.0578 1340 upperdev (78b74af8727a28c128e164e9b53a5413) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
23:47:41.0625 1340 upperdev - ok
23:47:41.0640 1340 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:47:41.0718 1340 UPS - ok
23:47:41.0781 1340 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:47:41.0781 1340 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
23:47:41.0781 1340 USBAAPL - detected UnsignedFile.Multi.Generic (1)
23:47:41.0812 1340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:47:41.0890 1340 usbccgp - ok
23:47:41.0953 1340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:47:42.0031 1340 usbehci - ok
23:47:42.0046 1340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:47:42.0109 1340 usbhub - ok
23:47:42.0156 1340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:47:42.0218 1340 usbscan - ok
23:47:42.0265 1340 UsbserFilt (4f8fbc51a1c0a17310846b417a447f91) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
23:47:42.0312 1340 UsbserFilt - ok
23:47:42.0359 1340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:47:42.0437 1340 USBSTOR - ok
23:47:42.0468 1340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:47:42.0562 1340 usbuhci - ok
23:47:42.0593 1340 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:47:42.0656 1340 usbvideo - ok
23:47:42.0718 1340 UserAccess (ae24f1a4c2d92ed8132254aad3b8486e) C:\WINDOWS\system32\UAService.exe
23:47:42.0734 1340 UserAccess ( UnsignedFile.Multi.Generic ) - warning
23:47:42.0734 1340 UserAccess - detected UnsignedFile.Multi.Generic (1)
23:47:42.0781 1340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:47:42.0859 1340 VgaSave - ok
23:47:42.0875 1340 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:47:42.0968 1340 viaagp - ok
23:47:42.0984 1340 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:47:43.0078 1340 ViaIde - ok
23:47:43.0093 1340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:47:43.0156 1340 VolSnap - ok
23:47:43.0218 1340 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:47:43.0265 1340 VSS - ok
23:47:43.0296 1340 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:47:43.0375 1340 W32Time - ok
23:47:43.0390 1340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:47:43.0468 1340 Wanarp - ok
23:47:43.0515 1340 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:47:43.0531 1340 Wdf01000 - ok
23:47:43.0546 1340 WDICA - ok
23:47:43.0593 1340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:47:43.0671 1340 wdmaud - ok
23:47:43.0687 1340 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:47:43.0765 1340 WebClient - ok
23:47:43.0828 1340 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:47:43.0890 1340 winachsf - ok
23:47:43.0984 1340 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:47:44.0062 1340 winmgmt - ok
23:47:44.0203 1340 WMConnectCDS (ebc6ace28e58ba5be4a8190b613b6f02) C:\Program Files\Windows Media Connect 2\wmccds.exe
23:47:44.0281 1340 WMConnectCDS - ok
23:47:44.0312 1340 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
23:47:44.0343 1340 WmdmPmSN - ok
23:47:44.0406 1340 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
23:47:44.0437 1340 Wmi - ok
23:47:44.0515 1340 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:47:44.0593 1340 WmiAcpi - ok
23:47:44.0687 1340 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:47:44.0781 1340 WmiApSrv - ok
23:47:44.0921 1340 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:47:44.0984 1340 WMPNetworkSvc - ok
23:47:45.0015 1340 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:47:45.0031 1340 WpdUsb - ok
23:47:45.0187 1340 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:47:45.0203 1340 WPFFontCache_v0400 - ok
23:47:45.0250 1340 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:47:45.0343 1340 WS2IFSL - ok
23:47:45.0390 1340 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:47:45.0484 1340 wscsvc - ok
23:47:45.0515 1340 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:47:45.0593 1340 WSTCODEC - ok
23:47:45.0625 1340 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:47:45.0703 1340 wuauserv - ok
23:47:45.0750 1340 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:47:45.0781 1340 WudfPf - ok
23:47:45.0812 1340 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:47:45.0828 1340 WudfRd - ok
23:47:45.0843 1340 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
23:47:45.0859 1340 WudfSvc - ok
23:47:45.0890 1340 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:47:45.0968 1340 WZCSVC - ok
23:47:46.0000 1340 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:47:46.0078 1340 xmlprov - ok
23:47:46.0109 1340 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
23:47:46.0125 1340 xusb21 - ok
23:47:46.0203 1340 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
23:47:46.0218 1340 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
23:47:46.0265 1340 MBR (0x1B8) (889fc228f9dbef5df1e8a10ffcfcbd9c) \Device\Harddisk0\DR0
23:47:46.0359 1340 \Device\Harddisk0\DR0 - ok
23:47:46.0406 1340 Boot (0x1200) (2a0b5924fe20874d90ad997c44554473) \Device\Harddisk0\DR0\Partition0
23:47:46.0406 1340 \Device\Harddisk0\DR0\Partition0 - ok
23:47:46.0406 1340 ============================================================
23:47:46.0406 1340 Scan finished
23:47:46.0406 1340 ============================================================
23:47:46.0515 1332 Detected object count: 22
23:47:46.0515 1332 Actual detected object count: 22
23:48:17.0328 1332 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0328 1332 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0328 1332 HotspotShieldService ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0328 1332 HotspotShieldService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0343 1332 HssSrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0343 1332 HssSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0343 1332 HssTrayService ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0343 1332 HssTrayService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0343 1332 HssWd ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0343 1332 HssWd ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0343 1332 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0343 1332 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0359 1332 mdf15 ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0359 1332 mdf15 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0359 1332 MSR Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0359 1332 MSR Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0359 1332 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0359 1332 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0375 1332 PMSveH ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0375 1332 PMSveH ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0375 1332 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0375 1332 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0375 1332 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0375 1332 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0375 1332 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:48:17.0375 1332 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:48:17.0390 1332 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0390 1332 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0390 1332 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0390 1332 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0390 1332 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0390 1332 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0390 1332 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0390 1332 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0406 1332 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0406 1332 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0406 1332 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0406 1332 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0406 1332 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0406 1332 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0421 1332 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0421 1332 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:17.0421 1332 UserAccess ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:17.0421 1332 UserAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:19.0843 1320 Deinitialize success


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

aswMBR


On completion of scan, the "FIx" button was not enabled. The log is attached

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-22 23:48:49
-----------------------------
23:48:49.640 OS Version: Windows 5.1.2600 Service Pack 3
23:48:49.640 Number of processors: 2 586 0x170A
23:48:49.640 ComputerName: LENOVO-832649CA UserName: Sakush
23:48:50.468 Initialize success
23:49:18.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:49:18.468 Disk 0 Vendor: WDC_WD25 14.0 Size: 238475MB BusType: 3
23:49:18.531 Disk 0 MBR read successfully
23:49:18.531 Disk 0 MBR scan
23:49:18.546 Disk 0 unknown MBR code
23:49:18.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 234242 MB offset 2048
23:49:18.593 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 4231 MB offset 479729664
23:49:18.609 Disk 0 scanning sectors +488394752
23:49:18.703 Disk 0 scanning C:\WINDOWS\system32\drivers
23:49:26.078 Service scanning
23:49:44.281 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:49:52.125 Modules scanning
23:49:54.890 Scan finished successfully
23:50:27.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sakush\Desktop\MBR.dat"
23:50:27.921 The log file has been saved successfully to "C:\Documents and Settings\Sakush\Desktop\aswMBR NO FIX.txt"
  • 0

#5
Steven Burnish

Steven Burnish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Malwarebytes' Anti-Malware


I installed but could not update as I cant access internet in safe mode :(

No malwares were found so i could not "remove selected"


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Sakush :: LENOVO-832649CA [administrator]

Protection: Disabled

4/22/2012 11:52:49 PM
mbam-log-2012-04-22 (23-52-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215362
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


OTL SCANS II

I ran OTL Scan as you mentioned and here are the two logs:


LOG 1 = Otl.txt

OTL logfile created on: 4/22/2012 11:59:24 PM - Run 4
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Sakush\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 88.78% Memory free
6.81 Gb Paging File | 6.69 Gb Available in Paging File | 98.33% Paging File free
Paging file location(s): C:\pagefile.sys 4646 4691 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.75 Gb Total Space | 14.82 Gb Free Space | 6.48% Space Free | Partition Type: NTFS
Drive F: | 959.61 Mb Total Space | 232.41 Mb Free Space | 24.22% Space Free | Partition Type: FAT32

Computer Name: LENOVO-832649CA | User Name: Sakush | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Sakush\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Sakush\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SessionLauncher) -- File not found
SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SafeBox) -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe (Bitdefender)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (CGVPNCliSrvc) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (MSR Service) -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe ()
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (UserAccess) -- C:\WINDOWS\system32\UAService.exe ()
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (FNF5SVC) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (PMSveH) -- C:\Program Files\Lenovo\PMDriver\PMSveH.exe (Lenovo)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avc3) -- C:\WINDOWS\system32\DRIVERS\avc3.sys (BitDefender)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (bdsandbox) -- C:\WINDOWS\system32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (avckf) -- C:\WINDOWS\system32\drivers\avckf.sys (BitDefender)
DRV - (Bdfndisf) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf.sys (BitDefender LLC)
DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (avchv) -- C:\WINDOWS\system32\drivers\avchv.sys (BitDefender)
DRV - (NETwNx32) ___ Intel® -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\WINDOWS\system32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (BDVEDISK) -- C:\WINDOWS\system32\drivers\bdvedisk.sys (BitDefender)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (mdf15) -- C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys ()
DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (Cam5607) -- C:\WINDOWS\system32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (PMHler) -- C:\WINDOWS\system32\drivers\PMHler.sys (Lenovo )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.5
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.6.1
FF - prefs.js..flock.keyword.provider: "Yahoo!"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_5.0 [2012/01/21 20:16:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.5\extensions\\Components: C:\Program Files\Flock\components [2011/02/02 21:01:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.5\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/02/02 21:03:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2011/02/02 21:01:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/02/02 21:03:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/25 18:52:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/09 18:43:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012/01/21 20:16:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/03/27 02:34:50 | 000,000,000 | ---D | M]

[2010/02/03 10:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Extensions
[2010/02/03 10:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2012/04/21 19:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\extensions
[2010/06/03 20:20:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/02 19:46:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/21 19:51:21 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\extensions\[email protected]
[2010/08/23 18:59:58 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Documents and Settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\extensions\[email protected]
[2012/04/09 18:43:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/09 18:43:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2010/08/22 22:24:39 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\DOCUMENTS AND SETTINGS\SAKUSH\APPLICATION DATA\FLOCK\BROWSER\PROFILES\W46NR51B.DEFAULT\EXTENSIONS\[email protected]
[2009/11/11 03:15:41 | 000,000,000 | ---D | M] (Download Accelerator Plus Integration) -- C:\PROGRAM FILES\DAP\DAPFLOCK
[2012/03/13 10:24:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2012/04/09 18:43:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2012/03/13 10:23:32 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2012/03/13 10:23:32 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/21 20:07:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [InstallerLauncher] C:\Program Files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\SetupLauncher.exe (Bitdefender)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PMDriver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKLM..\Run: [WD Spindown Utility] C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 03:47:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Sakush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv40 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2012/04/22 23:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Application Data\Malwarebytes
[2012/04/22 23:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/22 23:51:03 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/22 23:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/22 23:45:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/21 20:44:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/21 20:09:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/21 19:53:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/21 19:53:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/21 19:53:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/21 19:53:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/21 19:51:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/21 19:48:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/21 19:48:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sakush\Start Menu\Programs\Administrative Tools
[2012/04/21 19:47:17 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sakush\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/21 19:47:17 | 004,470,025 | R--- | C] (Swearware) -- C:\Documents and Settings\Sakush\Desktop\ComboFix.exe
[2012/04/21 19:47:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sakush\Desktop\aswMBR.exe
[2012/04/21 19:47:16 | 002,072,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sakush\Desktop\tdsskiller.exe
[2012/04/21 19:33:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/21 19:29:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sakush\Desktop\OTL.exe
[2012/04/14 15:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2011
[2012/04/14 15:17:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sakush\IETldCache
[2012/04/14 15:07:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/04/14 15:07:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/04/13 20:26:40 | 000,000,000 | ---D | C] -- C:\Rock Star Supernova
[2012/04/13 11:00:15 | 000,000,000 | ---D | C] -- C:\Mission Impossible III (2006)
[2012/04/13 10:59:25 | 000,000,000 | ---D | C] -- C:\Mission Impossible II (2000)
[2012/04/13 10:58:50 | 000,000,000 | ---D | C] -- C:\Mission Impossible (1996)
[2012/04/09 21:18:20 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys
[2012/04/09 21:18:20 | 000,100,224 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bserd.sys
[2012/04/09 21:18:20 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys
[2012/04/09 21:18:20 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys
[2012/04/09 21:18:19 | 000,098,432 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys
[2012/04/09 21:18:19 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys
[2012/04/09 20:20:01 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/04/09 19:38:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/04/09 18:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/04/09 18:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/09 18:43:38 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/09 18:43:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/09 18:43:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/09 18:43:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/09 18:43:38 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/09 18:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Local Settings\Application Data\Samsung
[2012/04/09 18:20:34 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2012/04/09 18:20:01 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2012/04/09 18:20:01 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2012/04/09 18:20:01 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2012/04/09 18:17:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Local Settings\Application Data\Downloaded Installations
[2012/04/09 16:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Local Settings\Application Data\BlueStacksSetup
[2012/04/09 16:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Local Settings\Application Data\BlueStacks
[2012/04/05 21:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Desktop\New Folder (2)
[2012/04/03 20:40:03 | 000,000,000 | ---D | C] -- C:\Mission Impossible Ghost Protocol (2011)
[2012/04/02 20:51:29 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/01 22:55:36 | 000,000,000 | ---D | C] -- C:\BitDefender Total Security 2012 (x86x64) include Patch{h33t}{mad dog}
[2012/04/01 20:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Application Data\Intel
[2012/04/01 20:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2012/04/01 20:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2012/04/01 20:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2012/04/01 20:50:07 | 007,477,120 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NETwNx32.sys
[2012/04/01 20:50:07 | 002,760,704 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NETwNr32.dll
[2012/04/01 20:50:07 | 000,684,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NETwNc32.dll
[2012/04/01 20:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
[2012/04/01 20:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/04/01 20:48:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/01 20:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/04/01 20:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Application Data\SystemRequirementsLab
[2012/03/28 22:11:08 | 000,325,552 | ---- | C] ((주)마크애니) -- C:\WINDOWS\MASetupCaller.dll
[2012/03/28 22:11:08 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\WINDOWS\MAMCityDownload.ocx
[2012/03/28 22:11:06 | 000,569,344 | ---- | C] (© MusicCity) -- C:\WINDOWS\System32\muzdecode.ax
[2012/03/28 22:11:06 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.dll
[2012/03/28 22:11:06 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\WINDOWS\System32\MSLUR71.dll
[2012/03/28 22:11:06 | 000,258,048 | ---- | C] (© PeeringPortal) -- C:\WINDOWS\System32\muzoggsp.ax
[2012/03/28 22:11:06 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\WINDOWS\System32\MSCLib.dll
[2012/03/28 22:11:06 | 000,200,704 | ---- | C] ( © MusicCity) -- C:\WINDOWS\System32\muzwmts.dll
[2012/03/28 22:11:06 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\WINDOWS\System32\MSFLib.dll
[2012/03/28 22:11:06 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzaf1.dll
[2012/03/28 22:11:06 | 000,131,072 | ---- | C] (© MusicCity) -- C:\WINDOWS\System32\muzmpgsp.ax
[2012/03/28 22:11:06 | 000,122,880 | ---- | C] (© MUSICCITY) -- C:\WINDOWS\System32\muzeffect.ax
[2012/03/28 22:11:06 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\WINDOWS\System32\MaDRM.dll
[2012/03/28 22:11:06 | 000,110,592 | ---- | C] (© MusicCity) -- C:\WINDOWS\System32\muzmp4sp.ax
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] (Marktek) -- C:\WINDOWS\System32\MK_Lyric.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\WINDOWS\System32\MTXSYNCICON.dll
[2012/03/28 22:11:06 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MaJGUILib.dll
[2012/03/28 22:11:06 | 000,045,320 | ---- | C] (MARKANY) -- C:\WINDOWS\System32\MAMACExtract.dll
[2012/03/28 22:11:06 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MaXMLProto.dll
[2012/03/28 22:11:06 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\WINDOWS\System32\MACXMLProto.dll
[2012/03/28 22:11:06 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\WINDOWS\System32\MTTELECHIP.dll
[2012/03/28 22:11:06 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\WINDOWS\System32\MASetupCleaner.exe
[2012/03/28 22:11:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avrt.dll
[2012/03/28 16:12:53 | 000,000,000 | ---D | C] -- C:\Stacy Schiff - Cleopatra_A Life
[2012/03/28 16:04:30 | 000,000,000 | ---D | C] -- C:\The Silmarillion (444)
[2012/03/28 15:55:19 | 000,000,000 | ---D | C] -- C:\The Silmarillion (AudioBook & E-Book)
[2012/03/27 02:48:40 | 000,000,000 | ---D | C] -- C:\Nrwcf
[2012/03/27 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/03/27 02:09:12 | 000,611,520 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2012/03/27 02:08:40 | 000,063,056 | ---- | C] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
[2012/03/27 02:07:08 | 000,447,208 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2012/03/27 02:04:25 | 000,000,000 | ---D | C] -- C:\F1 - 2012
[2012/03/26 23:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Local Settings\Application Data\bdch
[2012/03/26 23:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2012/03/26 23:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Application Data\Bitdefender
[2012/03/26 00:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Technologies
[2012/03/26 00:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\Start Menu\Programs\WD Spindown or Stop Utility
[2012/03/24 16:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sakush\My Documents\FM12_temp
[2011/06/16 23:03:31 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/22 23:50:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Sakush\Desktop\MBR.dat
[2012/04/22 23:43:45 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/22 23:43:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/21 21:11:39 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\Sakush\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/21 20:07:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/21 19:51:34 | 000,075,254 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1335017161.bdinstall.bin
[2012/04/21 19:46:06 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sakush\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/21 19:32:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sakush\Desktop\aswMBR.exe
[2012/04/21 19:24:52 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sakush\Desktop\tdsskiller.exe
[2012/04/21 19:24:08 | 004,470,025 | R--- | M] (Swearware) -- C:\Documents and Settings\Sakush\Desktop\ComboFix.exe
[2012/04/14 16:27:11 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2955907764-2073543447-3033106246-1008UA.job
[2012/04/14 15:17:57 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Sakush\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/14 15:08:22 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/04/14 14:38:01 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/04/13 23:26:07 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/12 13:27:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2955907764-2073543447-3033106246-1008Core.job
[2012/04/09 20:20:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/09 20:19:37 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/04/09 20:19:37 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/04/09 19:39:06 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/04/09 18:43:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/09 18:43:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/09 18:43:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/09 18:43:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/09 18:43:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/09 18:20:42 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\Sakush\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/04/09 10:52:10 | 384,418,649 | ---- | M] () -- C:\Game.of.Thrones.S02E02.HDTV.x264-ASAP.mp4
[2012/04/08 13:48:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/06 04:16:45 | 1963,042,257 | ---- | M] () -- C:\Sternberg's Diagnostic Surgical Pathology, 5th ed. 2010, Pg.chm
[2012/04/05 12:58:49 | 000,000,323 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/02 20:51:29 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/02 20:51:29 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/01 20:51:34 | 000,531,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/01 20:51:34 | 000,098,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/30 22:39:01 | 000,611,520 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys
[2012/03/28 22:11:22 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2012/03/28 22:11:08 | 000,325,552 | ---- | M] ((주)마크애니) -- C:\WINDOWS\MASetupCaller.dll
[2012/03/28 22:11:08 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\WINDOWS\MAMCityDownload.ocx
[2012/03/28 22:11:08 | 000,030,568 | ---- | M] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | M] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/03/28 22:11:06 | 000,569,344 | ---- | M] (© MusicCity) -- C:\WINDOWS\System32\muzdecode.ax
[2012/03/28 22:11:06 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzapp.dll
[2012/03/28 22:11:06 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\WINDOWS\System32\MSLUR71.dll
[2012/03/28 22:11:06 | 000,258,048 | ---- | M] (© PeeringPortal) -- C:\WINDOWS\System32\muzoggsp.ax
[2012/03/28 22:11:06 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\WINDOWS\System32\MSCLib.dll
[2012/03/28 22:11:06 | 000,200,704 | ---- | M] ( © MusicCity) -- C:\WINDOWS\System32\muzwmts.dll
[2012/03/28 22:11:06 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\WINDOWS\System32\MSFLib.dll
[2012/03/28 22:11:06 | 000,143,360 | ---- | M] () -- C:\WINDOWS\System32\3DAudio.ax
[2012/03/28 22:11:06 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\System32\muzaf1.dll
[2012/03/28 22:11:06 | 000,131,072 | ---- | M] (© MusicCity) -- C:\WINDOWS\System32\muzmpgsp.ax
[2012/03/28 22:11:06 | 000,122,880 | ---- | M] (© MUSICCITY) -- C:\WINDOWS\System32\muzeffect.ax
[2012/03/28 22:11:06 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\WINDOWS\System32\MaDRM.dll
[2012/03/28 22:11:06 | 000,110,592 | ---- | M] (© MusicCity) -- C:\WINDOWS\System32\muzmp4sp.ax
[2012/03/28 22:11:06 | 000,081,920 | ---- | M] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | M] (Marktek) -- C:\WINDOWS\System32\MK_Lyric.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\WINDOWS\System32\MTXSYNCICON.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | M] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/03/28 22:11:06 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\WINDOWS\System32\MaJGUILib.dll
[2012/03/28 22:11:06 | 000,045,320 | ---- | M] (MARKANY) -- C:\WINDOWS\System32\MAMACExtract.dll
[2012/03/28 22:11:06 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\WINDOWS\System32\MaXMLProto.dll
[2012/03/28 22:11:06 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\WINDOWS\System32\MACXMLProto.dll
[2012/03/28 22:11:06 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\WINDOWS\System32\MTTELECHIP.dll
[2012/03/28 22:11:06 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\WINDOWS\System32\MASetupCleaner.exe
[2012/03/28 22:11:06 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avrt.dll
[2012/03/28 22:11:02 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2012/03/28 22:11:02 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2012/03/28 22:11:02 | 000,020,032 | ---- | M] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2012/03/27 02:08:40 | 000,063,056 | ---- | M] (BitDefender SRL) -- C:\WINDOWS\System32\drivers\bdsandbox.sys
[2012/03/27 02:07:08 | 000,447,208 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys
[2012/03/26 23:54:13 | 000,113,616 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2012/03/26 23:54:03 | 000,240,184 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys
[2012/03/26 23:24:50 | 000,528,423 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1332783350.bdinstall.bin
[2012/03/26 23:23:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/03/26 23:23:35 | 000,001,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security 2012.lnk
[2012/03/26 22:56:53 | 000,021,611 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1332781903.bdinstall.bin
[2012/03/26 22:53:59 | 001,540,166 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2012/03/25 18:53:00 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Sakush\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/22 23:50:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Sakush\Desktop\MBR.dat
[2012/04/21 19:53:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/21 19:53:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/21 19:53:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/21 19:53:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/21 19:53:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/21 19:51:34 | 000,075,254 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1335017161.bdinstall.bin
[2012/04/14 15:17:57 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Sakush\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/14 15:08:22 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/04/09 19:39:06 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/04/09 18:20:42 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\Sakush\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/04/09 08:21:58 | 384,418,649 | ---- | C] () -- C:\Game.of.Thrones.S02E02.HDTV.x264-ASAP.mp4
[2012/04/05 21:03:36 | 1963,042,257 | ---- | C] () -- C:\Sternberg's Diagnostic Surgical Pathology, 5th ed. 2010, Pg.chm
[2012/04/04 19:48:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/02 20:51:29 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/03/28 22:11:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\3DAudio.ax
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/03/26 23:46:18 | 000,000,323 | ---- | C] () -- C:\WINDOWS\System32\checkdnsid.xml
[2012/03/26 23:24:50 | 000,528,423 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1332783350.bdinstall.bin
[2012/03/26 23:23:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/03/26 23:23:35 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Total Security 2012.lnk
[2012/03/26 22:56:53 | 000,021,611 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1332781903.bdinstall.bin
[2011/06/16 23:03:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/02/21 18:41:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imblacklist.dat
[2011/02/21 14:08:15 | 001,540,166 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/11/22 18:15:54 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool.dat
[2010/11/22 18:15:53 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll
[2010/11/22 18:15:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll
[2010/11/22 18:15:53 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\bsrgvas.dll
[2010/11/22 18:15:29 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2010/11/22 18:15:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2010/11/11 21:31:05 | 004,932,426 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2955907764-2073543447-3033106246-1008-0.dat
[2010/11/07 14:08:35 | 000,359,226 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/08/14 00:26:56 | 001,244,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/13 22:01:22 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/08/13 22:01:22 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/08/13 22:01:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Sakush\Application Data\$_hpcst$.hpc
[2010/08/02 02:01:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/07/11 00:56:10 | 000,000,571 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/06/03 17:25:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2010/02/10 11:15:04 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Sakush\Application Data\bdfvconp.ini
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/02/08 08:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2009/12/06 22:35:32 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/12/06 07:07:59 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2009/12/06 07:07:59 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/12/04 17:28:33 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/11/11 02:19:07 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/10 06:49:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/25 22:22:07 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService.exe
[2009/09/25 22:22:07 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/09/21 21:52:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/11 22:09:30 | 000,000,208 | ---- | C] () -- C:\WINDOWS\POD.INI
[2009/09/11 22:08:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/09/04 02:32:11 | 000,113,664 | ---- | C] () -- C:\Documents and Settings\Sakush\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/03 19:54:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/13 11:51:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/13 11:36:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009/07/13 11:33:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/07/13 11:33:24 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/07/13 11:33:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/07/13 11:33:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/07/13 11:33:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/07/13 11:33:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/07/13 11:32:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/07/13 11:32:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/13 11:28:49 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009/07/13 11:28:49 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009/07/13 11:28:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009/07/13 11:28:48 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009/07/13 11:28:48 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009/07/13 11:28:48 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009/07/13 11:28:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009/07/13 11:28:47 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009/07/13 11:28:47 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009/07/13 11:28:47 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009/07/13 11:28:47 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009/07/13 11:28:47 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009/07/13 11:28:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009/07/13 11:28:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009/07/13 11:28:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009/07/13 11:28:45 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009/07/13 11:23:12 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/07/13 11:23:12 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/07/13 11:23:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2009/07/13 11:17:26 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/07/13 11:14:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2008/07/22 21:07:09 | 000,000,350 | RHS- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/22 04:35:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/07/22 04:35:00 | 000,531,862 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/07/22 04:35:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/07/22 04:35:00 | 000,098,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/07/22 04:35:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/07/22 04:34:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/07/22 04:34:59 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/07/22 04:34:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/07/22 04:34:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/07/22 04:34:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/07/22 04:34:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/07/22 04:34:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/07/22 03:49:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/22 03:45:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/21 20:40:48 | 000,004,307 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/21 20:40:02 | 000,399,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2004/12/20 15:53:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 15:48:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/10 19:21:12 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll
[2002/12/15 03:31:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/15 03:31:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/15 03:31:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/15 02:31:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 17:56:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll

========== LOP Check ==========

[2011/02/21 14:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4fdb0000-3fd7-41bd-4053-3d24a308378b
[2011/02/21 14:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aa080000-27c5-4bde-4bdc-603f579e61b6
[2011/02/25 16:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2012/03/27 02:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/03/26 23:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/09/10 22:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/09/06 12:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/19 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/07/13 11:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2012/01/21 20:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/01/21 20:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012/01/21 20:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/07/13 11:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/07/13 11:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/04/09 18:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/11/11 03:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2009/11/29 17:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/03/01 01:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/07/13 11:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/06/15 18:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VeriFace
[2010/02/20 12:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/06/15 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2011/02/02 21:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/11 03:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/01 01:19:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012/03/26 23:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Bitdefender
[2011/02/04 15:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\cald3
[2010/09/10 22:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\DAEMON Tools Lite
[2012/03/27 04:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Esnyzi
[2010/02/03 10:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Flock
[2009/10/03 15:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\InterVideo
[2009/09/03 22:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Leadertech
[2012/02/29 23:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Maxthon3
[2011/11/11 21:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Mefy
[2012/01/21 20:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Nokia
[2012/01/21 20:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Nokia Suite
[2009/09/25 22:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\oald7
[2012/01/21 20:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\PC Suite
[2011/02/21 14:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\QuickScan
[2012/04/09 18:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Samsung
[2011/12/05 22:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Sports Interactive
[2012/04/01 20:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\SystemRequirementsLab
[2012/02/26 22:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\TeamViewer
[2011/02/19 16:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\temp
[2010/03/01 01:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\TuneUp Software
[2012/04/16 00:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\uTorrent
[2011/06/15 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Zbshareware Lab
[2012/03/14 03:00:27 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

========== Purity Check ==========



========== Custom Scans ==========


< DRIVES >

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/12/20 19:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Adobe
[2009/10/14 00:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Ahead
[2011/02/03 11:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Apple Computer
[2012/03/26 23:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Bitdefender
[2011/02/04 15:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\cald3
[2011/03/05 18:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\CyberLink
[2010/09/10 22:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\DAEMON Tools Lite
[2012/03/03 18:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\dvdcss
[2012/03/27 04:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Esnyzi
[2010/02/03 10:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Flock
[2011/04/04 23:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Help
[2008/07/22 03:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Identities
[2009/07/13 11:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\InstallShield
[2012/04/01 20:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Intel
[2009/10/03 15:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\InterVideo
[2009/09/03 22:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Leadertech
[2009/11/30 10:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Macromedia
[2012/04/22 23:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Malwarebytes
[2012/02/29 23:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Maxthon3
[2011/11/11 21:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Mefy
[2011/10/02 00:36:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Sakush\Application Data\Microsoft
[2012/04/12 03:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Mozilla
[2012/01/21 20:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Nokia
[2012/01/21 20:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Nokia Suite
[2009/09/25 22:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\oald7
[2012/01/21 20:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\PC Suite
[2011/02/21 14:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\QuickScan
[2012/04/09 18:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Samsung
[2009/09/04 05:18:33 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Sakush\Application Data\SecuROM
[2012/04/11 22:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Skype
[2012/02/16 21:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\skypePM
[2011/12/05 22:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Sports Interactive
[2009/07/13 11:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Sun
[2012/04/01 20:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\SystemRequirementsLab
[2012/02/26 22:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\TeamViewer
[2011/02/19 16:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\temp
[2010/03/01 01:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\TuneUp Software
[2010/02/24 08:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\U3
[2012/04/16 00:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\uTorrent
[2012/01/20 10:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\vlc
[2009/10/29 20:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\WinRAR
[2010/06/17 21:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Yahoo!
[2011/06/15 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sakush\Application Data\Zbshareware Lab


< MD5 for: ATAPI.SYS >
[2008/04/14 17:45:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 17:45:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 12:55:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 12:55:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 12:55:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 17:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\RRbackups\FR\UF\WINDOWS\system32\csrss.exe
[2008/04/14 17:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 17:45:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\RRbackups\FR\UF\WINDOWS\explorer.exe
[2008/04/14 19:27:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 19:27:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 17:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\RRbackups\FR\UF\WINDOWS\system32\svchost.exe
[2008/04/14 17:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 17:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 17:45:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\RRbackups\FR\UF\WINDOWS\system32\userinit.exe
[2008/04/14 17:45:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 17:45:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 17:45:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\RRbackups\FR\UF\WINDOWS\system32\winlogon.exe
[2008/04/14 17:45:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 17:45:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/13 10:24:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/13 10:24:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/13 10:24:39 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/13 10:24:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/13 10:24:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/13 10:24:04 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FLOCK.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Flock\uninstall\helper.exe" /HideShortcuts [2010/08/27 12:38:37 | 000,522,272 | ---- | M] (Flock Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FLOCK.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Flock\uninstall\helper.exe" /ShowShortcuts [2010/08/27 12:38:37 | 000,522,272 | ---- | M] (Flock Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FLOCK.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Flock\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/08/27 12:38:37 | 000,522,272 | ---- | M] (Flock Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FLOCK.EXE\shell\open\command\\: C:\PROGRA~1\FLOCK\FLOCK.EXE [2010/08/27 12:38:31 | 000,116,024 | ---- | M] (Flock, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FLOCK.EXE\shell\properties\command\\: C:\PROGRA~1\FLOCK\FLOCK.EXE -preferences [2010/08/27 12:38:31 | 000,116,024 | ---- | M] (Flock, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FLOCK.EXE\shell\safemode\command\\: C:\PROGRA~1\FLOCK\FLOCK.EXE -safe-mode [2010/08/27 12:38:31 | 000,116,024 | ---- | M] (Flock, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon.exe\shell\open\command\\: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" [2012/02/15 11:19:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\\ReinstallCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 11:19:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\\ShowIconsCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 11:19:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\\HideIconsCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 11:19:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\Shell\open\command\\: C:\Program Files\Maxthon3\Bin\Maxthon.exe [2012/02/15 11:19:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/09/10 22:01:03 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

========== Files - Unicode (All) ==========
[2011/02/21 15:01:45 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Sakush\?????) -- C:\Documents and Settings\Sakush\獷楬汢捯污

< End of report >


..................................................................................................................................

LOG 2 - Extras.txt

OTL Extras logfile created on: 4/22/2012 11:59:24 PM - Run 4
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Sakush\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 88.78% Memory free
6.81 Gb Paging File | 6.69 Gb Available in Paging File | 98.33% Paging File free
Paging file location(s): C:\pagefile.sys 4646 4691 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.75 Gb Total Space | 14.82 Gb Free Space | 6.48% Space Free | Partition Type: NTFS
Drive F: | 959.61 Mb Total Space | 232.41 Mb Free Space | 24.22% Space Free | Partition Type: FAT32

Computer Name: LENOVO-832649CA | User Name: Sakush | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\EA Sports\FIFA 09\FIFA09.exe" = C:\Program Files\EA Sports\FIFA 09\FIFA09.exe:*:Enabled:FIFA09 -- ()
"C:\Program Files\Team JPN\Fifa 2010\FIFA10.exe" = C:\Program Files\Team JPN\Fifa 2010\FIFA10.exe:*:Enabled:FIFA10 -- ()
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive)
"C:\Documents and Settings\Sakush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Sakush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\EA Sports\MyProg\Game\fifa.exe" = C:\Program Files\EA Sports\MyProg\Game\fifa.exe:*:Enabled:FIFA 12 -- (Electronic Arts)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Maxthon3\Modules\MxMiniThunder\ThunderMini.exe" = C:\Program Files\Maxthon3\Modules\MxMiniThunder\ThunderMini.exe:*:Enabled:MxMiniThunder -- (深圳市迅雷网络技术有限公司)
"C:\Program Files\Maxthon3\Bin\Maxthon.exe" = C:\Program Files\Maxthon3\Bin\Maxthon.exe:*:Enabled:Maxthon -- (Maxthon International ltd.)
"C:\Program Files\Maxthon3\Bin\MxUp.exe" = C:\Program Files\Maxthon3\Bin\MxUp.exe:*:Enabled:MxUp -- (Maxthon International ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{12383CA3-0733-4210-00B8-D83642F1192C}" = EA SPORTS™ Cricket 07
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Total Security 2012
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FIFA Manager 07
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B7IL77L-T4D4-75B1-97C5-18CD6E6334R1}_is1" = FIFA 12 version 1.0
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4C018129-1793-48D2-B82C-6FA71C96B476}" = Online Data Backup
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{593AFFA4-D08E-4272-BABB-420949D32A10}" = QUICKfind
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE6F412F-C276-4FD8-B3E1-F996CC172776}" = WD Spindown or Stop Utility for External Drive, v1.00
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C18DAD9E-AC61-40D6-9BBF-0F1E0DFE0C15}" = FMRTE
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{DE39D99E-62CD-440D-BB51-800D5BA5D181}" = Intel® PROSet/Wireless WiFi Software
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FFF4949A-3B77-452C-BC5E-F49C8FBA99CF}_is1" = Fifa 2010
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Bitdefender" = Bitdefender Total Security 2012
"BulentsScreenRecorder4" = BSR Screen Recorder 4
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creation Master 10_is1" = Creation Master 10 Release 10.3
"Creation Master 12_is1" = Creation Master 12 Beta 6
"Cricket Coach 2010_is1" = Cricket Coach 2010
"cricket revolution 1.10" = cricket revolution 1.10
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.18
"DB Master 12_is1" = DB Master 12 Beta 2
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DragonUnPACKer5_is1" = Dragon UnPACKer 5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fifa 10 Crowdpatch" = Fifa 10 Crowdpatch
"File Master 12_is1" = File Master 12 Release 12.0
"Flock (2.6.1)" = Flock (2.6.1)
"Football Manager 2010" = Football Manager 2010
"Football Manager 2011" = Football Manager 2011
"Football Manager 2012_is1" = Football Manager 2012
"Game Booster_is1" = Game Booster 3
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"HotspotShield" = Hotspot Shield 1.37
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"jv16 PowerTools 2011" = jv16 PowerTools 2011
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Maxthon3" = Maxthon 3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Suite" = Nokia Suite
"NSIS_cald3" = Cambridge Advanced Learner's Dictionary - 3rd Edition
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo System Toolbox
"PCMCIAPW" = ThinkPad PC Card Power Policy
"PowerISO" = PowerISO
"SLD Codec Pack" = SLD Codec Pack
"TeamViewer 7" = TeamViewer 7
"USB Disk Security_is1" = USB Disk Security
"VeriFace III" = VeriFace III
"VLC media player" = VLC media player 0.9.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"[email protected] FIFA 2002" = [email protected] FIFA 2002
"[email protected] FIFA World Cup 2002" = [email protected] FIFA World Cup 2002
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FIFA 12 FAST START V.1.0 BY DOCTOR+ PRODUCTIONS" = FIFA 12 FAST START V.1.0 BY DOCTOR+ PRODUCTIONS
"FIFA 12 REAL PERFORMANCE OPTIMIZER V. 1.0 BY DOCTOR+ PRODUCTIONS" = FIFA 12 REAL PERFORMANCE OPTIMIZER V. 1.0 BY DOCTOR+ PRODUCTIONS
"MyFreeCodec" = MyFreeCodec
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/22/2012 2:02:33 PM | Computer Name = LENOVO-832649CA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2012 2:02:34 PM | Computer Name = LENOVO-832649CA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2012 2:02:37 PM | Computer Name = LENOVO-832649CA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2012 2:02:37 PM | Computer Name = LENOVO-832649CA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2012 2:02:37 PM | Computer Name = LENOVO-832649CA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2012 2:02:37 PM | Computer Name = LENOVO-832649CA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2012 2:02:39 PM | Computer Name = LENOVO-832649CA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2012 2:02:40 PM | Computer Name = LENOVO-832649CA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2012 2:02:41 PM | Computer Name = LENOVO-832649CA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2012 2:02:46 PM | Computer Name = LENOVO-832649CA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 4/1/2012 9:45:27 AM | Computer Name = LENOVO-832649CA | Source = Service Control Manager | ID = 7000
Description = The TVT Windows Update Monitor service failed to start due to the
following error: %%109

Error - 4/1/2012 9:45:27 AM | Computer Name = LENOVO-832649CA | Source = Service Control Manager | ID = 7000
Description = The SecuROM User Access Service service failed to start due to the
following error: %%109

Error - 4/1/2012 9:45:27 AM | Computer Name = LENOVO-832649CA | Source = Service Control Manager | ID = 7000
Description = The System Update service failed to start due to the following error:
%%109

Error - 4/1/2012 9:45:27 AM | Computer Name = LENOVO-832649CA | Source = Service Control Manager | ID = 7034
Description = The BitDefender Desktop Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/1/2012 9:46:06 AM | Computer Name = LENOVO-832649CA | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2012 9:46:08 AM | Computer Name = LENOVO-832649CA | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2012 9:46:10 AM | Computer Name = LENOVO-832649CA | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2012 11:02:54 AM | Computer Name = LENOVO-832649CA | Source = DCOM | ID = 10005
Description = DCOM got error "%109" attempting to start the service RegSrvc with
arguments "-Service" in order to run the server: {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

Error - 4/1/2012 11:02:54 AM | Computer Name = LENOVO-832649CA | Source = Service Control Manager | ID = 7000
Description = The Intel® PROSet/Wireless Registry Service service failed to start
due to the following error: %%109

Error - 4/5/2012 2:33:50 AM | Computer Name = LENOVO-832649CA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001E652F4CC6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >




Thank you once agian Rob for your time and help!!
Cheers!!
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

AtJob::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\sptd.sys

RenV::
c:\program files\Team JPN\Fifa 2010\Uninstaller .exe

Driver::
sptd
SessionLauncher

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

If you boot into safe Mode with Networking can you get on then?

If you right click on the white desktop and select Properties what do you see?

Ron
  • 0

#7
Steven Burnish

Steven Burnish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello Ron,

I was able to log in normally successfully!!! When I was halfway through the tests yesterday, I was not able to log in. Everything looks back to normal so far as I have not found any more errors. Dont know if the malware is still hidden though!! Should I run few more tests??

Having informed that, Should I still carry on what you mentioned on the post above?? (Post#6)


Cheers,
Steven
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Yes we need to get rid of the renv infection or it will spread.
  • 0

#9
Steven Burnish

Steven Burnish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I ran the scan as you mentioned. However, after "Completing Stage 50," my computer restarts with a message "A problme has been detected and windows has been shut down to prevent damage to you computer - BAD_POOL_HEADER"

I tried it thrice still the result was same. I am not able to genearte the log as the computer restarts before a log is generated.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Can you run Combofix by itself without the script? Probably if it got to stage 50 it removed the infection but we need to be sure.
  • 0

Advertisements


#11
Steven Burnish

Steven Burnish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I tried running ComboFix normally. The scan reached "Creating Log at C:/ComboFix" but ended up reaching the error mentioned in my previous post. I tried it thirce, twice with the same result. Once after completion of scan, the screen went off whereas the computer was still on (The lights the computer-in-use was still on).

After restarting the computer, i found a notepad document inside C://ComboFix titled "ComboFix.txt" maybe thats the log of the scan. Im posting that txt file below.


ComboFix 12-04-20.03 - Sakush 04/24/2012 13:13:01.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2272 [GMT 5.75:45]
Running from: C:\Documents and Settings\Sakush\Desktop\ComboFix.exe


((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))


2012-04-23 17:29:11 . 2012-04-23 17:29:11 -------- d-sh--w- C:\Documents and Settings\Sakush\PrivacIE
2012-04-22 19:02:03 . 2012-04-22 19:02:03 84099 ----a-w- C:\Documents and Settings\All Users\Application Data\1335121103.bdinstall.bin
2012-04-22 18:58:27 . 2012-04-22 18:58:27 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
2012-04-22 18:06:20 . 2012-04-22 18:06:20 -------- d-----w- C:\Documents and Settings\Sakush\Application Data\Malwarebytes
2012-04-22 18:06:04 . 2012-04-22 18:06:04 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-04-22 18:06:03 . 2012-04-22 18:06:05 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-22 18:06:03 . 2012-04-04 10:11:40 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-04-22 18:00:55 . 2012-04-22 18:00:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 14:06:34 . 2012-04-21 14:06:34 75254 ----a-w- C:\Documents and Settings\All Users\Application Data\1335017161.bdinstall.bin
2012-04-21 13:48:47 . 2012-04-21 13:48:47 -------- d-----w- C:\_OTL
2012-04-14 10:02:26 . 2012-04-14 10:02:47 -------- d-----w- C:\Program Files\jv16 PowerTools 2011
2012-04-14 09:32:53 . 2012-04-14 09:32:53 -------- d-sh--w- C:\Documents and Settings\Sakush\IETldCache
2012-04-14 09:25:30 . 2012-04-14 09:25:30 -------- d-sh--w- C:\WINDOWS\system32\config\systemprofile\IETldCache
2012-04-14 09:22:51 . 2012-04-14 09:23:03 -------- dc-h--w- C:\WINDOWS\ie8
2012-04-13 14:41:40 . 2012-04-21 14:32:14 -------- d-----w- C:\Rock Star Supernova
2012-04-13 05:15:15 . 2012-04-13 05:16:05 -------- d-----w- C:\Mission Impossible III (2006)
2012-04-13 05:14:25 . 2012-04-13 05:15:13 -------- d-----w- C:\Mission Impossible II (2000)
2012-04-13 05:13:50 . 2012-04-13 05:14:23 -------- d-----w- C:\Mission Impossible (1996)
2012-04-11 07:05:17 . 2012-04-11 07:05:17 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\bdch
2012-04-09 15:33:20 . 2010-12-21 05:55:02 14848 ----a-w- C:\WINDOWS\system32\drivers\ss_bmdfl.sys
2012-04-09 15:33:20 . 2010-12-21 05:55:02 12416 ----a-w- C:\WINDOWS\system32\drivers\ss_bcmnt.sys
2012-04-09 15:33:20 . 2010-12-21 05:55:02 123648 ----a-w- C:\WINDOWS\system32\drivers\ss_bmdm.sys
2012-04-09 15:33:20 . 2010-12-21 05:55:02 100224 ----a-w- C:\WINDOWS\system32\drivers\ss_bserd.sys
2012-04-09 15:33:19 . 2010-12-21 05:55:02 98432 ----a-w- C:\WINDOWS\system32\drivers\ss_bbus.sys
2012-04-09 15:33:19 . 2010-12-21 05:55:02 12288 ----a-w- C:\WINDOWS\system32\drivers\ss_bwhnt.sys
2012-04-09 13:53:01 . 2012-04-09 13:53:01 -------- d--h--w- C:\WINDOWS\system32\GroupPolicy
2012-04-09 12:58:48 . 2012-04-09 12:58:48 -------- d-----w- C:\Program Files\Common Files\Java
2012-04-09 12:58:38 . 2012-04-09 12:58:23 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2012-04-09 12:58:38 . 2012-04-09 12:58:23 476904 ----a-w- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-09 12:58:38 . 2012-04-09 12:58:23 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2012-04-09 12:41:59 . 2012-04-09 14:50:15 -------- d-----w- C:\Documents and Settings\Sakush\Local Settings\Application Data\Samsung
2012-04-09 12:35:34 . 2012-03-28 16:26:22 4659712 ----a-w- C:\WINDOWS\system32\Redemption.dll
2012-04-09 12:35:01 . 2012-03-28 16:26:02 821824 ----a-w- C:\WINDOWS\system32\dgderapi.dll
2012-04-09 12:35:01 . 2012-03-28 16:26:02 319456 ----a-w- C:\WINDOWS\system32\DIFxAPI.dll
2012-04-09 12:35:01 . 2012-03-28 16:26:02 20032 ----a-w- C:\WINDOWS\system32\drivers\dgderdrv.sys
2012-04-09 12:32:14 . 2012-04-09 12:32:14 -------- d-----w- C:\Documents and Settings\Sakush\Local Settings\Application Data\Downloaded Installations
2012-04-09 11:04:10 . 2012-04-09 11:04:12 -------- d-----w- C:\Documents and Settings\Sakush\Local Settings\Application Data\BlueStacks
2012-04-03 14:55:03 . 2012-04-09 12:11:36 -------- d-----w- C:\Mission Impossible Ghost Protocol (2011)
2012-04-02 15:06:29 . 2012-04-22 19:42:43 418464 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-04-01 17:10:36 . 2012-04-01 17:10:36 -------- d-----w- C:\BitDefender Total Security 2012 (x86x64) include Patch{h33t}{mad dog}
2012-04-01 15:05:43 . 2012-04-01 15:05:43 -------- d-----w- C:\Documents and Settings\Sakush\Application Data\Intel
2012-04-01 15:05:43 . 2012-04-01 15:05:43 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\Intel
2012-04-01 15:05:43 . 2012-04-01 15:05:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Intel
2012-04-01 15:05:43 . 2012-04-01 15:05:43 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Intel
2012-04-01 15:05:07 . 2011-12-12 02:20:02 7477120 ----a-w- C:\WINDOWS\system32\drivers\NETwNx32.sys
2012-04-01 15:05:07 . 2010-05-18 15:46:28 2760704 ----a-w- C:\WINDOWS\system32\NETwNr32.dll
2012-04-01 15:05:07 . 2010-05-18 15:44:10 684032 ----a-w- C:\WINDOWS\system32\NETwNc32.dll
2012-04-01 15:04:42 . 2012-04-01 15:04:42 -------- d-----w- C:\Program Files\Common Files\Intel
2012-04-01 14:54:16 . 2012-04-01 14:54:16 -------- d-----w- C:\Program Files\SystemRequirementsLab
2012-04-01 14:53:48 . 2012-04-01 14:53:48 -------- d-----w- C:\Documents and Settings\Sakush\Application Data\SystemRequirementsLab
2012-03-28 10:27:53 . 2012-03-28 10:31:01 -------- d-----w- C:\Stacy Schiff - Cleopatra_A Life
2012-03-28 10:19:30 . 2012-04-21 13:27:12 -------- d-----w- C:\The Silmarillion (444)
2012-03-28 10:10:19 . 2012-03-28 10:18:01 -------- d-----w- C:\The Silmarillion (AudioBook & E-Book)
2012-03-26 21:08:28 . 2012-04-22 19:01:28 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Bitdefender
2012-03-26 21:03:40 . 2012-04-01 17:09:41 -------- d-----w- C:\Nrwcf
2012-03-26 20:50:37 . 2012-03-26 20:50:37 -------- d-----w- C:\Documents and Settings\All Users\Application Data\BDLogging
2012-03-26 20:22:08 . 2012-03-26 20:22:08 447208 ----a-w- C:\WINDOWS\system32\drivers\avckf.sys
2012-03-26 20:19:25 . 2012-04-21 13:27:10 -------- d-----w- C:\F1 - 2012
2012-03-26 17:44:12 . 2012-03-26 17:44:12 -------- d-----w- C:\Documents and Settings\Sakush\Local Settings\Application Data\bdch
2012-03-26 17:39:50 . 2012-03-26 17:39:50 528423 ----a-w- C:\Documents and Settings\All Users\Application Data\1332783350.bdinstall.bin
2012-03-26 17:11:53 . 2012-03-26 17:11:53 21611 ----a-w- C:\Documents and Settings\All Users\Application Data\1332781903.bdinstall.bin
2012-03-25 18:26:41 . 2012-03-25 18:26:41 -------- d-----w- C:\Program Files\Western Digital Technologies
2012-03-25 13:07:49 . 2012-03-13 04:39:39 97208 ----a-w- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
2012-03-25 13:07:48 . 2012-03-13 04:39:06 44472 ----a-w- C:\Program Files\Mozilla Firefox\mozglue.dll
2012-03-25 13:07:48 . 2012-03-13 04:39:05 592824 ----a-w- C:\Program Files\Mozilla Firefox\gkmedias.dll
2012-03-25 13:07:48 . 2012-03-13 04:38:33 626688 ----a-w- C:\Program Files\Mozilla Firefox\msvcr80.dll
2012-03-25 13:07:48 . 2012-03-13 04:38:33 548864 ----a-w- C:\Program Files\Mozilla Firefox\msvcp80.dll
2012-03-25 13:07:48 . 2012-03-13 04:38:33 479232 ----a-w- C:\Program Files\Mozilla Firefox\msvcm80.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-22 19:42:43 . 2011-08-13 19:10:19 70304 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-03-26 18:09:03 . 2011-07-15 10:26:46 240184 ----a-w- C:\WINDOWS\system32\drivers\avchv.sys
2012-03-26 17:08:59 . 2011-02-21 08:23:15 1540166 ----a-w- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
2012-02-29 10:12:46 . 2012-02-29 10:12:46 2 --shatr- C:\WINDOWS\winstart.bat
2010-07-08 04:52:14 . 2010-07-08 04:52:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
2012-03-13 04:39:39 . 2012-03-25 13:07:49 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

---- Directory of %user%\library ----


---- Directory of C:\Program Files\Common ----



((((((((((((((((((((((((((((( [email protected]_14.22.23 )))))))))))))))))))))))))))))))))))))))))

+ 2012-04-24 07:19:57 . 2012-04-24 07:19:57 16384 C:\WINDOWS\temp\Perflib_Perfdata_394.dat
+ 2012-04-22 19:42:43 . 2012-04-22 19:42:43 353440 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-04-02 15:06:29 . 2012-04-22 19:42:43 253088 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-22 19:42:43 . 2012-04-22 19:42:43 8797344 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-07-13 05:43:55 241752 ----a-w- C:\WINDOWS\system32\IcnOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 12:01:14 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMHandler"="C:\PROGRA~1\Lenovo\PMDriver\PMHandler.exe" [2009-04-03 05:33:28 247080]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2008-03-26 12:58:40 163840]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 19:00:00 60192]
"TPWAUDAP"="C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 04:33:02 54560]
"SmartAudio"="C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 03:19:50 2701880]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 22:42:48 487424]
"VeriFaceManager"="C:\Program Files\Lenovo\VeriFaceIII\PManage.exe" [2009-07-13 05:43:55 323584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 09:38:00 34672]
"LPManager"="C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 17:10:00 120368]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2008-12-20 08:55:21 449088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 11:53:18 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-01-25 09:23:14 421160]
"RemoteControl10"="C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 18:23:56 87336]
"BDRegion"="C:\Program Files\Cyberlink\Shared files\brs.exe" [2010-03-13 07:13:58 75048]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2011-04-22 09:28:14 129536]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2011-04-22 09:28:02 163328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2011-04-22 09:27:50 138752]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 00:57:18 718688]
"WD Spindown Utility"="C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe" [2004-08-09 09:30:42 278528]
"IntelZeroConfig"="C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-12-23 06:48:44 1407248]
"IntelWireless"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-12-23 05:16:06 1210640]
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-30 22:53:14 3521424]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 08:17:04 254696]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 10:11:38 462408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 19:59:24 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 12:00:00 53760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-31 04:25:09 136176 ----atw- C:\Documents and Settings\Sakush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2012-03-30 22:53:12 954256 ----a-w- C:\Program Files\Samsung\Kies\KiesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-03-30 22:53:26 21392 ----a-w- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 04:32:48 5252408 ------w- C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 23:44:34 3883856 ------w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2011-11-01 09:55:04 1053056 ----a-w- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-04-25 15:15:44 244208 ----a-w- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\EA Sports\\FIFA 09\\FIFA09.exe"=
"C:\\Program Files\\Team JPN\\Fifa 2010\\FIFA10.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=
"C:\\Documents and Settings\\Sakush\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"C:\\Program Files\\EA Sports\\MyProg\\Game\\fifa.exe"=
"C:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"C:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"C:\\Program Files\\Maxthon3\\Modules\\MxMiniThunder\\ThunderMini.exe"=
"C:\\Program Files\\Maxthon3\\Bin\\Maxthon.exe"=
"C:\\Program Files\\Maxthon3\\Bin\\MxUp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 mdf15;mdf15;C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys [7/25/2010 12:00:26 PM 12800]
R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys [5/25/2006 12:33:14 AM 10240]
R1 tvtumon;tvtumon;C:\WINDOWS\system32\drivers\tvtumon.sys [5/10/2008 6:35:48 AM 46144]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/05 18:35:52];C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [3/13/2010 12:58:52 PM 87536]
R2 FNF5SVC;Fn+F5 Service;C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe [9/11/2008 12:34:12 PM 54560]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [8/13/2010 10:01:22 PM 217088]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [4/22/2012 11:51:04 PM 654408]
R2 TVT Backup Protection Service;TVT Backup Protection Service;C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [11/25/2008 4:19:02 AM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/10/2008 6:35:46 AM 360448]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [8/13/2010 10:01:22 PM 36640]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\WINDOWS\system32\drivers\IntcHdmi.sys [7/13/2009 11:23:19 AM 116224]
R3 JMCR;JMCR;C:\WINDOWS\system32\drivers\jmcr.sys [7/13/2009 11:18:55 AM 97536]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [4/22/2012 11:51:03 PM 22344]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\drivers\NETwNx32.sys [4/1/2012 8:50:07 PM 7477120]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\drivers\tvti2c.sys [2/23/2008 4:39:40 AM 37312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16:28 PM 130384]
S2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files\Hotspot Shield\bin\hsswd.exe [1/9/2010 5:27:42 AM 285744]
S2 MSR Service;Virtual Disk Service Manager;C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe [7/25/2010 12:00:26 PM 114688]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 9:03:10 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 9:01:04 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 9:00:58 PM 166384]
S2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [2/15/2012 1:30:18 PM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 8:51:29 PM 253088]
S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [7/31/2011 7:18:45 AM 2428968]
S3 cpudrv;cpudrv;C:\Program Files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08:34 AM 11336]
S3 dgderdrv;dgderdrv;C:\WINDOWS\system32\drivers\dgderdrv.sys [4/9/2012 6:20:01 PM 20032]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Documents and Settings\Sakush\Desktop\everest\Everest_Ultimate_Build_2253\kerneld.wnt --> C:\Documents and Settings\Sakush\Desktop\everest\Everest_Ultimate_Build_2253\kerneld.wnt [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 9:03:02 PM 313840]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 9:00:24 PM 1120752]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [4/9/2012 9:18:19 PM 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [4/9/2012 9:18:20 PM 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [4/9/2012 9:18:20 PM 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;C:\WINDOWS\system32\drivers\ss_bserd.sys [4/9/2012 9:18:20 PM 100224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16:28 PM 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FSUSBEXDISK

Contents of the 'Scheduled Tasks' folder

2012-04-23 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:06:29 . 2012-04-22 19:42:43]

2012-04-12 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2955907764-2073543447-3033106246-1008Core.job
- C:\Documents and Settings\Sakush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-31 04:25:10 . 2011-07-31 04:25:09]

2012-04-23 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2955907764-2073543447-3033106246-1008UA.job
- C:\Documents and Settings\Sakush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-31 04:25:10 . 2011-07-31 04:25:09]

2012-03-13 C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
- C:\Program Files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32:44 . 2008-12-12 23:32:44]


------- Supplementary Scan -------

uStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
IE: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Documents and Settings\Sakush\Application Data\Mozilla\Firefox\Profiles\e7xrt2jw.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false




I get a weird looking picture when I look at my computer's properties. I have attached the picture with this post.I have highlighted it by making a red box.

Attached Thumbnails

  • sov.JPG

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
That's the log we needed. It shows the files we told it to remove are gone. Don't know why it won't run to the end now.



I've never seen where a virus writer was so vain before. If you google the name sovit tamrakar you will find his blog where he admits it:

http://sovitt.com.np...us-who-do-this/

Apparently it creates files called:

sovittamrakar.vbs
sovittamrakar.txt
sovittamrakar.bmp
readme.htm

These will be hidden files so you need to make sure you can see them:

Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.


Now search the C:\ drive for All Files and Folders, Under Advanced options make sure you have Hidden and System checked,have it look for sovittamrakar

If you find the

sovittamrakar.vbs file, right click on it and EDIT (DON'T OPEN it) and copy and paste it into a Reply. After you do that you can delete it.
You can delete any other files which start with sovittamrakar.

Also look for readme.htm and rename it to readme.txt then attach it.


You also have a file called C:\WINDOWS\winstart.bat

Could you right click on it and EDIT (Don't OPEN it) and then copy and paste the text in it into a reply? After you do that you can delete it.

Sophos says it creates these files:

c:\Documents and Settings\Sakush\Application Data\dxdlls\dxdlg.exe
c:\Documents and Settings\Sakush\Application Data\dxdlls\wproxp.exe
c:\Documents and Settings\Sakush\Application Data\dxdlls\sovittamrakar.bmp
c:\Documents and Settings\Sakush\Application Data\dxdlls\imapdd.dll
c:\Documents and Settings\Sakush\Application Data\dxdlls\boot.vbs
c:\Documents and Settings\Sakush\Application Data\dxdlls\imapdb.dll
c:\Documents and Settings\Sakush\Application Data\dxdlls\imapde.dll
c:\Documents and Settings\Sakush\Application Data\dxdlls\ActMon.ini
c:\Documents and Settings\Sakush\Application Data\dxdlls\imapd.exe
c:\Documents and Settings\Sakush\Application Data\dxdlls\imapdb.exe
c:\Documents and Settings\Sakush\Application Data\dxdlls\readme.html
c:\Documents and Settings\Sakush\Application Data\dxdlls\imapdc.dll

and is run by

C:\WINDOWS\system32\boot.vbs
If you have a folder at: c:\Documents and Settings\Sakush\Application Data\dxdlls then delete it.

If you find

C:\WINDOWS\system32\boot.vbs

then right click and EDIT (do not OPEN it) and copy and paste it into a reply. After you do that you can delete it.
  • 0

#13
Steven Burnish

Steven Burnish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I searched for sovittamrakar as you mentioned, I found the following files

1) Located this at Temporary Internet Files
http://geekstogo.us.intellitxt.com/v4/chunk?ck=21167:cf8cab48460f09022fa4199cd4a4f52c:619C7FE2D1F8472B82D5F5234A824609:&cn=23&cd=%3A224%2Cc%3A%22O33%20-%20MountPoints2%5C%5C19b77e2a-2e63-11df-98a6-001e652f4cc6%5C%5CShell%5C%5Cexplore%5C%5CCommand%20-%20%5C%22%5C%22%20%3D%20sovittamrakar.exe%22%7D%2C%7Bt%3A%22std%22%2Cp%3A1%2Cn%3A225%2Cc%3A%22O33%20-%20MountPoints2%5C%5C19b77e2a-2e63-11df-98a6-001e652f4cc6%5C%5CShell%5C%5Copen%5C%5CCommand%20-%20%5C%22%5C%22%20%3D%20sovittamrakar.exe%22%7D%2C%7Bt%3A%22std%22%2Cp%3A1%2Cn%3A226%2Cc%3A%22O33%20-%20MountPoints2%5C%5C355e9736-1609-11df-989b-001e652f4cc6%5C%5CShell%5C%5CAutoRun%5C%5Ccommand%20-%20%5C%22%5C%22%20%3D%20G%3A%5C%5Csovittamrakar.exe%22%7D%2C%7Bt%3A%22std%22%2Cp%3A1%2Cn%3A227%2Cc%3A%22O33%20-%20MountPoints2%5C%5C355e9736-1609-11df-989b-001e652f4cc6%5C%5CShell%5C%5Cexplore%5C%5CCommand%20-%20%5C%22%5C%22%20%3D%20G%3A%5C%5Csovittamrakar.exe%22%7D%2C%7Bt%3A%22std%22%2Cp%3A1%2Cn%3A228%2Cc%3A%22O33%20-%20MountPoints2%5C%5C355e9736-1609-11df-989b-001e652f4cc6%5C%5CShell%5C%5Copen%5C%5CCommand%20-%20%5C%22%5C%22%20%3D%20G%3A%5C%5Csovittamrakar.exe%22%7D%2C%7Bt%3A%22std%22%2Cp%3A1%2Cn%3A229%2Cc%3A%22O33%20-%20MountPoints2%5C%5C3b9af8e2-9a9c-11de-982a-001e652f4cc6%5C%5CShell%5C%5CAuto%5C%5CCommand%20-%20%5C%22%5C%22%20%3D%20wscript.exe%20killvirus.vbs%22%7D%2C%7Bt%3A%22std%22%2Cp%3A1%2Cn%3A230%2Cc%3A%22O33%20-%20MountPoints2%5C%5C3b9af8e2-9a9c-11de-982a-001e652f4cc6%5C%5CShell%5C%5CAutoRun%5C%5Ccommand%20-%20%5C%22%5C%22%20%3D%20wscript.exe%20killvirus.vbs%22%7D%2C%7Bt%3A%22std%22%2Cp%3A1%2Cn%3A231%2Cc%3A%22O33%20-%20MountPoints2%5C%5C3b9af8e2-9a9c-11de-982a-001e652f4cc6%5C%5CShell%5C%5CExplore%5C%5CCommand%20-%20%5C%22%5C%22%20%3D%20wscript.exe%20killvirus.vbs%22%7D%2C%7Bt%3A%22std%22%2Cp%3A1%2Cn%3A232%2Cc%3A%22O33%20-%20MountPoints2%5C%5C3b9af8e2-9a9c-11de-982a-001e652f4cc6%5C%5CShell%5C%5CFind%5C%5CCommand%20-%20%5C%22%5C%22%20%3D%20wscript.exe%20killvirus.vbs%22%7D%2C%7Bt%3A%22std%22%2Cp%3A1%2Cn%3A233%2Cc%3A%22O33%20-%20MountP&jscallback=$iTXT.js.callback24

2) Located at C:\Program Files\USB Disk Security\Quarantine
sovittamrakar.exe.zb

3) Located at C:\Qoobox\Quarantine\C\Documents and Settings\Sakush\Application Data\dxdlls
sovittamrakar.bmp.vir




I did find C:\Winows\winstart.bat
I right clicked and Edit. It opened a notepad file but the file was empty without any text or characters. Should I delete it now?

I could not find C:\Windows\System32\boot.vbs My setting was the same as you asked to when i carried the search on sovittamrakar (ie all hidden files enabled)


I could not find C:\Documents and Settings\Sakush\Appication Data\dxdlls (settings same as above)

Edited by Steven Burnish, 24 April 2012 - 11:33 AM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Yes, Delete winstart.bat.

Also delete the entry in Temporary Internet Files.

The other two can be deleted too but it looks like they have already been removed by combofix and usb disk security.

Copy the next line:

reg delete "HKEY_CURRENT_USER\Software\WinRAR SFX"
reg delete "HKCU\Software\Microsoft\Internet Explorer\Main"
HKCU\Software\Microsoft\Internet Explorer\Main

Start, Run, cmd, OK then right click and Paste or Edit then paste and the copied line should appear. Hit Enter.



Looking back at your earlier posts I see that the first run of Combofix took out the

c:\documents and settings\Sakush\Application Data\dxdlls

folder. It also removed:
c:\windows\system32\imapd.exe
c:\windows\system32\imapdb.exe
c:\windows\system32\imapdd.dll

which are also components mentioned in Sophos's article on this infection:

The original OTL run showed that your F:\ drive was terribly infected. (Could be you have several USB drives and each one has something different). One of the infections was our friend sovittamrakar which was removed with OTL.



Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
You might want to install AutoRun Eater v2.5
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC.



Copy the text in the code box by highlighting and Ctrl + c

:reg
[-HKEY_CURRENT_USER\Software\WinRAR SFX]
[-HKCU\Software\Microsoft\Internet Explorer\Main]
[-HKCU\Software\Microsoft\Internet Explorer\Main]
     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Go back into your computer's properties and right click on the picture that you put the red line around (if it is still there). See if it lets you check the properties or tells you what the picture is called or where it lives.


EDIT: Just found a clue on how the picture works. See if you can find the file
C:\WINDOWS\System32\OEMINFO.INI

Attach it to your reply. If the forum won't take it then right click and rename it to oeminfo.txt then attach it.
  • 0

#15
Steven Burnish

Steven Burnish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I deleted winstart.bat

I also deleted that particular Temp Internet File


I ran cmd promt with the text as you mentioned.

I Downloaded Flash_Disinfector.exe by sUBs and carried out the procedrues you mentioned

I carried out OTL Scans twice. The comp restarts but no log is created :S

I cant click on the picture, but when i click on "Support Information" it opens a window that shows [email protected]


YES I found C:\WINDOWS\System32\OEMINFO.INI
and other files with similar names
oembios.bin
oembios.dat
oembios.sig
OEMINFO.INI
OEMLOGO.BMP (this one is the picture of that guy i get on my properties)


I tried uploading the .ini file but got "Error You aren't permitted to upload this kind of file"
So im uploadin .txt

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP